Splunk Enterprise vulnerabilities: known CVEs & security history
Splunk · SIEM / observability · 201 tracked CVEs · 1 actively exploited · updated June 2026 · what is a CVE? →
This is the full list of known vulnerabilities (CVEs) across all Splunk Enterprise release lines — 201 in total, with 1 actively exploited in the wild. A CVE here doesn't mean your version is affected — check Splunk Enterprise's current status and the safe version to run.
Known Splunk Enterprise CVEs
Actively-exploited and most-severe first. Showing the top 80 of 201. Open any CVE for full details.
| CVE | Severity | CVSS | EPSS | Year |
|---|---|---|---|---|
| CVE-2014-0160⚡ exploited | high | 7.5 | 100% | 2014 |
| CVE-2026-20253 | critical | 9.8 | 2% | 2026 |
| CVE-2017-17067 | critical | 9.8 | 3% | 2017 |
| CVE-2016-10126 | critical | 9.8 | 4% | 2017 |
| CVE-2022-32158 | critical | 9 | 1% | 2022 |
| CVE-2013-6771 | high | 9.3 | 5% | 2014 |
| CVE-2011-4644 | high | 9.3 | 8% | 2012 |
| CVE-2013-7394 | high | 9 | 2% | 2014 |
| CVE-2026-20251 | high | 8.8 | 1% | 2026 |
| CVE-2024-45733 | high | 8.8 | 1% | 2024 |
| CVE-2024-36985 | high | 8.8 | 7% | 2024 |
| CVE-2024-36984 | high | 8.8 | 1% | 2024 |
| CVE-2023-40595 | high | 8.8 | 1% | 2023 |
| CVE-2023-32707 | high | 8.8 | 74% | 2023 |
| CVE-2022-43570 | high | 8.8 | 1% | 2022 |
| CVE-2022-43568 | high | 8.8 | 43% | 2022 |
| CVE-2022-43567 | high | 8.8 | 1% | 2022 |
| CVE-2022-43571 | high | 8.8 | 14% | 2022 |
| CVE-2022-27183 | high | 8.8 | 1% | 2022 |
| CVE-2022-26889 | high | 8.8 | 1% | 2022 |
| CVE-2021-42743 | high | 8.8 | 0% | 2022 |
| CVE-2010-3322 | high | 8.8 | 1% | 2010 |
| CVE-2023-22932 | high | 8.7 | 0% | 2023 |
| CVE-2023-32712 | high | 8.6 | 0% | 2023 |
| CVE-2023-40598 | high | 8.5 | 1% | 2023 |
| CVE-2023-40592 | high | 8.4 | 1% | 2023 |
| CVE-2024-36997 | high | 8.1 | 1% | 2024 |
| CVE-2024-29946 | high | 8.1 | 1% | 2024 |
| CVE-2023-32714 | high | 8.1 | 43% | 2023 |
| CVE-2023-22939 | high | 8.1 | 1% | 2023 |
| CVE-2023-22935 | high | 8.1 | 1% | 2023 |
| CVE-2022-43565 | high | 8.1 | 1% | 2022 |
| CVE-2022-43563 | high | 8.1 | 1% | 2022 |
| CVE-2022-32156 | high | 8.1 | 1% | 2022 |
| CVE-2022-32153 | high | 8.1 | 1% | 2022 |
| CVE-2022-32152 | high | 8.1 | 1% | 2022 |
| CVE-2021-26253 | high | 8.1 | 1% | 2022 |
| CVE-2025-20387 | high | 8 | 0% | 2025 |
| CVE-2025-20386 | high | 8 | 0% | 2025 |
| CVE-2025-20229 | high | 8 | 12% | 2025 |
| CVE-2024-45731 | high | 8 | 1% | 2024 |
| CVE-2024-36983 | high | 8 | 1% | 2024 |
| CVE-2023-46214 | high | 8 | 89% | 2023 |
| CVE-2023-22933 | high | 8 | 1% | 2023 |
| CVE-2022-43569 | high | 8 | 1% | 2022 |
| CVE-2023-40597 | high | 7.8 | 0% | 2023 |
| CVE-2013-6773 | high | 7.8 | 0% | 2020 |
| CVE-2023-32706 | high | 7.7 | 1% | 2023 |
| CVE-2026-20252 | high | 7.6 | 0% | 2026 |
| CVE-2026-20239 | high | 7.5 | 0% | 2026 |
| CVE-2025-20371 | high | 7.5 | 0% | 2025 |
| CVE-2024-36991 | high | 7.5 | 13% | 2024 |
| CVE-2024-36982 | high | 7.5 | 0% | 2024 |
| CVE-2024-23678 | high | 7.5 | 0% | 2024 |
| CVE-2022-43572 | high | 7.5 | 1% | 2022 |
| CVE-2022-32157 | high | 7.5 | 1% | 2022 |
| CVE-2022-32155 | high | 7.5 | 2% | 2022 |
| CVE-2021-31559 | high | 7.5 | 1% | 2022 |
| CVE-2021-3422 | high | 7.5 | 1% | 2022 |
| CVE-2018-7432 | high | 7.5 | 2% | 2018 |
| CVE-2018-7429 | high | 7.5 | 2% | 2018 |
| CVE-2010-2502 | high | 7.5 | 3% | 2010 |
| CVE-2022-37437 | high | 7.4 | 0% | 2022 |
| CVE-2022-32151 | high | 7.4 | 1% | 2022 |
| CVE-2023-22934 | high | 7.3 | 1% | 2023 |
| CVE-2022-43566 | high | 7.3 | 1% | 2022 |
| CVE-2026-20163 | high | 7.2 | 0% | 2026 |
| CVE-2024-29945 | high | 7.2 | 1% | 2024 |
| CVE-2023-32708 | high | 7.2 | 1% | 2023 |
| CVE-2026-20258 | high | 7.1 | 0% | 2026 |
| CVE-2026-20204 | high | 7.1 | 3% | 2026 |
| CVE-2025-20231 | high | 7.1 | 0% | 2025 |
| CVE-2024-45732 | high | 7.1 | 0% | 2024 |
| CVE-2024-36989 | high | 7.1 | 0% | 2024 |
| CVE-2023-40596 | high | 7 | 0% | 2023 |
| CVE-2017-18348 | high | 7 | 0% | 2018 |
| CVE-2026-20144 | medium | 6.8 | 0% | 2026 |
| CVE-2026-20142 | medium | 6.8 | 0% | 2026 |
| CVE-2026-20138 | medium | 6.8 | 0% | 2026 |
| CVE-2025-20319 | medium | 6.8 | 0% | 2025 |
121 older / lower-severity CVEs not shown — see Splunk Enterprise's full record.
Is my Splunk Enterprise version affected?
The list above spans every release. To know whether your version is affected — and the minimum safe version to upgrade to — check it directly.
Check your Splunk Enterprise version → · Monitor Splunk Enterprise for new CVEs →
Splunk Enterprise vulnerabilities — frequently asked
How many known vulnerabilities does Splunk Enterprise have?
IsItPatched tracks 201 CVEs for Splunk Enterprise, 1 of which is actively exploited (CISA KEV). 4 are critical-severity and 72 high-severity. These span every release line — what matters is whether the version you run is affected.
Does Splunk Enterprise have any actively-exploited vulnerabilities?
Yes — 1 Splunk Enterprise CVE is in CISA's Known Exploited Vulnerabilities catalog, meaning it is confirmed exploited in the wild. Patch it as a priority.
What is the most severe Splunk Enterprise vulnerability?
Among tracked issues, CVE-2014-0160 (HIGH, CVSS 7.5), which is actively exploited, ranks highest — a Out-of-bounds read weakness.
Is Splunk Enterprise safe to use?
It depends on the version. The latest supported Splunk Enterprise release clears the known issues; older versions may still be affected. Check the exact version you run for a verdict.
CVE data aggregated from NVD, CISA KEV and EPSS (FIRST.org). Related: Splunk Enterprise security status · Splunk Enterprise end-of-life · actively-exploited CVEs. Always verify against Splunk's advisories — see our disclaimer.