Main Vulnerability Database Vulnerabilities #VU126412

Improper access control in Splunk Enterprise - CVE-2026-20203

Published: April 17, 2026

Vulnerability identifier: #VU126412

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2026-20203

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Splunk Inc.

Affected software:
Splunk Enterprise

Detailed vulnerability description

The vulnerability allows a remote user to modify Data Model Acceleration settings.

The vulnerability exists due to improper access control in the REST API when handling requests to turn Data Model Acceleration on or off. A remote user can send a request to enable or disable Data Model Acceleration to modify Data Model Acceleration settings.

The issue requires write permission on the app, and the vulnerable user does not need the accelerate_datamodel capability or the admin or power Splunk roles.

How to mitigate CVE-2026-20203

Install security update from vendor's website.

Sources

https://advisory.splunk.com/advisories/SVD-2026-0402

Improper access control in Splunk Enterprise - CVE-2026-20203

Detailed vulnerability description

How to mitigate CVE-2026-20203

Sources

Please verify you're human