Introduction
A low privileged Splunk user can turn the platform's own Dashboard Studio PDF export feature into an internal network scanner, reaching arbitrary services behind the firewall without needing admin or power role credentials. For organizations running Splunk as their primary SIEM, this means the security monitoring infrastructure itself becomes a potential pivot point for server side request forgery.
CVE-2026-20252 carries a CVSS 7.6 (High) rating and affects a broad range of Splunk Enterprise and Splunk Cloud Platform versions. What makes this vulnerability particularly interesting is its dual bypass mechanism: two independent flaws in domain validation logic that can each be exploited separately to circumvent the allowlist protecting the PDF export service. Splunk has published no workarounds, making version upgrade the sole official remediation.
Technical Information
Root Cause: Flawed Domain Validation in PDF Export
CVE-2026-20252 is classified under CWE-918 (Server-Side Request Forgery), a weakness category that OWASP elevated to its own Top 10 entry (A10) in 2021, noting 9,503 occurrences and 385 mapped CVEs at the time. The vulnerability sits in the Dashboard Studio PDF export feature within Splunk Web. When a user triggers a PDF export of a dashboard, the Splunk server initiates outbound HTTP requests to render the dashboard content. The server validates the target URL against an allowlist of trusted domains before making the request. However, the validation logic contains two distinct flaws that an attacker can exploit independently or in combination.
Bypass Mechanism 1: Prefix Match Allowlist Bypass
The trusted domain validation uses a prefix match rather than an exact domain match or proper suffix match. This means the server checks whether the requested URL's domain starts with a trusted domain string, rather than verifying that the domain is the trusted domain or a legitimate subdomain of it.
An attacker can register a domain where the trusted domain appears as a prefix. For example, if docs.splunk.com is on the allowlist, the attacker registers docs.splunk.com.evil.com. The prefix check sees that the string begins with docs.splunk.com and passes validation. The actual DNS resolution, however, resolves to the attacker's infrastructure at evil.com.
This is a well known class of URL validation error. Proper domain validation requires checking that the domain either exactly matches the allowlist entry or that the character immediately preceding the match is a dot (indicating a legitimate subdomain relationship), and that the match extends to the end of the domain string.
Bypass Mechanism 2: Redirect Following Without Re-Validation
The PDF export service follows HTTP 3xx redirect responses automatically. Critically, it does not re-validate each redirect target against the allowlist. This means an attacker who can place content at an initially allowed URL (or who combines this with the prefix match bypass) can issue a redirect to any arbitrary destination, including internal network addresses.
The server will follow the redirect and make a request to the new target without checking whether it is permitted. This effectively renders the allowlist meaningless for any URL that returns a redirect response.
Attack Flow
A practical exploitation sequence proceeds as follows:
-
An attacker authenticates to Splunk with a low privilege account (any role below "admin" or "power" is sufficient).
-
The attacker navigates to Dashboard Studio and initiates a PDF export, injecting a crafted URL into the export request. The URL is constructed to bypass the prefix match check, for example:
docs.splunk.com.evil.com. -
The Splunk server's domain validation logic performs a prefix match against the allowlist. The attacker's domain passes because it begins with the trusted string
docs.splunk.com. -
The Splunk server sends an HTTP request to the attacker controlled domain. The attacker's server responds with an HTTP 302 redirect pointing to an internal target, such as
http://169.254.169.254/latest/meta-data/(a cloud provider metadata endpoint) orhttp://internal-api:8080/admin/config. -
The PDF export service follows the redirect without re-validating the new destination against the allowlist. It retrieves the response from the internal service.
-
The response content, or information derived from it, becomes observable through the PDF export result or associated error messages, allowing the attacker to exfiltrate data from internal services that would otherwise be unreachable from their network position.
CVSS Vector Breakdown
The CVSSv3.1 vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L tells us several important things about the exploitability and impact:
| Component | Value | Meaning |
|---|---|---|
| Attack Vector | Network | Exploitable remotely over the network |
| Attack Complexity | Low | No special conditions or race conditions required |
| Privileges Required | Low | Any authenticated non-admin, non-power user |
| User Interaction | None | No victim action needed |
| Scope | Unchanged | Impact stays within the vulnerable component |
| Confidentiality | High | Attacker can read responses from internal services |
| Integrity | Low | Limited modification capability |
| Availability | Low | Limited disruption potential |
The High confidentiality rating is the most significant impact dimension. In enterprise Splunk deployments, the server typically has network access to numerous internal services for log collection and data ingestion. An SSRF from this position can reach services that are otherwise protected by network segmentation, including cloud metadata endpoints, internal APIs, and management interfaces.
The Paradox of SSRF in SIEM Infrastructure
The strategic significance of this vulnerability extends beyond a typical SSRF finding. Splunk servers, by design, occupy a privileged network position with broad connectivity to collect logs from across the enterprise. An SSRF vulnerability in the SIEM platform means the security monitoring tool itself becomes the attack vector. The server that is supposed to detect threats is being used to probe the internal network, creating a blind spot where the attacker's reconnaissance activity originates from a trusted source.
Affected Systems and Versions
The following table details all affected and fixed versions based on the Splunk advisory and NVD data:
| Product | Affected Version Range | Fixed Version |
|---|---|---|
| Splunk Enterprise | 10.2.0 through 10.2.3 | 10.2.4 |
| Splunk Enterprise | 10.0.0 through 10.0.6 | 10.0.7 |
| Splunk Enterprise | 9.4.0 through 9.4.11 | 9.4.12 |
| Splunk Enterprise | 9.3.0 through 9.3.12 | 9.3.13 |
| Splunk Enterprise | 10.4.0 | Not affected |
| Splunk Cloud Platform | Below 10.4.2604.3 | 10.4.2604.3 |
| Splunk Cloud Platform | Below 10.3.2512.12 | 10.3.2512.12 |
| Splunk Cloud Platform | Below 10.2.2510.14 | 10.2.2510.14 |
| Splunk Cloud Platform | Below 10.1.2507.22 | 10.1.2507.22 |
| Splunk Cloud Platform | Below 9.3.2411.132 | 9.3.2411.132 |
Splunk states it is "actively monitoring and patching Splunk Cloud Platform instances," so SaaS customers may already be protected. On premises customers bear full responsibility for upgrading.
The advisory explicitly notes that no workarounds or mitigations are available from Splunk. Organizations that cannot immediately upgrade should consider the following compensating controls:
Egress filtering: Restrict outbound HTTP/HTTPS traffic from the Splunk server to only explicitly required destinations. Block connections to cloud metadata endpoints (169.254.169.254), internal API services, and other sensitive internal addresses.
Proxy level redirect blocking: If the Splunk server routes PDF export requests through an outbound proxy, configure the proxy to strip or block HTTP 3xx redirect responses. This neutralizes the redirect based bypass but does not address the prefix match flaw.
Network segmentation: Ensure the Splunk server sits on a network segment with minimal access to sensitive internal services, limiting the blast radius of any SSRF exploitation.
RBAC restriction of PDF export: Consider restricting the Dashboard Studio PDF export feature to users holding the "admin" or "power" roles only, since the vulnerability specifically requires a non-admin, non-power user. This approach is not documented in the official advisory and should be tested before deployment.
Monitoring: Watch for anomalous outbound HTTP connections originating from the Splunk server process, particularly those targeting internal IP ranges, metadata endpoints, or domains with suspicious subdomain patterns such as *.splunk.com.evil.com.
Vendor Security History
CVE-2026-20252 fits into a recurring pattern of SSRF vulnerabilities in Splunk products. This is at least the third such disclosure:
-
CVE-2023-22936: An SSRF vulnerability affecting authenticated users in Splunk Enterprise.
-
CVE-2025-20371: A blind SSRF through Distributed Search Peers in Splunk Enterprise, allowing the server to send requests to unintended destinations.
-
CVE-2026-20252: The current SSRF through Dashboard Studio PDF export, featuring two distinct bypass mechanisms.
Each of these vulnerabilities targets a different Splunk feature (general authenticated endpoints, Distributed Search Peers, Dashboard Studio PDF export), which suggests the root cause is not a single code path but rather an architectural pattern of insufficient URL and redirect validation across the codebase.
Beyond SSRF, the Splunk advisory archive reveals a steady cadence of security disclosures across multiple vulnerability classes. Recent 2026 advisories include denial of service through coldToFrozen.sh (CVE-2026-20240), sensitive information disclosure through log files (CVE-2026-20239), improper access control through role inheritance (CVE-2026-20238), and information disclosure in the _internal index (CVE-2026-20205). Splunk also publishes a substantial volume of third party package update advisories, indicating active monitoring of supply chain dependencies.
Since Cisco's acquisition of Splunk closed in 2024, vulnerability disclosures now flow through Cisco's Product Security Incident Response Team (PSIRT), as confirmed by the [email protected] source identifier on this CVE.
Threat Intelligence Context
As of the disclosure date (June 10, 2026), there is no publicly available evidence that CVE-2026-20252 is being actively exploited in the wild. The vulnerability was responsibly disclosed by researcher M Mahdan Argya Syarif (0xbeludan) through coordinated disclosure, rather than being discovered as a zero day under active attack. No CISA KEV catalog entries, threat intelligence reports, or security vendor alerts were found indicating in the wild exploitation.
However, several factors suggest the window between disclosure and potential weaponization could be narrow:
The attack complexity is rated Low, and the prefix match bypass is straightforward to construct (register a domain like trusted-domain.attacker.com). Redirect based SSRF exploitation is a well documented technique with extensive public tooling and documentation.
Splunk deployments are high value targets. They typically contain sensitive security logs, compliance data, and operational telemetry. A successful SSRF from a Splunk server provides access to internal services from a network position that is often broadly trusted.
The existence of two prior Splunk SSRF vulnerabilities means that researchers and threat actors have already studied Splunk's URL handling patterns, potentially lowering the barrier to developing exploits for this new variant.
No specific threat actors or APT groups have been linked to this CVE. No proof of concept exploit code has been publicly identified at this time.
References
- NVD Entry for CVE-2026-20252
- SVD-2026-0602: Splunk Vulnerability Disclosure Advisory
- Splunk Security Advisories Portal
- Splunk Security Advisories Archive
- CWE-918: Server-Side Request Forgery (SSRF)
- OWASP Top 10:2021 A10 Server-Side Request Forgery
- SVD-2025-1207: Blind SSRF through Distributed Search Peers
- CVE-2025-20371: Splunk Blind SSRF Summary (ZeroPath)
- CVE-2025-20371: Splunk Enterprise SSRF Vulnerability (SentinelOne)
- Splunk Named #1 SIEM Provider (IDC 2022 Market Share)
- Cisco to Acquire Splunk Announcement
- PortSwigger: What is SSRF?
- Splunk Security Advisories Notification Portal



