Multiple vulnerabilities in Splunk products, including Splunk Enterprise, Splunk Cloud Platform, and Splunk AI Toolkit, allow a remote attacker to trigger security restriction bypasses, information disclosure, and denial of service conditions. Affected versions include Splunk Enterprise below 10.2.2, 10.0.5, 9.4.11, and 9.3.12, Splunk Cloud Platform below several specified versions, and Splunk AI Toolkit below 5.7.3. The vendor has issued fixes; administrators must apply the patches detailed in the provided advisories.
Multiple vulnerabilities were identified in Splunk products. A remote attacker could exploit some of these vulnerabilities to trigger sensitive information disclosure, security restriction bypass and denial of service condition on the targeted system. Impact Security Restriction Bypass Information Disclosure Denial of Service System / Technologies affected Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.11 and 9.3.12 Splunk Cloud Platform versions below 10.4.2603.1, 10.3.2512.8, 10.3.2512.9, 10.2.2510.11, 10.1.2507.21, 10.0.2503.13 and 9.3.2411.129 Splunk AI Toolkit versions below 5.7.3 Solutions Before installation of the software, please visit the vendor web-site for more details. Apply fixes issued by the vendor: https://advisory.splunk.com/advisories/SVD-2026-0502 https://advisory.splunk.com/advisories/SVD-2026-0503 https://advisory.splunk.com/advisories/SVD-2026-0504