Splunk
Easy fix5 remedies
cpe:2.3:a:splunk:splunk:*:*:*:*:*:*:*
Easy fix5 remedies
- >= 10.0.0, <= 10.0.3
- >= 9.4.0, <= 9.4.8
- >= 9.3.0, <= 9.3.9
Splunk Remote Command Execution Vulnerability via the REST API
Vulnerability
Patched
A remote command execution vulnerability has been identified in Splunk Enterprise and Splunk Cloud Platform. In Splunk Enterprise versions prior to 10.2.0, 10.0.4, 9.4.9, and 9.3.10, as well as in Splunk Cloud Platform versions prior to 10.2.2510.5, 10.0.2503.12, 10.1.2507.16, and 9.3.2411.124, users with the high-privilege capability 'edit_cmd' can execute arbitrary shell commands. This is achieved by using the 'unarchive_cmd' parameter on the '/splunkd/__upload/indexing/preview' REST endpoint'. The vulnerability arises from inadequate input sanitization when previewing uploaded files before they are indexed.
Impact
Exploitation of this vulnerability allows for arbitrary shell command execution on the server where Splunk is running.
Remediation
Users can upgrade to Splunk Enterprise versions 10.2.0, 10.0.4, 9.4.9, 9.3.10 or to the respective fixed versions in Splunk Cloud Platform. If an immediate upgrade is not possible, the high-privilege capability 'edit_cmd' can be removed from the user's role.
Added: Mar 11, 2026, 5:26 PM
Updated: Mar 11, 2026, 5:26 PM
Vulnerability Rating
Custom Algorithm
spread
5.0impact
10.0exploitability
4.8remediation
8.3relevance
3.8threat
0.0urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.