CVE-2026-20240

6.5 MEDIUM

In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.11, and 9.3.12, and Splunk Cloud Platform versions below 10.4.2603.1, 10.3.2512.9...

Published: 2026-05-20 · Last updated: 2026-05-21

Severity and scoring

CVSS: 6.5 MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-20

Affected products

Vendor	Product
splunk	splunk, splunk_cloud_platform

Description

In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.11, and 9.3.12, and Splunk Cloud Platform versions below 10.4.2603.1, 10.3.2512.9, 10.2.2510.11, 10.1.2507.21, 10.0.2503.13, and 9.3.2411.129, a low-privileged user that does not hold the ‘admin’ or ‘power’ Splunk roles could cause a Denial of Service by exploiting the `coldToFrozen.sh` script in the `splunk_archiver` app to rename critical Splunk directories, making the instance non-functional.<br><br>The Denial of Service is possible because of missing input validation in the `coldToFrozen.sh` script, which accepts arbitrary file paths and renames them without restricting operations to safe directories.

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-20240
[Vendor advisory]https://advisory.splunk.com/advisories/SVD-2026-0504

Related CVEs

Same vendor

CVE-2026-20239 — In Splunk Enterprise versions below 10.2.2 and 10.0.5, and Splunk Cloud Platform versions below 10.3.2512.8, 10.2.2510.11, 10.1.2507.21, ... (7.5 HIGH)
CVE-2026-20238 — In Splunk AI Toolkit versions below 5.7.3, a low-privileged user that does not hold the 'admin' or 'power' roles could access confidentia... (6.5 MEDIUM)
CVE-2022-27782 — libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reu... (7.5 HIGH)
CVE-2022-27781 — libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.... (7.5 HIGH)
CVE-2022-27775 — An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the conn... (7.5 HIGH)

Same CWE

CVE-2026-49218 — ImageMagick is free and open-source software used for editing and manipulating digital images (7.5 HIGH)
CVE-2024-21944 — Improper input validation for DIMM serial presence detect (SPD) metadata could allow an attacker with physical access, ring0 access on a ... (5.3 MEDIUM)
CVE-2026-48110 — Russh is a Rust SSH client & server library (7.5 HIGH)
CVE-2026-48108 — Russh is a Rust SSH client & server library (5.3 MEDIUM)
CVE-2026-48107 — Russh is a Rust SSH client & server library (6.5 MEDIUM)