Splunk Enterprise for Vulnerabilities in Windows Splunk has revealed a high-severity flaw in Splunk Enterprise for Windows that enables a local user with limited privileges to escalate to SYSTEM level via a DLL search-order hijacking attack This article explores vulnerabilities windows splunk. . Tracked as CVE-2026-20140 and released on February 18, 2026, under advisory SVD-2026-0205, the vulnerability is categorized under CWE-427 (Uncontrolled Search Path Element) and has a CVSSv3.1 score of 7.7 (High).

Splunk Enterprise for Windows versions lower than 10.2.0, 10.0.3, 9.4.8, 9.3.9, and 9.2.12 is vulnerable. By creating a directory on the system drive where Splunk is installed and inserting a malicious DLL inside, an attacker with low-privileged access to a Windows system running Splunk Enterprise can take advantage of this vulnerability.

Because of its insecure library search order, the application might unintentionally load that rogue DLL when the Splunk Enterprise service restarts. The injected code inherits the elevated rights because the service operates with SYSTEM-level privileges, thereby giving the attacker complete control over the host computer. Several significant aspects of this attack are revealed by the CVSS vector.

Remote exploitation is limited by the local access requirement (AV:L), but enterprise environments are still seriously at risk due to the high complexity (AC:H) and the requirement for user interaction (UI:R), especially in shared or multi-user Windows deployments. The scope change (S:C), which received high ratings for availability, confidentiality, and integrity, highlights the serious consequences that follow a successful compromise.

It is also important to note that this vulnerability, which has an Informational severity rating, does not affect Splunk deployments that are not Windows-based. Versions Affected and Fixed Versions of the Product Affected Versions Splunk Enterprise 10.0 10.0.0 to 10.0.2 10.0.3 Splunk Enterprise 9.4 9.4.0 to 9.4.7 9.4.8 have been fixed. From Splunk Enterprise 9.3 9.3.0 to 9.3.8 9.3.9 Splunk Enterprise 9.2 9.2.0 to 9.2.11 9.2.12 Splunk Enterprise 10.2 Not Affected 10.2.0 Versions 10.2.0, 10.0.3, 9.4.8, 9.3.9, and 9.2.12 all have the bug fixed.

It is highly recommended that organizations using Splunk Enterprise on Windows install the relevant patch right away. Administrators should limit write permissions on system drive directories to prevent unauthorized DLL placement in cases where immediate patching is not practical.

As of right now, there have been no reports of active detections or exploits in the wild. Marius Gabriel Mihai, a security researcher, responsibly revealed the vulnerability. X for daily cybersecurity updates, LinkedIn.

To have your stories featured, get in touch with us.