#VU126412 Improper access control in Splunk Enterprise - CVE-2026-20203
Published: April 17, 2026
Vulnerability identifier: #VU126412
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-20203
CWE-ID: CWE-284
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Splunk Enterprise
Splunk Enterprise
Software vendor:
Splunk Inc.
Splunk Inc.
Description
The vulnerability allows a remote user to modify Data Model Acceleration settings.
The vulnerability exists due to improper access control in the REST API when handling requests to turn Data Model Acceleration on or off. A remote user can send a request to enable or disable Data Model Acceleration to modify Data Model Acceleration settings.
The issue requires write permission on the app, and the vulnerable user does not need the accelerate_datamodel capability or the admin or power Splunk roles.
Remediation
Install security update from vendor's website.