CVE-2026-20202 - Vulnerability Details - OpenCVE

In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform versions below 10.4.2603.0, 10.3.2512.6, 10.2.2510.10, 10.1.2507.20, 10.0.2503.13, and 9.3.2411.127, a user who holds a role that contains the high-privilege capability `edit_user`could create a specially crafted username that includes a null byte or a non-UTF-8 percent-encoded byte due to improper input validation.<br><br>This could lead to inconsistent conversion of usernames into a proper format for storage and account management inconsistencies, such as being unable to edit or delete affected users.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

No data.

References

Link	Providers
https://advisory.splunk.com/advisories/SVD-2026-0401

History

Wed, 15 Apr 2026 15:30:00 +0000

Type	Values Removed	Values Added
Description		In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform versions below 10.4.2603.0, 10.3.2512.6, 10.2.2510.10, 10.1.2507.20, 10.0.2503.13, and 9.3.2411.127, a user who holds a role that contains the high-privilege capability `edit_user`could create a specially crafted username that includes a null byte or a non-UTF-8 percent-encoded byte due to improper input validation.<br><br>This could lead to inconsistent conversion of usernames into a proper format for storage and account management inconsistencies, such as being unable to edit or delete affected users.
Title		Improper Input Validation during User Account Creation in Splunk Enterprise
Weaknesses		CWE-176
References		https://advisory.splunk.com/advisories/SVD-2026-0401
Metrics		cvssV3_1 `{'score': 6.6, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2026-04-15T15:17:43.871Z

Updated: 2026-04-15T15:17:43.871Z

Reserved: 2025-10-08T11:59:15.397Z

Link: CVE-2026-20202

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-04-15T16:16:34.120

Modified: 2026-04-15T16:16:34.120

Link: CVE-2026-20202

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-20202", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "state": "PUBLISHED", "assignerShortName": "cisco", "dateReserved": "2025-10-08T11:59:15.397Z", "datePublished": "2026-04-15T15:17:43.871Z", "dateUpdated": "2026-04-15T15:17:43.871Z"}, "containers": {"cna": {"affected": [{"product": "Splunk Enterprise", "vendor": "Splunk", "versions": [{"version": "10.2", "status": "affected", "versionType": "custom", "lessThan": "10.2.2"}, {"version": "10.0", "status": "affected", "versionType": "custom", "lessThan": "10.0.5"}, {"version": "9.4", "status": "affected", "versionType": "custom", "lessThan": "9.4.10"}, {"version": "9.3", "status": "affected", "versionType": "custom", "lessThan": "9.3.11"}]}, {"product": "Splunk Cloud Platform", "vendor": "Splunk", "versions": [{"version": "10.4.2603", "status": "affected", "versionType": "custom", "lessThan": "Not Affected"}, {"version": "10.3.2512", "status": "affected", "versionType": "custom", "lessThan": "10.3.2512.6"}, {"version": "10.2.2510", "status": "affected", "versionType": "custom", "lessThan": "10.2.2510.10"}, {"version": "10.1.2507", "status": "affected", "versionType": "custom", "lessThan": "10.1.2507.20"}, {"version": "10.0.2503", "status": "affected", "versionType": "custom", "lessThan": "10.0.2503.13"}, {"version": "9.3.2411", "status": "affected", "versionType": "custom", "lessThan": "9.3.2411.127"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform versions below 10.4.2603.0, 10.3.2512.6, 10.2.2510.10, 10.1.2507.20, 10.0.2503.13, and 9.3.2411.127, a user who holds a role that contains the high-privilege capability `edit_user`could create a specially crafted username that includes a null byte or a non-UTF-8 percent-encoded byte due to improper input validation.<br><br>This could lead to inconsistent conversion of usernames into a proper format for storage and account management inconsistencies, such as being unable to edit or delete affected users."}], "value": "In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform versions below 10.4.2603.0, 10.3.2512.6, 10.2.2510.10, 10.1.2507.20, 10.0.2503.13, and 9.3.2411.127, a user who holds a role that contains the high-privilege capability `edit_user`could create a specially crafted username that includes a null byte or a non-UTF-8 percent-encoded byte due to improper input validation.<br><br>This could lead to inconsistent conversion of usernames into a proper format for storage and account management inconsistencies, such as being unable to edit or delete affected users."}], "references": [{"url": "https://advisory.splunk.com/advisories/SVD-2026-0401"}], "title": "Improper Input Validation during User Account Creation in Splunk Enterprise", "datePublic": "2026-04-15T00:00:00.000Z", "metrics": [{"cvssV3_1": {"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "baseScore": 6.6, "baseSeverity": "MEDIUM"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "cwe", "description": "The software does not properly handle when an input contains Unicode encoding.", "cweId": "CWE-176"}]}], "source": {"advisory": "SVD-2026-0401"}, "credits": [{"lang": "en", "value": "Ryan Luke<br><br>Mahfujur Rahman (mahfujwhh)"}], "providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2026-04-15T15:17:43.871Z"}}}}