CVE-2026-20239

Daily digests

If a Splunk user has a role with access to the _internal index, they can view session cookies and response bodies containing sensitive data. This is an information disclosure bug that requires an authenticated user with specific index permissions, so it's not open to the internet. That said, stolen session cookies can lead to session hijacking and lateral movement inside Splunk.

• Daily Digest · May 21, 2026

  Cisco Secure Workload CVSS 10, no auth needed