CVE-2026-20163 | Splunk Enterprise/Cloud Platform REST Endpoint preview unarchive_cmd command injection (SVD-2026-0302)

A vulnerability classified as critical has been found in Splunk Enterprise and Cloud Platform. Affected by this issue is some unknown functionality of the file /splunkd/__upload/indexing/preview of the component REST Endpoint. This manipulation of the argument unarchive_cmd causes command injection.

This vulnerability is handled as CVE-2026-20163. The attack can be initiated remotely. There is not any exploit available.

It is recommended to upgrade the affected component.VulDB Recent EntriesRead More