# CVE-2026-20137

> In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.5, 9.3.7, and 9.2.9, and Splunk Cloud Platform versions below 10.1.2507.0, 10.0.2503.9, 9.3.2411.112, and 9.3.2408.122, a low-privileged user could bypass safeguards through path traversal to view restricted information in the _internal index.

- **CVSS:** 5.7 (MEDIUM)
- **EPSS:** 0.0%
- **CWE:** CWE-200, CWE-22

Canonical: https://intel.threadlinqs.com/cve/CVE-2026-20137
Full threat coverage + IOCs via the Threadlinqs MCP server (Purple tier): https://intel.threadlinqs.com/mcp