Vulnerability Description
In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.8, and 9.2.11, and Splunk Cloud Platform versions below 10.2.2510.0, 10.1.2507.11, 10.0.2503.9, and 9.3.2411.120, a user of a Splunk Search Head Cluster (SHC) deployment who holds a role with access to the the Splunk _internal index could view the Security Assertion Markup Language (SAML) configurations for Attribute query requests (AQRs) or Authentication extensions in plain text within the conf.log file, depending on which feature is configured.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Splunk | Splunk | >= 9.2.0, < 9.2.11 |
| Splunk | Splunk Cloud Platform | >= 9.3.2411, < 9.3.2411.120 |
Related Weaknesses (CWE)
References
- https://advisory.splunk.com/advisories/SVD-2026-0209Vendor Advisory
FAQ
What is CVE-2026-20144?
CVE-2026-20144 is a vulnerability with a CVSS score of 6.8 (MEDIUM). In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.8, and 9.2.11, and Splunk Cloud Platform versions below 10.2.2510.0, 10.1.2507.11, 10.0.2503.9, and 9.3.2411.120, a user of a Splunk Sear...
How severe is CVE-2026-20144?
CVE-2026-20144 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-20144?
Check the references section above for vendor advisories and patch information. Affected products include: Splunk Splunk, Splunk Splunk Cloud Platform.