Splunk Enterprise ↗

Splunk · SIEM / observability

Track your version:Monitors Splunk Enterprise and tailors your dashboard to that exact version.

all versions0/100 Critical · exploited

Summary iPlain-English security verdict for Splunk Enterprise, generated from its current health score, actively-exploited vulnerabilities, and latest supported version.

Splunk Enterprise currently scores 0/100 — critical, with active exploitation. 1 of its known vulnerability is being actively exploited in the wild (CISA KEV), including CVE-2014-0160. Upgrade immediately and review your exposure to the actively-exploited CVEs below.

Disclosure trend iNew CVEs published for Splunk Enterprise each year (NVD). A higher bar means more disclosures that year — more scrutiny, not necessarily less safe.

'19

'20

'21

'22

'23

'24

'25

'26

Patch priority — what to act on iThe issues to fix first — actively exploited (CISA KEV) first, then by exploitation probability (EPSS), then severity. Each row's "→ fixed in" is the earliest version that patches it; "see advisory" means no fixed version is published.

Most urgent first — actively exploited, then likeliest to be exploited.

CVE-2014-0160 HIGH exploited Out-of-bounds read EPSS 100% → fixed in 6.0.3 CVE-2018-11409 MEDIUM Information disclosure EPSS 96% → see advisory CVE-2023-46214 HIGH CWE-91 EPSS 89% → fixed in 9.1.2 CVE-2023-32707 HIGH CWE-285 EPSS 74% → fixed in 9.0.2303.100 CVE-2023-32714 HIGH CWE-35 EPSS 43% → fixed in 9.0.5 CVE-2022-43568 HIGH Cross-site scripting (XSS) EPSS 43% → fixed in 9.0.2205 CVE-2016-10126 CRITICAL CWE-264 EPSS 4% → see advisory CVE-2017-17067 CRITICAL Incorrect authorization EPSS 3% → fixed in 7.0.0.1 CVE-2026-20253 CRITICAL Missing authentication EPSS 2% → fixed in 10.2.4 CVE-2022-32158 CRITICAL Improper access control EPSS 1% → fixed in 9.0

See all 201 known Splunk Enterprise CVEs & security history →

Get alerted about Splunk Enterprise

Be emailed the moment Splunk Enterprise gets a newly exploited vulnerability (CISA KEV) or a release reaches end of life. Free · double opt-in · unsubscribe anytime.

We email only on real events for Splunk Enterprise — no marketing, no sharing, and we never know what you run. Track your whole stack →

Frequently asked

Is Splunk Enterprise safe and patched?

What should I do about Splunk Enterprise now?

Review the patch-priority list, apply the available fixes (or move to the latest release), and confirm against Splunk's official advisory. Some issues are under active exploitation, so treat this as urgent.

lifecycle unknown — needs latest supported version

Latest security news for Splunk Enterprise BETA

Attributed third-party reporting linked to Splunk Enterprise — newest first. We surface and link the source; we don’t assert our own findings. About Emerging →

Reported Critical Splunk Enterprise Flaw Lets Attackers Run Code Without AuthenticationThe Hacker News · 13 Jun 2026 · CVE-2026-20253 · high confidence Reported SVD-2026-0610: Third-Party Package Updates in Splunk Enterprise - June 2026Splunk · 10 Jun 2026 · medium confidence Reported SVD-2026-0609: Improper Access Control in Splunk EnterpriseSplunk · 10 Jun 2026 · medium confidence Reported SVD-2026-0608: Stored Cross-Site Scripting (XSS) through Classic Dashboard in Splunk EnterpriseSplunk · 10 Jun 2026 · medium confidence Reported SVD-2026-0607: Improper Input Validation through Classic Dashboard CSS in Splunk EnterpriseSplunk · 10 Jun 2026 · medium confidence

More across all tracked software on the Emerging feed →

Informational only, from public data (NVD · CISA KEV · EPSS · endoflife.date), and can lag or miss vendor-specific fixes. Always confirm against Splunk's official advisory before you patch or upgrade — Splunk Enterprise official site ↗