{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-20144", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "state": "PUBLISHED", "assignerShortName": "cisco", "dateReserved": "2025-10-08T11:59:15.384Z", "datePublished": "2026-02-18T16:45:23.674Z", "dateUpdated": "2026-02-18T17:58:36.349Z"}, "containers": {"cna": {"affected": [{"product": "Splunk Enterprise", "vendor": "Splunk", "versions": [{"version": "10.0", "status": "affected", "versionType": "custom", "lessThan": "10.0.2"}, {"version": "9.4", "status": "affected", "versionType": "custom", "lessThan": "9.4.7"}, {"version": "9.3", "status": "affected", "versionType": "custom", "lessThan": "9.3.8"}, {"version": "9.2", "status": "affected", "versionType": "custom", "lessThan": "9.2.11"}]}, {"product": "Splunk Cloud Platform", "vendor": "Splunk", "versions": [{"version": "10.1.2507", "status": "affected", "versionType": "custom", "lessThan": "10.1.2507.11"}, {"version": "10.0.2503", "status": "affected", "versionType": "custom", "lessThan": "10.0.2503.9"}, {"version": "9.3.2411", "status": "affected", "versionType": "custom", "lessThan": "9.3.2411.120"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.8, and 9.2.11, and Splunk Cloud Platform versions below 10.2.2510.0, 10.1.2507.11, 10.0.2503.9, and 9.3.2411.120, a user of a Splunk Search Head Cluster (SHC) deployment who holds a role with access to the the Splunk _internal index could view the Security Assertion Markup Language (SAML) configurations for Attribute query requests (AQRs) or Authentication extensions in plain text within the conf.log file, depending on which feature is configured."}], "value": "In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.8, and 9.2.11, and Splunk Cloud Platform versions below 10.2.2510.0, 10.1.2507.11, 10.0.2503.9, and 9.3.2411.120, a user of a Splunk Search Head Cluster (SHC) deployment who holds a role with access to the the Splunk _internal index could view the Security Assertion Markup Language (SAML) configurations for Attribute query requests (AQRs) or Authentication extensions in plain text within the conf.log file, depending on which feature is configured."}], "references": [{"url": "https://advisory.splunk.com/advisories/SVD-2026-0209"}], "title": "Sensitive Information Disclosure in ''_internal'' index in Splunk Enterprise", "datePublic": "2026-02-18T00:00:00.000Z", "metrics": [{"cvssV3_1": {"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "baseScore": 6.8, "baseSeverity": "MEDIUM"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "cwe", "description": "Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.", "cweId": "CWE-532"}]}], "source": {"advisory": "SVD-2026-0209"}, "providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2026-02-18T16:45:23.674Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-18T17:57:07.001523Z", "id": "CVE-2026-20144", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-18T17:58:36.349Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-20144", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-02-18T17:57:07.001523Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-18T17:58:31.646Z"}}], "cna": {"title": "Sensitive Information Disclosure in ''_internal'' index in Splunk Enterprise", "source": {"advisory": "SVD-2026-0209"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "baseScore": 6.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Splunk", "product": "Splunk Enterprise", "versions": [{"status": "affected", "version": "10.0", "lessThan": "10.0.2", "versionType": "custom"}, {"status": "affected", "version": "9.4", "lessThan": "9.4.7", "versionType": "custom"}, {"status": "affected", "version": "9.3", "lessThan": "9.3.8", "versionType": "custom"}, {"status": "affected", "version": "9.2", "lessThan": "9.2.11", "versionType": "custom"}]}, {"vendor": "Splunk", "product": "Splunk Cloud Platform", "versions": [{"status": "affected", "version": "10.1.2507", "lessThan": "10.1.2507.11", "versionType": "custom"}, {"status": "affected", "version": "10.0.2503", "lessThan": "10.0.2503.9", "versionType": "custom"}, {"status": "affected", "version": "9.3.2411", "lessThan": "9.3.2411.120", "versionType": "custom"}]}], "datePublic": "2026-02-18T00:00:00.000Z", "references": [{"url": "https://advisory.splunk.com/advisories/SVD-2026-0209"}], "descriptions": [{"lang": "en", "value": "In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.8, and 9.2.11, and Splunk Cloud Platform versions below 10.2.2510.0, 10.1.2507.11, 10.0.2503.9, and 9.3.2411.120, a user of a Splunk Search Head Cluster (SHC) deployment who holds a role with access to the the Splunk _internal index could view the Security Assertion Markup Language (SAML) configurations for Attribute query requests (AQRs) or Authentication extensions in plain text within the conf.log file, depending on which feature is configured.", "supportingMedia": [{"type": "text/html", "value": "In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.8, and 9.2.11, and Splunk Cloud Platform versions below 10.2.2510.0, 10.1.2507.11, 10.0.2503.9, and 9.3.2411.120, a user of a Splunk Search Head Cluster (SHC) deployment who holds a role with access to the the Splunk _internal index could view the Security Assertion Markup Language (SAML) configurations for Attribute query requests (AQRs) or Authentication extensions in plain text within the conf.log file, depending on which feature is configured.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "cwe", "cweId": "CWE-532", "description": "Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information."}]}], "providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2026-02-18T16:45:23.674Z"}}}, "cveMetadata": {"cveId": "CVE-2026-20144", "state": "PUBLISHED", "dateUpdated": "2026-02-18T17:58:36.349Z", "dateReserved": "2025-10-08T11:59:15.384Z", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "datePublished": "2026-02-18T16:45:23.674Z", "assignerShortName": "cisco"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.8, and 9.2.11, and Splunk Cloud Platform versions below 10.2.2510.0, 10.1.2507.11, 10.0.2503.9, and 9.3.2411.120, a user of a Splunk Search Head Cluster (SHC) deployment who holds a role with access to the the Splunk _internal index could view the Security Assertion Markup Language (SAML) configurations for Attribute query requests (AQRs) or Authentication extensions in plain text within the conf.log file, depending on which feature is configured."}], "id": "CVE-2026-20144", "lastModified": "2026-02-18T18:24:29.220", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 5.9, "source": "psirt@cisco.com", "type": "Primary"}]}, "published": "2026-02-18T18:24:29.220", "references": [{"source": "psirt@cisco.com", "url": "https://advisory.splunk.com/advisories/SVD-2026-0209"}], "sourceIdentifier": "psirt@cisco.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-532"}], "source": "psirt@cisco.com", "type": "Primary"}]}

{}