Splunk is a cornerstone of many security and operations teams, trusted to ingest, index, and analyze machine data across the enterprise. That trust makes any vulnerability in Splunk especially consequential. In February 2026 Splunk disclosed a high-severity Windows-specific vulnerability (CVE-2026-20140) that allows a low-privileged local user to perform a DLL search-order hijacking attack and gain SYSTEM-level privileges. The mechanics are