In Splunk Enterprise versions below 10.4.1, 10.2.5, 10.0.8, 9.4.13, and 9.3.14, and Splunk Cloud Platform versions below 10.5.2605.0, 10.4.2604.6, 10.2.2510.18, and 10.1.2507.24, a user who holds a role that contains the `edit_local_apps` and `install_apps` capabilities could cause a legitimate app installation to write files outside the intended app directory, into `$SPLUNK_HOME/etc/` and its subdirectories.<br><br>The vulnerability is caused by a path traversal in the app installation workflow, which does not restrict the installation path to the intended app directory.
Project Subscriptions
Advisories
No advisories yet.
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
| Link | Providers |
|---|---|
| https://advisory.splunk.com/advisories/SVD-2026-0703 |
|
History
Thu, 16 Jul 2026 01:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Splunk
Splunk splunk Cloud Platform Splunk splunk Enterprise |
|
| Vendors & Products |
Splunk
Splunk splunk Cloud Platform Splunk splunk Enterprise |
Wed, 15 Jul 2026 19:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Wed, 15 Jul 2026 17:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | In Splunk Enterprise versions below 10.4.1, 10.2.5, 10.0.8, 9.4.13, and 9.3.14, and Splunk Cloud Platform versions below 10.5.2605.0, 10.4.2604.6, 10.2.2510.18, and 10.1.2507.24, a user who holds a role that contains the `edit_local_apps` and `install_apps` capabilities could cause a legitimate app installation to write files outside the intended app directory, into `$SPLUNK_HOME/etc/` and its subdirectories.<br><br>The vulnerability is caused by a path traversal in the app installation workflow, which does not restrict the installation path to the intended app directory. | |
| Title | Path Traversal through 'explicit_appname' in the App Install REST Endpoint in Splunk Enterprise | |
| Weaknesses | CWE-22 | |
| References |
| |
| Metrics |
cvssV3_1
|
Projects
Sign in to view the affected projects.
Status: PUBLISHED
Assigner: cisco
Published:
Updated: 2026-07-15T18:10:35.679Z
Reserved: 2025-10-08T11:59:15.407Z
Link: CVE-2026-20297
Updated: 2026-07-15T18:10:31.975Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-16T01:00:04Z
Weaknesses