vulnerability
Splunk: CVE-2024-36990: Denial of Service (DoS) on the datamodel/web REST endpoint
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:L/Au:S/C:N/I:N/A:C) | Jul 1, 2024 | Apr 7, 2025 | Oct 31, 2025 |
Severity
7
CVSS
(AV:N/AC:L/Au:S/C:N/I:N/A:C)
Published
Jul 1, 2024
Added
Apr 7, 2025
Modified
Oct 31, 2025
Description
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.2.2403.100, an authenticated, low-privileged user that does not hold the “admin” or “power” Splunk roles could send a specially crafted HTTP POST request to the datamodel/web REST endpoint in Splunk Enterprise, potentially causing a denial of service.The DoS could result from a condition where a data model definition contains a cyclic dependency. That dependency could lead to an infinite loop, which leads to a stack overflow and the subsequent crash of the Splunk daemon.
Solution
splunk-upgrade-latest
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.