CyberRota
← Ana sayfaya dön

CVE-2026-20258

HIGH · CVSS 7.1 EPSS %0.17 Public Exploit

Kaynak: NVD + CISA KEV + EPSS · Yayınlanma: 2026-06-10T18:16:41.377 · Çekilme zamanı: 2026-06-30T12:16:30.206226+00:00

CyberRota Yorumu

Detaylı analiz gerekiyor.

Public Exploit Sinyali

Bu CVE için açıklama veya referanslarda public exploit / PoC / GitHub / Metasploit sinyali tespit edildi.

Tespit Edilen Sinyaller
exploit

Not: Bu bağlantılar yalnızca güvenlik araştırması ve doğrulama amacıyla listelenmiştir.

CVE
CVE-2026-20258
Severity
HIGH
CVSS
7.1
EPSS
%0.17
Java

Orijinal NVD Açıklaması

In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.11, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the "admin" or "power" Splunk roles could store a malicious script in a classic dashboard HTML panel, causing unauthorized JavaScript code to execute in the browser of another user. The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The low-privileged user should not be able to exploit the vulnerability at will.