CVE-2022-26889

The lack of sanitization in a relative url path in a search parameter allows for arbitrary injection of external content in Splunk Enterprise versions before 8.1.2.

Date published : 2022-05-06

https://research.splunk.com/application/path_traversal_spl_injection/

https://www.splunk.com/en_us/product-security/announcements/svd-2022-0506.html