{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-20139","assignerOrgId":"d1c1063e-7a18-46af-9102-31f8928bc633","state":"PUBLISHED","assignerShortName":"cisco","dateReserved":"2025-10-08T11:59:15.382Z","datePublished":"2026-02-18T16:45:32.308Z","dateUpdated":"2026-02-19T19:28:04.863Z"},"containers":{"cna":{"affected":[{"product":"Splunk Enterprise","vendor":"Splunk","versions":[{"version":"10.0","status":"affected","versionType":"custom","lessThan":"10.0.2"},{"version":"9.4","status":"affected","versionType":"custom","lessThan":"9.4.8"},{"version":"9.3","status":"affected","versionType":"custom","lessThan":"9.3.9"},{"version":"9.2","status":"affected","versionType":"custom","lessThan":"9.2.12"}]},{"product":"Splunk Cloud Platform","vendor":"Splunk","versions":[{"version":"10.2.2510","status":"affected","versionType":"custom","lessThan":"10.2.2510.3"},{"version":"10.1.2507","status":"affected","versionType":"custom","lessThan":"10.1.2507.8"},{"version":"10.0.2503","status":"affected","versionType":"custom","lessThan":"10.0.2503.9"},{"version":"9.3.2411","status":"affected","versionType":"custom","lessThan":"9.3.2411.121"}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.8, 9.3.9, and 9.2.12, and Splunk Cloud Platform versions below 10.2.2510.3, 10.1.2507.8, 10.0.2503.9, and 9.3.2411.121, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could craft a malicious payload into the `realname`, `tz`, or `email` parameters of the `/splunkd/__raw/services/authentication/users/username` REST API endpoint when they change a password. This could potentially lead to a client‑side denial‑of‑service (DoS). The malicious payload might significantly slow page load times or render Splunk Web temporarily unresponsive."}],"value":"In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.8, 9.3.9, and 9.2.12, and Splunk Cloud Platform versions below 10.2.2510.3, 10.1.2507.8, 10.0.2503.9, and 9.3.2411.121, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could craft a malicious payload into the `realname`, `tz`, or `email` parameters of the `/splunkd/__raw/services/authentication/users/username` REST API endpoint when they change a password. This could potentially lead to a client‑side denial‑of‑service (DoS). The malicious payload might significantly slow page load times or render Splunk Web temporarily unresponsive."}],"references":[{"url":"https://advisory.splunk.com/advisories/SVD-2026-0204"}],"title":"Client-Side Denial of Service (DoS) through ''/splunkd/__raw/services/authentication/users/username'' REST API endpoint in Splunk Enterprise","datePublic":"2026-02-18T00:00:00.000Z","metrics":[{"cvssV3_1":{"vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","version":"3.1","baseScore":4.3,"baseSeverity":"MEDIUM"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"lang":"en","type":"cwe","description":"The software does not properly control the allocation and maintenance of a limited resource thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.","cweId":"CWE-400"}]}],"source":{"advisory":"SVD-2026-0204"},"credits":[{"lang":"en","value":"STÖK / Fredrik Alexandersson"}],"providerMetadata":{"orgId":"d1c1063e-7a18-46af-9102-31f8928bc633","shortName":"cisco","dateUpdated":"2026-02-18T16:45:32.308Z"}},"adp":[{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-400","lang":"en","description":"CWE-400 Uncontrolled Resource Consumption"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-02-19T19:10:51.635917Z","id":"CVE-2026-20139","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-02-19T19:28:04.863Z"}}]}}