CVE-2026-20251 Overview
CVE-2026-20251 is a high-severity Remote Code Execution (RCE) vulnerability affecting Splunk Enterprise, Splunk Cloud Platform, and the Splunk Secure Gateway app. The flaw arises from unsafe deserialization [CWE-502] of App Key Value Store (KV Store) data using the jsonpickle Python library. A low-privileged authenticated user without the admin or power Splunk roles can execute arbitrary code on the underlying system. The jsonpickle library reconstructs arbitrary Python objects from attacker-controlled JSON without adequate validation, enabling object injection.
Critical Impact
Authenticated low-privileged users can achieve Remote Code Execution on Splunk instances, leading to full compromise of confidentiality, integrity, and availability.
Affected Products
- Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13
- Splunk Cloud Platform versions below 10.3.2512.12, 10.2.2510.14, 10.1.2507.22, and 9.3.2411.132
- Splunk Secure Gateway versions below 3.10.6, 3.9.20, and 3.8.67
Discovery Timeline
- 2026-06-10 - CVE-2026-20251 published to NVD
- 2026-06-10 - Last updated in NVD database
Technical Details for CVE-2026-20251
Vulnerability Analysis
The vulnerability resides in the Splunk Secure Gateway app, which processes data stored in the App Key Value Store (KV Store). The application uses the jsonpickle Python library to deserialize JSON payloads back into Python objects. jsonpickle is designed to reconstruct arbitrary Python objects from JSON, including object types, attributes, and references. When the library deserializes attacker-controlled JSON, it can be coerced into instantiating arbitrary classes and invoking methods on them.
An authenticated user without admin or power privileges can write crafted JSON payloads into the KV Store. When the Secure Gateway app subsequently reads and deserializes that data, the jsonpickle library reconstructs the malicious object graph, triggering code execution within the Splunk process context.
Root Cause
The root cause is improper input validation during deserialization. The jsonpickle library treats class names and constructor arguments inside JSON as trusted data. No allowlist of permitted types is enforced, and no integrity validation is applied to KV Store entries before deserialization. This permits object injection by any user with write access to the relevant KV Store collection.
Attack Vector
The attack is performed over the network against an authenticated Splunk session. The attacker requires only a low-privileged account. The attacker stores a crafted JSON payload referencing Python classes whose constructors or __reduce__ methods execute system commands. When the Splunk Secure Gateway app deserializes the entry, the payload executes with the privileges of the Splunk service account. No user interaction is required.
No public proof-of-concept code has been released. Refer to the Splunk Security Advisory SVD-2026-0601 for vendor technical details.
Detection Methods for CVE-2026-20251
Indicators of Compromise
- Unexpected child processes spawned by Splunk daemons such as splunkd or Python interpreters launched by the Secure Gateway app
- Anomalous writes to KV Store collections owned by the splunk_secure_gateway app from non-administrative accounts
- Outbound network connections initiated by the Splunk process to attacker-controlled hosts
- New files written under Splunk installation directories outside of normal update operations
Detection Strategies
- Monitor Splunk internal audit logs (index=_audit) for KV Store modifications by low-privileged users targeting Secure Gateway collections
- Inspect REST API calls to /servicesNS/.../storage/collections/data/ for payloads containing jsonpickle markers such as py/object, py/reduce, or py/newobj
- Alert on process lineage where splunkd or its Python subprocesses execute shell utilities such as /bin/sh, bash, cmd.exe, or powershell.exe
Monitoring Recommendations
- Enable verbose REST endpoint logging for the Splunk Secure Gateway app and forward to a centralized analytics platform
- Establish a baseline of normal KV Store write patterns and alert on deviations
- Audit Splunk role assignments to identify users with KV Store write capabilities outside of admin and power roles
How to Mitigate CVE-2026-20251
Immediate Actions Required
- Upgrade Splunk Enterprise to 10.2.4, 10.0.7, 9.4.12, 9.3.13, or later fixed releases
- Upgrade the Splunk Secure Gateway app to 3.10.6, 3.9.20, or 3.8.67
- Splunk Cloud Platform customers should confirm the platform has been upgraded to a fixed build by Splunk
- Review and restrict user role capabilities so only trusted accounts can write to KV Store collections
Patch Information
Splunk has released fixed versions for Splunk Enterprise, Splunk Cloud Platform, and the Splunk Secure Gateway app. See the Splunk Security Advisory SVD-2026-0601 for the complete list of fixed builds and upgrade guidance.
Workarounds
- Disable or uninstall the Splunk Secure Gateway app if it is not required in the environment
- Restrict access to KV Store REST endpoints through network segmentation or reverse proxy rules
- Apply the principle of least privilege to Splunk roles, removing KV Store write permissions from non-essential users
# Disable the Splunk Secure Gateway app as a temporary mitigation
$SPLUNK_HOME/bin/splunk disable app splunk_secure_gateway -auth <admin>:<password>
$SPLUNK_HOME/bin/splunk restart
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

