Tracked as CVE-2026-20140 and published on February 18, 2026, under advisory SVD-2026-0205, the flaw carries a CVSSv3.1 score of 7.7 (High) and is classified under CWE-427 (Uncontrolled Search Path Element).
The vulnerability exists in Splunk Enterprise for Windows versions below 10.2.0, 10.0.3, 9.4.8, 9.3.9, and 9.2.12. An attacker who holds low-privileged access to a Windows system running Splunk Enterprise can exploit this flaw by creating a directory on the system drive where Splunk is installed and placing a malicious DLL inside it.
When the Splunk Enterprise service restarts, the application may inadvertently load that rogue DLL due to its insecure library search order. Since the service runs with SYSTEM-level privileges, the injected code inherits those elevated rights, effectively granting the attacker full control over the host machine.
The CVSS vector reveals several important characteristics of this attack. The local access requirement (AV:L) limits remote exploitation, but the high complexity (AC:H) and the need for user interaction (UI:R) still leave enterprise environments at meaningful risk, particularly in shared or multi-user Windows deployments.
The scope change (S:C) with High ratings across Confidentiality, Integrity, and Availability underscores the severe impact once a successful compromise occurs. It is also worth noting that this vulnerability has no impact on non-Windows Splunk deployments, where the severity is rated as Informational.
| Product | Affected Versions | Fixed Version |
|---|---|---|
| Splunk Enterprise 10.0 | 10.0.0 to 10.0.2 | 10.0.3 |
| Splunk Enterprise 9.4 | 9.4.0 to 9.4.7 | 9.4.8 |
| Splunk Enterprise 9.3 | 9.3.0 to 9.3.8 | 9.3.9 |
| Splunk Enterprise 9.2 | 9.2.0 to 9.2.11 | 9.2.12 |
| Splunk Enterprise 10.2 | Not Affected | 10.2.0 |
Splunk has addressed the flaw in versions 10.2.0, 10.0.3, 9.4.8, 9.3.9, and 9.2.12. Organizations running Splunk Enterprise on Windows are strongly urged to apply the appropriate patch immediately.
Where immediate patching is not feasible, administrators should restrict write permissions on directories within the system drive to prevent unauthorized DLL placement.
No active detections or exploits in the wild have been reported at this time. The vulnerability was responsibly disclosed by security researcher Marius Gabriel Mihai.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post Splunk Enterprise for Windows Vulnerability Let Attackers Hijack DLLs and Gain SYSTEM Access appeared first on Cyber Security News.
Instagram experienced a widespread global outage on March 11, 2026, preventing thousands of users from…
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning about a critical…
Microsoft has released a security update to address a high‑severity vulnerability in Active Directory Domain…
Microsoft has fixed a newly disclosed zero‑day vulnerability in the .NET framework that could allow…
The PhantomRaven malware campaign targeting the npm supply chain has resurfaced with new waves of…
In February 2026, Microsoft Defender Experts identified multiple phishing campaigns targeting workplace applications such as…
This website uses cookies.