#VU123090 Inclusion of Sensitive Information in Log Files in Splunk Enterprise - CVE-2026-20144
Published: February 19, 2026
Vulnerability identifier: #VU123090
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2026-20144
CWE-ID: CWE-532
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vulnerable software:
Splunk Enterprise
Splunk Enterprise
Software vendor:
Splunk Inc.
Splunk Inc.
Description
The vulnerability allows a remote user to gain access to sensitive information.
The vulnerability exists due to software stores sensitive information into log files in splunkd. A remote user who holds a role with access to the Splunk _internal index could view the Security Assertion Markup Language (SAML) configurations for “Attribute query requests” (AQRs) or “Authentication extensions” in plain text within the conf.log file.
Remediation
Install updates from vendor's website.