Main Vulnerability Database Vulnerabilities #VU132089

Input validation error in Splunk Enterprise - CVE-2026-20240

Published: May 21, 2026

Vulnerability identifier: #VU132089

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2026-20240

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Splunk Inc.

Affected software:
Splunk Enterprise

Detailed vulnerability description

The vulnerability allows a remote user to cause a denial of service.

The vulnerability exists due to improper input validation in coldToFrozen.sh script in the splunk_archiver app when processing user-supplied file paths. A remote user can supply arbitrary file paths to rename critical Splunk directories to cause a denial of service.

Only users that do not hold the admin or power Splunk roles can exploit this issue, and instances that do not use the Splunk Archiver app are not impacted.

How to mitigate CVE-2026-20240

Install security update from vendor's website.

Sources

https://advisory.splunk.com/advisories/SVD-2026-0504

Input validation error in Splunk Enterprise - CVE-2026-20240

Detailed vulnerability description

How to mitigate CVE-2026-20240

Sources

Please verify you're human