All Topics
All Topics
Technology
Technology
Design
Design
Programming
Programming
Science
Science
News
News
Gaming
Gaming
Entertainment
Entertainment
Business
Business
Finance
Finance
Sports
Sports
Health
Health
Food
Food
Travel
Travel
Art
Art
Music
Music
Books
Books
Education
Education
Politics
Politics
Personal
Personal
No algorithm. No AI slop. No ads. Just RSS. Pro-human. Indie writers. Real journalism. Open web. Chronological. Hand toasted.

Critical RCE Vulnerability (CVE-2026-20251) Found in Splunk Products via Unsafe Deserialization

1d ago· 2 min readenNews
Bagel score 70 of 100
70/100
Toasty
Bagelometer

Right out the toaster. Reliable, with some real depth.

Score70TypenewsSentimentvery negative

Summary

A critical security vulnerability (CVE-2026-20251) has been disclosed affecting multiple versions of Splunk Enterprise, Splunk Cloud Platform, and Splunk Secure Gateway. The vulnerability allows low-privileged users (without 'admin' or 'power' roles) to perform Remote Code Execution (RCE) through unsafe deserialization of App Key Value Store (KV Store) data via the 'jsonpickle' Python library, which reconstructs arbitrary Python objects from specially crafted JSON without adequate validation. Affected versions include Splunk Enterprise below 10.2.4, 10.0.7, 9.4.12, and 9.3.13; Splunk Cloud Platform below 10.3.2512.12, 10.2.2510.14, 10.1.2507.22, and 9.3.2411.132; and Splunk Secure Gateway below 3.10.6, 3.9.20, and 3.8.67.

Key quotes

· 3 pulled
a low-privileged user that does not hold the 'admin' or 'power' Splunk roles could perform a Remote Code Execution (RCE) through the Splunk Secure Gateway app
The Remote Code Execution is possible because of unsafe deserialization of App Key Value Store (KV Store) data through the 'jsonpickle' Python library
which reconstructs arbitrary Python objects from specially crafted JavaScript Object Notation (JSON) without adequate validation
Snippet from the RSS feed
In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, Splunk Cloud Platform versions below 10.3.2512.12, 10.2.2510.14, 10.1.2507.22, and 9.3.2411.132, and Splunk Secure Gateway versions below 3.10.6, 3.9.20, and 3.8.67, a low-privileged

You might also wanna read

Critical React Vulnerability (CVE-2025-55182) Enables Remote Code Execution in React 19 and Next.js

A critical security vulnerability (CVE-2025-55182) has been discovered in React Server Components' 'Flight' protocol, affecting React 19 and

wiz.io·6mo ago

Critical RCE Vulnerability in React Server Components Affects React 19.x and Next.js 15.x/16.x

A critical security vulnerability (CVE-2025-5518) affects React packages versions 19.0.0-19.2.0 and Next.js 15.x/16.x using App Router, allo

github.com·6mo ago

Critical Security Vulnerability CVE-2025-66478 in React Server Components Protocol

A critical security vulnerability (CVE-2025-66478) has been discovered in the React Server Components (RSC) protocol with a CVSS score of 10

nextjs.org·6mo ago

React2Shell Vulnerability: Critical RCE Bug in React Server Components Flight Protocol

The article discusses React2Shell (CVE-2025-55182), a critical remote code execution vulnerability in React Server Components' Flight protoc

elenacross7.medium.com·6mo ago

Critical Redis Security Vulnerability CVE-2025-49844 Allows Remote Code Execution

Redis has identified and fixed a critical security vulnerability (CVE-2025-49844) that allows authenticated users to execute remote code thr

redis.io·8mo ago

Critical RCE Vulnerability in OpenClaw AI Assistant (CVE-2026-25253) Allows Data and Key Theft

A technical security analysis reveals a critical remote code execution (RCE) vulnerability (CVE-2026-25253) in OpenClaw, a popular open-sour

depthfirst.com·4mo ago