What is GHSA-7mj7-jqh4-hc7f?

GHSA-7mj7-jqh4-hc7f is a security advisory published by GitHub Security Advisories with High severity. In Splunk Enterprise versions below 10.2.2 and 10.0.5, and Splunk Cloud Platform versions below...

Which CVE IDs does GHSA-7mj7-jqh4-hc7f cover?

GHSA-7mj7-jqh4-hc7f covers the following CVE IDs: CVE-2026-20239. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-7mj7-jqh4-hc7f?

GHSA-7mj7-jqh4-hc7f has a CVSS v3 base score of 7.5, published by GitHub Security Advisories.

GHSA-7mj7-jqh4-hc7fHighCVSS 7.5

In Splunk Enterprise versions below 10.2.2 and 10.0.5, and Splunk Cloud Platform versions below...

Vendor

GitHub Security Advisories

Published

May 20, 2026

Last Modified

May 20, 2026

🔗 CVE IDs covered (1)

CVE-2026-20239 →

📋 Description

In Splunk Enterprise versions below 10.2.2 and 10.0.5, and Splunk Cloud Platform versions below 10.3.2512.8, 10.2.2510.11, 10.1.2507.21, and 10.0.2503.13, a user with a role that has access to the `_internal` index could view session cookies and response bodies that contain sensitive data.

🔗 References (3)

https://nvd.nist.gov/vuln/detail/CVE-2026-20239
https://advisory.splunk.com/advisories/SVD-2026-0503
https://github.com/advisories/GHSA-7mj7-jqh4-hc7f