A newly disclosed high-severity vulnerability in Splunk Safe Gateway (SSG) permits low-privileged authenticated customers to realize distant code execution (RCE) on affected techniques, considerably growing the assault floor for enterprise Splunk deployments.
This vulnerability, tracked as CVE-2026-20251, has been assigned a CVSS rating of 8.8. It arises from the unsafe deserialization of user-controlled information utilizing the Python jsonpickle library.
Splunk Safe Gateway RCE Vulnerability
Analysis printed by ReactiveZero Safety reveals that the vulnerability is linked to how SSG processes alert information saved within the KV Retailer, particularly within the “mobile_alerts” assortment.
A low-privileged attacker can inject a specifically crafted JSON doc by way of the Splunk REST API. When SSG processes this information, it passes the malicious payload by means of a flawed validation routine to jsonpickle.decode(), in the end permitting arbitrary code execution below the Splunk service account.
The basis trigger lies in two vital points: a validator bypass and unsafe deserialization. The validation perform, check_alert_data_valid_json(), is designed to dam malicious buildings however incorrectly short-circuits when encountering a permitted key akin to “py/object”.
If this key seems first and matches anticipated prefixes (e.g., spacebridgeapp), the perform instantly returns true with out inspecting different fields. This enables attackers to embed malicious payloads in sibling keys akin to “notification”, which stay unchecked.
As soon as validated, the info is handed to jsonpickle.decode(…, protected=True). Regardless of the protected flag, harmful deserialization paths akin to “py/cut back” stay exploitable. Attackers can leverage this to invoke arbitrary Python features, together with system-level instructions by way of the subprocess module.
A typical exploit chain includes writing a malicious doc to the KV Retailer, triggering SSG to course of the alert, bypassing validation, and executing the payload throughout deserialization. Notably, this assault requires solely a legitimate low-privilege Splunk account and doesn’t depend upon consumer interplay.
Under is a simplified proof-of-concept (PoC) demonstrating the vulnerability utilizing a benign command:
import jsonpickle
import subprocess
payload = {
"py/object": "spacebridgeapp.information.alert_data.Alert",
"notification":
"py/cut back": [
{"py/function": "subprocess.check_output"},
{"py/tuple": [["uname", "-a"]]}
]
}
}
encoded = jsonpickle.encode(payload)
decoded = jsonpickle.decode(encoded, protected=True)
print(decoded)This PoC illustrates how jsonpickle executes subprocess.check_output([“uname”, “-a”]) throughout deserialization, confirming that the protected=True flag doesn’t forestall exploitation of the py/cut back pathway.
The vulnerability impacts a number of variations of Splunk Safe Gateway, together with 3.8.x, 3.9.x, and three.10.x, in addition to Splunk Enterprise variations earlier than the patched releases (10.0.7, 10.2.4, and 10.4.0+). Splunk has addressed the problem in SSG variations 3.8.67, 3.9.20, and three.10.6.
Safety specialists suggest speedy patching as the first remediation. Organizations unable to patch instantly ought to flip off the Safe Gateway app if unused, limit KV Retailer write permissions, and implement strict entry controls.
Moreover, builders are suggested to keep away from deserializing untrusted information utilizing jsonpickle or comparable libraries with out strict schema validation or class allow-listing.
This vulnerability highlights a recurring safety anti-pattern in Python purposes: unsafe deserialization of user-controlled information. Even with protecting flags enabled, incomplete validation logic can render these safeguards ineffective, leading to a full system compromise.
Work together with Cyber Threats in Home windows, Linux, macOS VMs to Set off Full Assault Chain - Analyse Malware & Phishing with ANY RUN
