vulnerability
Splunk: CVE-2022-26889: Path Traversal in search parameter results in external content injection
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:H/Au:N/C:P/I:P/A:P) | May 3, 2022 | Apr 7, 2025 | Oct 8, 2025 |
Severity
5
CVSS
(AV:N/AC:H/Au:N/C:P/I:P/A:P)
Published
May 3, 2022
Added
Apr 7, 2025
Modified
Oct 8, 2025
Description
In Splunk Enterprise versions before 8.1.2, the uri path to load a relative resource within a web page is vulnerable to path traversal. It allows an attacker to potentially inject arbitrary content into the web page (e.g., HTML Injection, XSS) or bypassSPL safeguards for risky commands. The attack is browser-based. An attacker cannot exploit the attack at will and requires the attacker to initiate a request within the victim’s browser (e.g., phishing). The vulnerability impacts instances with Splunkweb enabled. SeeDisable unnecessary Splunk Enterprise componentsandweb.conffor more information on disabling Splunkweb.
Solution
splunk-upgrade-latest
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.