This vulnerability arises from improper input validation in Splunk Enterprise and certain Splunk Cloud Platform versions when processing usernames containing null bytes or non-UTF-8 percent-encoded bytes. A user with the 'edit_user' privilege can create such usernames, causing inconsistent internal username formatting. This inconsistency can lead to account management issues, such as failure to edit or delete these user accounts. The issue affects multiple versions below 10.2.2, 10.0.5, 9.4.10, and 9.3.11 for Splunk Enterprise and corresponding earlier versions of Splunk Cloud Platform. The CVSS 3.1 base score is 6.6, reflecting a medium severity with network attack vector, high privileges required, and high impact on confidentiality, integrity, and availability. No vendor advisory or patch information is currently available to confirm remediation status.

The vulnerability can cause account management inconsistencies in affected Splunk Enterprise and Cloud Platform versions. Specifically, it may prevent administrators with the 'edit_user' capability from editing or deleting user accounts that contain specially crafted usernames with null bytes or invalid Unicode encoding. This could disrupt user management operations and potentially affect system administration workflows. There is no indication of direct remote code execution or data breach from the provided data. No known exploits have been reported in the wild.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, administrators should carefully control and audit users with the 'edit_user' capability to prevent creation of usernames containing null bytes or non-UTF-8 percent-encoded bytes. Avoid creating or accepting usernames with unusual encoding to mitigate the risk of account management inconsistencies.