CVE-2026-20164 | Splunk Enterprise/Cloud Platform REST API Endpoint conf-passwords Password information disclosure (SVD-2026-0303)

A vulnerability categorized as problematic has been discovered in Splunk Enterprise and Cloud Platform. The impacted element is an unknown function of the file /splunkd/__raw/servicesNS/-/-/configs/conf-passwords of the component REST API Endpoint. Such manipulation of the argument Password leads to information disclosure.

This vulnerability is documented as CVE-2026-20164. The attack can be executed remotely. There is not any exploit available.

It is advisable to upgrade the affected component.VulDB Recent EntriesRead More