CVE-2026-20166

Sensitive Information Disclosure in Discover Splunk Observability Cloud app for Splunk Enterprise

Description

In Splunk Enterprise versions below 10.2.1 and 10.0.4, and Splunk Cloud Platform versions below 10.2.2510.5, 10.1.2507.16, and 10.0.2503.12, a low-privileged user that does not hold the "admin" or "power" Splunk roles could retrieve the Observability Cloud API access token through the Discover Splunk Observability Cloud app due to improper access control. This vulnerability does not affect Splunk Enterprise versions below 9.4.9 and 9.3.10 because the Discover Splunk Observability Cloud app does not come with Splunk Enterprise.

INFO

Published Date :

2026-03-11T16:18:17.121Z

Last Modified :

2026-03-12T16:19:30.880Z

Source :

cisco

AFFECTED PRODUCTS

The following products are affected by CVE-2026-20166 vulnerability.

Vendors	Products
Splunk	Splunk Splunk Cloud Platform Splunk Enterprise

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-20166.

URL	Resource
https://advisory.splunk.com/advisories/SVD-2026-0305

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact