Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2026/VULN300
_____________________________________________________________________

DATE                : 13/03/2026

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Splunk AppDynamics products,
                       Splunk Enterprise versions prior to 10.2.1,
                                  10.0.4, 9.4.9, 9.3.10,
                  Splunk Cloud Platform versions prior to 10.2.2510.7,
                        10.1.2507.17, 10.0.2503.12, 9.3.2411.124,
                  Splunk Observability Cloud app for Splunk Enterprise
                       versions prior to 10.2.2510.5, 10.1.2507.16,
                                       10.0.2503.12.

=====================================================================
https://advisory.splunk.com/advisories/SVD-2026-0312
https://advisory.splunk.com/advisories/SVD-2026-0311
https://advisory.splunk.com/advisories/SVD-2026-0309
https://advisory.splunk.com/advisories/SVD-2026-0307
https://advisory.splunk.com/advisories/SVD-2026-0306
https://advisory.splunk.com/advisories/SVD-2026-0313
https://advisory.splunk.com/advisories/SVD-2026-0310
https://advisory.splunk.com/advisories/SVD-2026-0308
https://advisory.splunk.com/advisories/SVD-2026-0302
https://advisory.splunk.com/advisories/SVD-2026-0301
https://advisory.splunk.com/advisories/SVD-2026-0303
https://advisory.splunk.com/advisories/SVD-2026-0304
https://advisory.splunk.com/advisories/SVD-2026-0305
_____________________________________________________________________

Third-Party Package Updates in Splunk AppDynamics Database Agent -
March 2026

Advisory ID: SVD-2026-0312

CVE ID:  Multiple

Published: 2026-03-11
Last Update: 2026-03-11

Description

Splunk remedied common vulnerabilities and exposures (CVEs) in Third
Party Packages in Splunk AppDynamics Database Agent version 26.1.0,
and higher, including the following:

Package	Remediation	CVE	Severity

openjdk1	Upgraded	Multiple	High
mssql-jdbc	Upgraded to version 10.2.4.jre11	CVE-2025-59250	High
netty	Upgraded to version 4.1.129	CVE-2025-67735	Medium
apache-log4j	Upgraded to version 2.25.3	CVE-2025-68161	Medium
msal4j2	Upgraded	Multiple	High
commons-logging3	Upgraded	Multiple	Critical
oauth2-oidc-sdk4	Upgraded	Multiple	High

1 Upgraded openjdk from version 17.0.16 to version 17.0.18 to remedy
CVE-2025-50059, CVE-2025-50106, CVE-2025-30749, CVE-2025-53066,
CVE-2025-53057, and CVE-2025-30754.

2 Upgraded msal4j from version 1.10.1 to version 1.23.1, which removed
the transitive dependency jackson-databind to remedy CVE-2022-42003,
CVE-2022-42004, CVE-2021-46877, and CVE-2020-36518.

3 Upgraded commons-logging from version 1.2 to version 1.3.5, which
updated the transitive dependency log4j to the fixed version 2.24.3
to remedy CVE-2022-23307, CVE-2019-17571, CVE-2023-26464,
CVE-2022-23305, and CVE-2022-23302.

4 Upgraded oauth2-oidc-sdk from version 9.20 to 11.30.1, which
updated the transitive Bouncy Castle dependencies to version 1.83
to remediate CVE-2025-8916, CVE-2024-30171, CVE-2024-29857,
CVE-2023-33201, and CVE-2023-33202, and updated the transitive
nimbus-jose-jwt dependencies to version 10.8 to remediate
CVE-2023-52428 and CVE-2025-53864.


Solution

Upgrade Splunk AppDynamics Database Agent to versions 26.1.0 or
higher.


Product Status

Product	Base Version	Affected Version	Fix Version
Splunk AppDynamics Database Agent	26.1	Below 26.1.0	26.1.0


Severity

For the CVEs in this list, Splunk adopted the vendor’s severity
rating or the National Vulnerability Database (NVD) common
vulnerability scoring system (CVSS) rating, as available.

_____________________________________________________________________

Third-Party Package Updates in Splunk AppDynamics NodeJS Agent - March
2026

Advisory ID: SVD-2026-0311

CVE ID:  Multiple

Published: 2026-03-11
Last Update: 2026-03-11


Description

Splunk remedied common vulnerabilities and exposures (CVEs) in Third
Party Packages in Splunk AppDynamics NodeJS Agent version 25.12.1,
and higher, including the following:

Package	Remediation	CVE	Severity

busybox1	Upgraded	Multiple	Low
curl	Upgraded to version 7.76.1-35	CVE-2025-9086	High
expat	Upgraded to version 2.5.0-5	CVE-2025-59375	High
glib	Upgraded to version 2.68.4-18	CVE-2025-13601	High
gnupg	Upgraded to version 2.3.3-5	CVE-2025-68973	High
iputils	Upgraded to version 20210202-15	CVE-2025-48964	Medium
libxml2	Upgraded to version 2.9.13-14	CVE-2025-9714	Medium
openssl2	Upgraded	Multiple	Critical
python3	Upgraded	Multiple	Medium
qs4	Upgraded	Multiple	High
rpm5	Upgraded	Multiple	Medium
shadow / shadow-utils	Upgraded to version 4.9-15	CVE-2024-56433	Low
sqlite	Upgraded to version 3.34.1-9	CVE-2025-6965	Critical
systemd	Upgraded to version 252-55	CVE-2025-4598	Medium
tar6	Upgraded	Multiple	High
util-linux	Upgraded to version 2.37.4-21	CVE-2025-14104	Medium
vim7	Upgraded	Multiple	Medium

1 Upgraded busybox from version 1.37.0-r19 to version 1.37.0-r30
to remedy CVE-2025-46394 and CVE-2024-58251.

2 Upgraded openssl from version 3.5.2 to version 3.5.5 to remedy
CVE-2025-15467, CVE-2025-9230, CVE-2025-69420, CVE-2025-69421,
CVE-2025-69419, CVE-2025-9231, CVE-2025-11187, CVE-2025-15468,
CVE-2025-66199, CVE-2026-22795, CVE-2026-22796, CVE-2025-68160,
and CVE-2025-69418.

3 Upgraded python from version 3.9.21-2 to version 3.9.25-3 to
remedy CVE-2024-5642, CVE-2025-12084, CVE-2025-6075,
CVE-2025-8291, and CVE-2025-6069.

4 Upgraded qs to version 6.14.2 to remedy CVE-2026-2391 and
CVE-2025-15284.

5 Upgraded rpm from version 4.16.1.3-37 to version 4.16.1.3-39
to remedy CVE-2021-35939, CVE-2021-35938, and CVE-2021-35937.

6 Upgraded tar from version 7.4.3 to version 7.5.7 to remedy
CVE-2026-23745, CVE-2026-24842, and CVE-2026-23950. The
NodeJSAgent is not impacted by CVE-2025-45582 or any other
GNU Tar-related CVEs.

7 Upgraded vim from version 8.2.2637-22 to version 8.2.2637-23
to remedy CVE-2025-53905 and CVE-2025-53906.


Solution

Upgrade Splunk AppDynamics NodeJS Agent to versions 25.12.1
or higher.


Product Status

Product	Base Version	Affected Version	Fix Version
Splunk AppDynamics NodeJS Agent	25.12	Below 25.12.1	25.12.1


Severity

For the CVEs in this list, Splunk adopted the vendor’s severity
rating or the National Vulnerability Database (NVD) common
vulnerability scoring system (CVSS) rating, as available.

_____________________________________________________________________

Third-Party Package Updates in Splunk AppDynamics Private Synthetic
Agent - March 2026

Advisory ID: SVD-2026-0309

CVE ID:  Multiple

Published: 2026-03-11
Last Update: 2026-03-11

Description

Splunk remedied common vulnerabilities and exposures (CVEs) in Third
Party Packages in Splunk AppDynamics Private Synthetic Agent version
26.1.0, and higher, including the following:


Package	Remediation	CVE	Severity

glib1	Upgraded	Multiple	Critical
openexr2	Removed	Multiple	Critical
systemd3	Removed	Multiple	High
chromium4	Upgraded	Multiple	High
ffmpeg5	Upgraded	Multiple	High
gnutls6	Upgraded	Multiple	High
openssl7	Upgraded	CVE-2025-9230	High
crossbeam-channel	Upgraded to version 0.5.15	CVE-2025-4574	Medium
c-ares	Upgraded to version 1.34.6	CVE-2025-62408	Medium
libssh	Upgraded to version 0.11.3	CVE-2025-8114	Medium

1 Upgraded glib from version 2.84.4 to version 2.86.3 to remedy
CVE-2025-13601, CVE-2025-14087, and CVE-2025-14512.

2 Removed openexr to remedy CVE-2025-12495, CVE-2025-12839,
CVE-2025-12840, CVE-2025-48071, CVE-2025-48072, CVE-2025-48073,
CVE-2025-48074, CVE-2025-64181, CVE-2025-64182, CVE-2025-64183,
and CVE-2026-26981.

3 Removed systemd to remedy CVE-2012-0871, CVE-2013-4327,
CVE-2013-4391, CVE-2013-4392, CVE-2013-4393, CVE-2013-4394,
CVE-2016-7795, CVE-2017-18078, CVE-2017-9217, CVE-2018-1049,
CVE-2018-15686, CVE-2018-15688, CVE-2018-16864, CVE-2018-16865,
CVE-2018-16888, CVE-2018-6954, CVE-2019-20386, CVE-2019-3842,
CVE-2019-3843, CVE-2019-3844, CVE-2020-13776, CVE-2020-1712,
CVE-2021-33910, CVE-2022-3821, CVE-2023-26604, and
CVE-2025-4598.

4 Upgraded chromium from version 140.0.7339.207 to version
143.0.7499.40 to remedy CVE-2025-11205, CVE-2025-11206, CVE-2025-11207,
CVE-2025-11208, CVE-2025-11209, CVE-2025-11210, CVE-2025-11211,
CVE-2025-11212, CVE-2025-11213, CVE-2025-11215, CVE-2025-11216,
CVE-2025-11219, CVE-2025-11458, CVE-2025-11460, CVE-2025-11756,
CVE-2025-12036, CVE-2025-12428, CVE-2025-12429, CVE-2025-12430,
CVE-2025-12431, CVE-2025-12432, CVE-2025-12433, CVE-2025-12434,
CVE-2025-12435, CVE-2025-12436, CVE-2025-12437, CVE-2025-12438,
CVE-2025-12439, CVE-2025-12440, CVE-2025-12441, CVE-2025-12443,
CVE-2025-12444, CVE-2025-12445, CVE-2025-12446, CVE-2025-12447,
CVE-2025-12725, CVE-2025-12726, CVE-2025-12727, CVE-2025-12728,
CVE-2025-12729, CVE-2025-13042, CVE-2025-13223, CVE-2025-13224,
CVE-2025-13226, CVE-2025-13227, CVE-2025-13228, CVE-2025-13229,
and CVE-2025-13230.

5 Upgraded ffmpeg from version 6.1.2 to version 8.0.1 to remedy
CVE-2023-49501, CVE-2023-6601, CVE-2023-6602, CVE-2023-6604,
CVE-2023-6605, CVE-2025-0518, CVE-2025-10256, CVE-2025-1594,
CVE-2025-22919, CVE-2025-59729, CVE-2025-59730, and CVE-2025-9951.

6 Upgraded gnutls from version 3.8.8 to version 3.8.11 to remedy
CVE-2024-12243, CVE-2025-32988, CVE-2025-32989, CVE-2025-32990,
CVE-2025-6395, and CVE-2025-9820.

7 Upgraded multiple instances to the fixed versions -
1.1.1zd / 3.0.18 / 3.5.4, in order to remediate the CVE.
Solution

Upgrade Splunk AppDynamics Private Synthetic Agent to versions 26.1.0
or higher.


Product Status

Product	Base Version	Affected Version	Fix Version
Splunk AppDynamics Private Synthetic Agent	26.1	Below 26.1.0	26.1.0


Severity

For the CVEs in this list, Splunk adopted the vendor’s severity rating
or the National Vulnerability Database (NVD) common vulnerability
scoring system (CVSS) rating, as available.

_____________________________________________________________________

Third-Party Package Updates in Splunk AppDynamics On-Premises
Enterprise Console - March 2026

Advisory ID: SVD-2026-0307

CVE ID:  Multiple

Published: 2026-03-11
Last Update: 2026-03-11

Description

Splunk remedied common vulnerabilities and exposures (CVEs) in Third
Party Packages in Splunk AppDynamics On-Premises Enterprise Console
version 26.1.1, and higher, including the following:

Package	Remediation	CVE	Severity

tomcat1	Updated	Multiple	Critical
golang2	Upgraded	Multiple	High
gstreamer3	Upgraded	Multiple	High
curl4	Upgraded	Multiple	High
openssl5	Upgraded	Multiple	High
nodemailer6	Upgraded	Multiple	High
glib7	Upgraded	Multiple	High
jose4j	Upgraded to version 0.9.6	CVE-2024-29371	High
aws-java-sdk-s3	Upgraded to version 1.12.261	CVE-2022-31159	Medium
bouncycastle-fips	Upgraded to version 2.0.1	CVE-2025-8885	Medium
jsch	Upgraded to version 2.27.2	CVE-2023-48795	Medium
nimbus-jose-jwt	Upgraded to version 9.37.4	CVE-2025-53864	Medium
groovy	Upgraded to version 2.4.21	CVE-2020-17521	Medium
libarchive	Upgraded to version 3.8.2	CVE-2025-60753	Medium
netty-codec-smtp	Upgraded to version 4.2.7	CVE-2025-59419	Medium
js-yaml	Upgraded to version 4.1.1	CVE-2025-64718	Medium
mysql8	Upgraded	Multiple	Medium
angular9	Upgraded	Multiple	High

1 Moved to a fixed version - 9.0.111, and removed other tomcat
instances to remediate CVE-2025-24813, CVE-2024-52316, CVE-2025-31651,
CVE-2024-50379, CVE-2024-56337, CVE-2025-55754, CVE-2025-48988,
CVE-2024-23672, CVE-2025-55752, CVE-2024-34750, CVE-2024-38286,
CVE-2025-52520, CVE-2025-49125, CVE-2024-24549, CVE-2025-48989,
CVE-2023-44487, CVE-2025-53506, CVE-2025-46701, CVE-2025-55668,
CVE-2024-54677, and CVE-2025-61795.

2 Upgraded golang from version 1.25.0 to version 1.25.3 to remedy
CVE-2025-58187, CVE-2025-61725, CVE-2025-61723, CVE-2025-58188,
CVE-2025-47910, CVE-2025-58189, CVE-2025-61724, CVE-2025-58186,
CVE-2025-47912, CVE-2025-58185, and CVE-2025-58183.

3 Upgraded gstreamer from version 1.24.10 to version 1.26.5 to
remedy CVE-2025-3887, CVE-2025-2759, CVE-2025-47808,
CVE-2025-47807, CVE-2025-47806, and CVE-2025-47183.

4 Upgraded curl from version 8.14.1 to version 8.17.0 to remedy
CVE-2025-9086, CVE-2025-10148, and CVE-2025-10966.

5 Upgraded multiple OpenSSL instances to versions 3.0.18 and
3.5.4 to remedy CVE-2025-9230 and CVE-2025-9232.

6 Upgraded nodemailer from version 6.8.0 to version 7.0.11 to
remedy CVE-2025-13033 and CVE-2025-14874.

7 Upgraded glib from version 2.82.4 to version 2.84.3 to
remedy CVE-2025-4056 and CVE-2025-3360.

8 Upgraded mysql from version 8.0.43 to version 8.0.45 to remedy
CVE-2025-53040, CVE-2025-53042, CVE-2025-53044, CVE-2025-53045,
CVE-2025-53053, CVE-2025-53054, CVE-2025-53062, and
CVE-2025-53069.

9 Upgraded angular from version 1.9.3 to version 1.9.11 to
remedy CVE-2024-21490, CVE-2023-26118, CVE-2025-0716,
CVE-2024-8373, and CVE-2024-8372.


Solution

Upgrade Splunk AppDynamics On-Premises Enterprise Console to
versions 26.1.1 or higher.


Product Status

Product	Base Version	Affected Version	Fix Version

Splunk AppDynamics On-Premises Enterprise Console	26.1	Below 26.1.1	26.1.1


Severity

For the CVEs in this list, Splunk adopted the vendor’s severity
rating or the National Vulnerability Database (NVD) common
vulnerability scoring system (CVSS) rating, as available.

_____________________________________________________________________

Third-Party Package Updates in Splunk Enterprise - March 2026

Advisory ID: SVD-2026-0306

CVE ID:  Multiple

Published: 2026-03-11
Last Update: 2026-03-11


Description

Splunk remedied common vulnerabilities and exposures (CVEs) in Third
Party Packages in Splunk Enterprise versions 10.2.1, 10.0.4, 9.4.9,
9.3.10, and higher.


Package	Remediation	CVE	Severity

golang/x/oauth21	Upgraded golang/x/oauth2 in `opamp-svc` sidecar binary to version 0.27.0	CVE-2025-22868	High
requests2	Upgraded requests to version 2.32.5	CVE-2024-47081	Medium
golang3	Upgraded golang to Go compiler in `splunksup` binary to version go1.24.11	Multiple	High
golang.org/x/crypto4	Upgraded golang crypto in `splunksup` binary to version 0.45.0	Multiple	High
golang.org/x/net5	Upgraded golang net in `splunksup` binary to version 0.47.0	Multiple	High
golang6	Upgraded golang in `identity` binary to Go compiler version go1.24.11	Multiple	High
golang.org/x/crypto7	Upgraded golang crypto in `identity` binary to version 0.45.0	Multiple	High
golang.org/x/net8	Upgraded golang net in `identity` binary to version 0.47.0	Multiple	High
golang.org/grpc9	Upgraded golang grpc in `identity` binary to version 1.74.2	CVE-2024-7246	Medium
github.com/golang-jwt/jwt/v410	Upgraded golang-jwt in `identity` binary to version 4.5.2	Multiple	High
golang11	Upgraded golang in `splunk-edge` binary to Go compiler version go1.24.11	Multiple	High
golang.org/x/crypto12	Upgraded golang crypto in `splunk-edge`binary to version 0.45.0	Multiple	High
golang.org/x/net13	Upgraded golang net in `splunk-edge`binary to version 0.47.0	Multiple	High
cloudflare/circl14	Upgraded cloudflare/circl in `splunk-edge`binary to version 1.6.1	CVE-2025-8556	Low
kin-openapi15	Upgraded kin-openapi to version 0.131.0	CVE-2025-30153	High
golang-jwt16	Upgraded golang-jwt to verion 5.2.2	CVE-2025-30204	High
protobuf17	Upgraded protobuf to version 4.25.8	CVE-2025-4565	High
aiohttp18	Upgraded aiohttp to version 3.13.3	Multiple	High
azure-core19	Upgraded azure-core to version 1.38.0	Multiple	High

1 Upgraded golang to version 0.27.0 at
$SPLUNK_HOME/opt/packages/opamp-svcto remedy CVE-2025-22868 in Splunk
Enterprise version 10.0.4. Splunk Enterprise version 10.2.x use version
0.30.0. The opamp-svc sidecar binary is not present in Splunk
Enterprise versions 9.4.x and 9.3.x.

2 Upgraded requests to version 2.32.5 to remedy CVE-2024-47081 in
Splunk Enterprise at
$SPLUNK_HOME/lib/python3.7/site-packages/requests-2.31.0.dist-info/METADATA.

3 Upgraded golang in splunksup binary to Go compiler version go1.24.11
to remedy CVE-2025-0913, CVE-2025-22871, CVE-2025-22874, CVE-2025-4673,
CVE-2025-47906, CVE-2025-47907, CVE-2025-47912, CVE-2025-58183,
CVE-2025-58185, CVE-2025-58186, CVE-2025-58187, CVE-2025-58188,
CVE-2025-58189, CVE-2025-61723, CVE-2025-61724, CVE-2025-61725 at
$SPLUNK_HOME/etc/apps/splunk_pipeline_builders/binaries/splunksup/
in Splunk Enterprise versions 10.0.4 and 10.2.1. Splunksup binary
is not present in Splunk Enterprise versions 9.4.x and 9.3.x.

4 Upgraded golang crypto in splunksup binary to version 0.45.0 to
remedy CVE-2025-47913, CVE-2025-47914, CVE-2025-58181 at
$SPLUNK_HOME/etc/apps/splunk_pipeline_builders/binaries/splunksup/in
Splunk Enterprise versions 10.0.4 and 10.2.1. Splunksup binary is
not present in Splunk Enterprise versions 9.4.x and 9.3.x.

5 Upgraded golang net in splunksup binary to version 0.47.0 to
remedy CVE-2025-22870 and CVE-2025-22872 at
$SPLUNK_HOME/etc/apps/splunk_pipeline_builders/binaries/splunksup/
in Splunk Enterprise versions 10.0.4 and 10.2.1. Splunksup binary
is not present in Splunk Enterprise versions 9.4.x and 9.3.x.

6 Upgraded golang in identity binary to Go compiler version
go1.24.11 to remedy CVE-2025-0913, CVE-2025-22871, CVE-2025-22874,
CVE-2025-4673, CVE-2025-47906, CVE-2025-47907, CVE-2025-47912,
CVE-2025-58183, CVE-2025-58185, CVE-2025-58186, CVE-2025-58187,
CVE-2025-58188, CVE-2025-58189, CVE-2025-61723, CVE-2025-61724,
CVE-2025-61725 at $SPLUNK_HOME/opt/packages/identity.

7 Upgraded golang crypto in identity binary to version 0.45.0 to
remedy CVE-2025-47913, CVE-2025-47914, CVE-2025-58181 at $SPLUNK_HOME/opt/packages/identity.

8 Upgraded golang net in identity binary to version 0.47.0 to
remedy CVE-2025-22870 and CVE-2025-22872 at $SPLUNK_HOME/opt/packages/identity.

9 Upgraded golang grpc-go in identity binary to version 1.74.2 to
remedy CVE-2024-7246 at $SPLUNK_HOME/opt/packages/identity.

10 Upgraded golang-jwt in identity binary to version 4.5.2 to
remedy CVE-2024-51744 and CVE-2025-30204 at
$SPLUNK_HOME/opt/packages/identity.

11 Upgraded golang in splunk-edge binary to Go compiler version
go1.24.11 to remedy CVE-2025-0913, CVE-2025-22871, CVE-2025-22874,
CVE-2025-4673, CVE-2025-47906, CVE-2025-47907, CVE-2025-47912,
CVE-2025-58183, CVE-2025-58185, CVE-2025-58186, CVE-2025-58187,
CVE-2025-58188, CVE-2025-58189, CVE-2025-61723, CVE-2025-61724,
CVE-2025-61725 at
$SPLUNK_HOME/etc/apps/splunk_pipeline_builders/binaries/splunk-edge/in
Splunk Enterprise versions 10.0.4 and 10.2.1. The splunk-edge
binary is not present in Splunk Enterprise versions 9.4.x and
9.3.x.

12 Upgraded golang crypto in splunk-edgebinary to version 0.45.0 to
remedy CVE-2025-47913, CVE-2025-47914,
$SPLUNK_HOME/etc/apps/splunk_pipeline_builders/binaries/splunk-edge/in
Splunk Enterprise versions 10.0.4 and 10.2.1. The splunk-edgebinary
is not present in Splunk Enterprise versions 9.4.x and 9.3.x.

13 Upgraded golang net in splunk-edgebinary to version 0.47.0 to
remedy CVE-2025-22870 and CVE-2025-22872 at
$SPLUNK_HOME/etc/apps/splunk_pipeline_builders/binaries/splunk-edge/in
Splunk Enterprise versions 10.0.4 and 10.2.1. The
splunk-edgebinary is not present in Splunk Enterprise versions
9.4.x and 9.3.x.

14 Upgraded cloudflare/circl in splunk-edgebinary to version 1.6.1
to remedy CVE-2025-8556 at
$SPLUNK_HOME/etc/apps/splunk_pipeline_builders/binaries/splunk-edge/
in Splunk Enterprise versions 10.0.4 and 10.2.1. The
splunk-edgebinary is not present in Splunk Enterprise versions
9.4.x and 9.3.x.

15 Upgraded kin-openai to version 0.131.0 to remedy CVE-2025-30153
at $SPLUNK_HOME/opt/packages/cmp-orchestratorin Splunk Enterprise
version 10.0.4. Splunk Enterprise version 10.2.x is not affected.
cmp-orchestrator is not present in Splunk Enterprise versions
9.4.x and 9.3.x

16 Upgraded golang-jwt to version 5.2.2 to remedy CVE-2025-30204
at $SPLUNK_HOME/opt/packages/cmp-orchestrator in Splunk Enterprise
version 10.0.4 and 10.2.1. cmp-orchestrator is not present in
Splunk Enterprise versions 9.4.x and 9.3.x

17 Upgraded protobuf to version 4.25.8 to remedy CVE-2025-4565 at
$SPLUNK_HOME/lib/python3.9/site-packagesin Splunk Enterprise
version 10.0.4. Splunk Enterprise version 10.2.x is not affected.
Protobuf is not present in Splunk Enterprise version 9.4.x and
9.3.x

18 Upgraded aiohttp to version 3.13.3 in Splunk Secure Gateway
app to remedy CVE-2025-69224,CVE-2025-69225,CVE-2025-69230,
CVE-2025-69223,CVE-2025-69228,CVE-2025-69227,CVE-2025-69229,
CVE-2025-69226. Fixed in Splunk Enterprise versions 10.0.4,
9.4.9, and 9.3.10, and Splunk Secure Gateway app versions
3.10.2, 3.9.16, and 3.8.63

19 Upgraded azure-core to version 1.38.0 in Splunk Enterprise
to remedy CVE-2026-21226


Solution

Upgrade Splunk Enterprise to versions 10.2.1, 10.0.4, 9.4.9,
9.3.10, or higher.

Product Status

Product	Base Version	Affected Version	Fix Version
Splunk Enterprise	10.2	Below 10.2.1	10.2.1
Splunk Enterprise	10.0	10.0.0 to 10.0.3	10.0.4
Splunk Enterprise	9.4	9.4.0 to 9.4.8	9.4.9
Splunk Enterprise	9.3	9.3.0 to 9.3.9	9.3.10


Severity

For the CVEs in this list, Splunk adopted the vendor’s severity rating
or the National Vulnerability Database (NVD) common vulnerability
scoring system (CVSS) rating, as available.

_____________________________________________________________________

Third-Party Package Updates in Splunk AppDynamics Analytics Agent -
March 2026

Advisory ID: SVD-2026-0313

CVE ID:  Multiple

Published: 2026-03-11
Last Update: 2026-03-11


Description

Splunk remedied common vulnerabilities and exposures (CVEs) in Third
Party Packages in Splunk AppDynamics Analytics Agent version 26.1.0,
and higher, including the following:

Package	Remediation	CVE	Severity

netty / netty-codec / netty-codec-http1	Upgraded	Multiple	High
aws-java-sdk-s3	Upgraded to version 1.12.261	CVE-2022-31159	Medium
bouncycastle-fips	Upgraded to version 1.0.2.6	CVE-2025-8885	Medium
elasticsearch	Upgraded to version 8.19.5	CVE-2025-37727	Medium
groovy	Upgraded to version 2.4.21	CVE-2020-17521	Medium

1 Upgraded the netty, netty-codec and netty-codec-http packages,
from version 4.1.118 to version 4.1.126 to remedy CVE-2025-55163,
CVE-2025-58056, and CVE-2025-58057.


Solution

Upgrade Splunk AppDynamics Analytics Agent to versions 26.1.0 or
higher.

Product Status

Product	Base Version	Affected Version	Fix Version
Splunk AppDynamics Analytics Agent	26.1	Below 26.1.0	26.1.0
Severity

For the CVEs in this list, Splunk adopted the vendor’s severity rating
or the National Vulnerability Database (NVD) common vulnerability
scoring system (CVSS) rating, as available.

_____________________________________________________________________

Third-Party Package Updates in Splunk AppDynamics Java Agent - March
2026

Advisory ID: SVD-2026-0310

CVE ID:  Multiple

Published: 2026-03-11
Last Update: 2026-03-11


Description

Splunk remedied common vulnerabilities and exposures (CVEs) in Third
Party Packages in Splunk AppDynamics Java Agent version 26.1.0, and
higher, including the following:

Package	Remediation	CVE	Severity
apache-log4j	Upgraded to version 2.25.3	CVE-2025-68161	Medium
gnupg	Upgraded to version 2.3.3-5	CVE-2025-68973	High


Solution

Upgrade Splunk AppDynamics Java Agent to versions 26.1.0 or higher.
Product Status
Product	Base Version	Affected Version	Fix Version
Splunk AppDynamics Java Agent	26.1	Below 26.1.0	26.1.0
Severity

For the CVEs in this list, Splunk adopted the vendor’s severity rating
or the National Vulnerability Database (NVD) common vulnerability
scoring system (CVSS) rating, as available.

_____________________________________________________________________

Third-Party Package Updates in Splunk AppDynamics Machine Agent -
March 2026

Advisory ID: SVD-2026-0308

CVE ID:  Multiple

Published: 2026-03-11
Last Update: 2026-03-11


Description

Splunk remedied common vulnerabilities and exposures (CVEs) in Third
Party Packages in Splunk AppDynamics Machine Agent version 26.1.0,
and higher, including the following:

Package	Remediation	CVE	Severity
apache-log4j	Upgraded to version 2.25.3	CVE-2025-68161	Medium
curl	Upgraded to version 8.17.0	CVE-2025-9086	High
logback-core	Upgraded to version 1.5.19	CVE-2025-11226	Medium
netty	Upgraded to version 4.1.129	CVE-2025-67735	Medium
netty-codec-smtp	Upgraded to version 4.1.129	CVE-2025-59419	Medium
openssl	Upgraded to version 3.0.18	CVE-2025-9230	High
python1	Upgraded	Multiple	Medium
openjdk2	Upgraded	Multiple	High

1 Upgraded python from version 3.9.23-2 to version 3.9.25-3 to remedy
CVE-2024-5642, CVE-2025-12084, CVE-2025-6075, CVE-2025-6069, and
CVE-2025-8291.

2 Upgraded openjdk from version 17.0.17 to version 17.0.18 to remedy
CVE-2026-21945, CVE-2026-21932, CVE-2026-21933, and CVE-2026-21925.
Solution

Upgrade Splunk AppDynamics Machine Agent to versions 26.1.0 or higher.

Product Status

Product	Base Version	Affected Version	Fix Version
Splunk AppDynamics Machine Agent	26.1	Below 26.1.0	26.1.0

Severity

For the CVEs in this list, Splunk adopted the vendor’s severity rating
or the National Vulnerability Database (NVD) common vulnerability
scoring system (CVSS) rating, as available.

_____________________________________________________________________

Remote Command Execution (RCE) through the
'/splunkd/__upload/indexing/preview' REST endpoint in Splunk
Enterprise

Advisory ID: SVD-2026-0302

CVE ID: CVE-2026-20163

Published: 2026-03-11
Last Update: 2026-03-11

CVSSv3.1 Score: 8.0, High

CVSSv3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-77

Bug ID: VULN-17049


Description

In Splunk Enterprise versions below 10.2.0, 10.0.4, 9.4.9, and 9.3.10,
and Splunk Cloud Platform versions below 10.2.2510.5, 10.0.2503.12,
10.1.2507.16, and 9.3.2411.124, a user who holds a role that contains
the high-privilege capability edit_cmd could execute arbitrary shell
commands using the unarchive_cmd parameter for the
/splunkd/__upload/indexing/preview REST endpoint.

This occurs because of insufficient input sanitization when previewing
uploaded files before indexing them.

See Define roles on the Splunk platform with capabilities and
props.conf for more information.


Solution

Upgrade Splunk Enterprise to versions 10.2.0, 10.0.4, 9.4.9, 9.3.10,
or higher.

Splunk is actively monitoring and patching Splunk Cloud Platform
instances.

Product Status

Product	Base Version	Component	Affected Version	Fix Version
Splunk Enterprise	10.2	REST API	Not affected	10.2.0
Splunk Enterprise	10.0	REST API	10.0.0 to 10.0.3	10.0.4
Splunk Enterprise	9.4	REST API	9.4.0 to 9.4.8	9.4.9
Splunk Enterprise	9.3	REST API	9.3.0 to 9.3.9	9.3.10
Splunk Cloud Platform	10.2.2510	REST API	Below 10.2.2510.5	10.2.2510.5
Splunk Cloud Platform	10.0.2503	REST API	Below 10.0.2503.12	10.0.2503.12
Splunk Cloud Platform	10.1.2507	REST API	Below 10.1.2507.16	10.1.2507.16
Splunk Cloud Platform	9.3.2411	REST API	Below 9.3.2411.24	9.3.2411.124


Mitigations and Workarounds

If it isn’t currently possible to upgrade to a fixed version of
Splunk Enterprise, remove the high-privilege capability edit_cmd
from the role to remedy the problem.

See Define roles on the Splunk platform with capabilities.


Detections

None


Severity

Splunk rates this vulnerability an 8.0, High, with a CVSSv3.1 vector
of CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H.


Acknowledgments

Danylo Dmytriiev (DDV_UA)

Gabriel Nitu, Splunk

James Ervin, Splunk

_____________________________________________________________________

Stored Cross-Site Scripting (XSS) through Path Traversal in Splunk
Enterprise

Advisory ID: SVD-2026-0301

CVE ID: CVE-2026-20162

Published: 2026-03-11
Last Update: 2026-03-11

CVSSv3.1 Score: 6.3, Medium

CVSSv3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N

CWE: CWE-79

Bug ID: VULN-50292

Description

In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.9, and 9.3.9,
and Splunk Cloud Platform versions below 10.2.2510.4, 10.1.2507.15,
10.0.2503.11, and 9.3.2411.123, a low-privileged user who does not
hold the “admin” or “power” Splunk roles could craft a malicious
payload when creating a View (Settings - User Interface - Views) at
the /manager/launcher/data/ui/views/_new endpoint leading to a Stored
Cross-Site Scripting (XSS) through a path traversal vulnerability.
This could result in execution of unauthorized JavaScript code in
the browser of a user.

The vulnerability requires the attacker to phish the victim by
tricking them into initiating a request within their browser. The
authenticated user should not be able to exploit the vulnerability
at will.


Solution

Upgrade Splunk Enterprise to versions 10.2.0, 10.0.3, 9.4.9, 9.3.9,
or higher.

Splunk is actively monitoring and patching Splunk Cloud Platform
instances.


Product Status

Product	Base Version	Component	Affected Version	Fix Version
Splunk Enterprise	10.2	REST API	Not affected	10.2.0
Splunk Enterprise	10.0	REST API	10.0.0 to 10.0.2	10.0.3
Splunk Enterprise	9.4	REST API	9.4.0 to 9.4.8	9.4.9
Splunk Enterprise	9.3	REST API	9.3.0 to 9.3.8	9.3.9
Splunk Cloud Platform	10.2.2510	REST API	Below 10.2.2510.4	10.2.2510.4
Splunk Cloud Platform	10.1.2507	REST API	Below 10.1.2507.15	10.1.2507.15
Splunk Cloud Platform	10.0.2503	REST API	Below 10.0.2503.11	10.0.2503.11
Splunk Cloud Platform	9.3.2411	REST API	Below 9.3.2411.123	9.3.2411.123
Mitigations and Workarounds

The vulnerability affects instances with Splunk Web turned on, turning
Splunk Web off is a possible workaround. See Disable unnecessary
Splunk Enterprise components and the web.conf configuration
specification file for more information on turning off Splunk Web.


Detections

None
Severity

Splunk rates this vulnerability a 6.3, Medium, with a CVSSv3.1 vector
of CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N.


Acknowledgments

Danylo Dmytriiev (DDV_UA)

_____________________________________________________________________

Sensitive Information Disclosure through Improper Access Control in
Splunk Enterprise

Advisory ID: SVD-2026-0303

CVE ID: CVE-2026-20164

Published: 2026-03-11
Last Update: 2026-03-11

CVSSv3.1 Score: 6.5, Medium

CVSSv3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-200

Bug ID: VULN-43996


Description

In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.9, and 9.3.10,
and Splunk Cloud Platform versions below 10.2.2510.5, 10.1.2507.16,
10.0.2503.11, and 9.3.2411.123, a low-privileged user that does not
hold the “admin” or “power” Splunk roles could access the
/splunkd/__raw/servicesNS/-/-/configs/conf-passwords REST API endpoint,
which exposes the hashed or plaintext password values that are stored
in the passwords.conf configuration file due to improper access
control. This vulnerability could allow for the unauthorized
disclosure of sensitive credentials.


Solution

Upgrade Splunk Enterprise to versions 10.2.0, 10.0.3, 9.4.9, 9.3.10
or higher.

Splunk is actively monitoring and patching Splunk Cloud Platform
instances.

Product Status
Product	Base Version	Component	Affected Version	Fix Version
Splunk Enterprise	10.2	REST API	Not affected	10.2.0
Splunk Enterprise	10.0	REST API	10.0.0 to 10.0.2	10.0.3
Splunk Enterprise	9.4	REST API	9.4.0 to 9.4.8	9.4.9
Splunk Enterprise	9.3	REST API	9.3.0 to 9.3.9	9.3.10
Splunk Cloud Platform	10.2.2510	REST API	Below 10.2.2510.5	10.2.2510.5
Splunk Cloud Platform	10.1.2507	REST API	Below 10.1.2507.16	10.1.2507.16
Splunk Cloud Platform	10.0.2503	REST API	Below 10.0.2503.11	10.0.2503.11
Splunk Cloud Platform	9.3.2411	REST API	Below 9.3.2411.123	9.3.2411.123


Mitigations and Workarounds

None
Detections

None
Severity

Splunk rates this vulnerability a 6.5, Medium, with a CVSSv3.1 vector
of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N.


Acknowledgments

Alex Hordijk (hordalex)
_____________________________________________________________________

Sensitive Information Disclosure in MongoClient logging channel in
Splunk Enterprise

Advisory ID: SVD-2026-0304

CVE ID: CVE-2026-20165

Published: 2026-03-11
Last Update: 2026-03-11

CVSSv3.1 Score: 6.3, Medium

CVSSv3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-532

Bug ID: VULN-57362


Description

In Splunk Enterprise versions below 10.2.1, 10.0.4, 9.4.9, and 9.3.10,
and Splunk Cloud Platform versions below 10.2.2510.7, 10.1.2507.17,
10.0.2503.12, and 9.3.2411.124, a low-privileged user that does not
hold the “admin” or “power” Splunk roles could retrieve sensitive
information by inspecting the job’s search log due to improper
access control in the MongoClient logging channel.


Solution

Upgrade Splunk Enterprise to versions 10.2.1, 10.0.4, 9.4.9,
9.3.10, or higher.

Splunk is actively monitoring and patching Splunk Cloud Platform
instances.

Product Status
Product	Base Version	Component	Affected Version	Fix Version
Splunk Enterprise	10.2	Splunk Web	10.2.0	10.2.1
Splunk Enterprise	10.0	Splunk Web	10.0.0 to 10.0.3	10.0.4
Splunk Enterprise	9.4	Splunk Web	9.4.0 to 9.4.8	9.4.9
Splunk Enterprise	9.3	Splunk Web	9.3.0 to 9.3.9	9.3.10
Splunk Cloud Platform	10.2.2510	Splunk Web	Below 10.2.2510.7	10.2.2510.7
Splunk Cloud Platform	10.1.2507	Splunk Web	Below 10.1.2507.17	10.1.2507.17
Splunk Cloud Platform	10.0.2503	Splunk Web	Below 10.0.2503.12	10.0.2503.12
Splunk Cloud Platform	9.3.2411	Splunk Web	Below 9.3.2411.124	9.3.2411.124
Mitigations and Workarounds

The vulnerability affects instances with Splunk Web turned on, turning
Splunk Web off is a possible workaround. See Disable unnecessary Splunk
Enterprise components and the web.conf configuration specification file
for more information on turning off Splunk Web.

Detections

None

Severity

Splunk rates this vulnerability a 6.3, Medium, with a CVSSv3.1 vector
of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L.


Acknowledgments

John Copeland

_____________________________________________________________________

Sensitive Information Disclosure in Discover Splunk Observability
Cloud app for Splunk Enterprise

Advisory ID: SVD-2026-0305

CVE ID: CVE-2026-20166

Published: 2026-03-11
Last Update: 2026-03-11

CVSSv3.1 Score: 5.4, Medium

CVSSv3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CWE: CWE-200

Bug ID: VULN-53328


Description

In Splunk Enterprise versions below 10.2.1 and 10.0.4, and Splunk
Cloud Platform versions below 10.2.2510.5, 10.1.2507.16, and
10.0.2503.12, a low-privileged user that does not hold the
“admin” or “power” Splunk roles could retrieve the Observability
Cloud API access token through the Discover Splunk Observability
Cloud app due to improper access control.

This vulnerability does not affect Splunk Enterprise versions below
9.4.9 and 9.3.10 because the Discover Splunk Observability
Cloud app does not come with Splunk Enterprise.

For more information see Create and manage organization access
tokens using Splunk Observability Cloud.


Solution

Upgrade Splunk Enterprise to versions 10.2.1, 10.0.4, or higher.

Splunk is actively monitoring and patching Splunk Cloud Platform
instances.

To eliminate further risk and help ensure a high level of security
in your environment, you must perform the following recommended
actions after you upgrade Splunk Enterprise:

    Rotate the Observability API token (Create and manage
organization access tokens using Splunk Observability Cloud).

Product Status
Product	Base Version	Component	Affected Version	Fix Version
Splunk Enterprise	10.2	splunkd	10.2.0	10.2.1
Splunk Enterprise	10.0	splunkd	10.0.0 to 10.0.3	10.0.4
Splunk Enterprise	9.4	splunkd	Not affected	9.4.9
Splunk Enterprise	9.3	splunkd	Not affected	9.3.10
Splunk Cloud Platform	10.2.2510	splunkd	Below 10.2.2510.5	10.2.2510.5
Splunk Cloud Platform	10.1.2507	splunkd	Below 10.1.2507.16	10.1.2507.16
Splunk Cloud Platform	10.0.2503	splunkd	Below 10.0.2503.12	10.0.2503.12
Mitigations and Workarounds

Disable the Discover Splunk Observability Cloud app. See
Manage app and add-on objects.

Detections

None
Severity

Splunk rates this vulnerability a 5.4, Medium, with a CVSSv3.1
vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N.

If you remove or disable the Discover Splunk Observability Cloud app,
there should be no impact and the severity would be informational.


Acknowledgments

Will Zgoda, Splunk

=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================