vulnerability
Splunk: CVE-2024-36989: Low-privileged user could create notifications in Splunk Web Bulletin Messages
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:S/C:P/I:C/A:N) | Jul 1, 2024 | Apr 7, 2025 | Mar 25, 2026 |
Severity
8
CVSS
(AV:N/AC:L/Au:S/C:P/I:C/A:N)
Published
Jul 1, 2024
Added
Apr 7, 2025
Modified
Mar 25, 2026
Description
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200, a low-privileged user that does not hold the “admin” or “power” Splunk roles could create notifications in Splunk Web Bulletin Messages that all users on the instance receive.This could be the result of a lack of access control for using the Bulletin Messages system to send notifications.It may be possible for the notifications to contain Web links. This could result in administrators navigating to other Web pages or running searches unexpectedly.
Solution
splunk-upgrade-latest
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.