Improper Output Neutralization for Logs in Splunk Security Orchestration, Automation and Response (SOAR) - CVE-2026-20260
Published: June 12, 2026
Vulnerability identifier: #VU134464
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-20260
CWE-ID: CWE-117
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Splunk Inc.
Affected software:
Splunk Security Orchestration, Automation and Response (SOAR)
Splunk Security Orchestration, Automation and Response (SOAR)
Detailed vulnerability description
The vulnerability allows a remote attacker to inject ANSI escape codes into application log files.
The vulnerability exists due to improper output neutralization for logs in HTTP request path handling when processing specially crafted HTTP request paths. A remote attacker can send a specially crafted request path to inject ANSI escape codes into application log files.
User interaction is required when an administrator views the logs in a terminal emulator that interprets the injected escape codes.
How to mitigate CVE-2026-20260
Install security update from vendor's website.