This vulnerability affects Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform versions below specified builds. A low-privileged user without admin or power roles and without the accelerate_datamodel capability can improperly toggle Data Model Acceleration because access control restrictions are not correctly enforced. The CVSS 3.1 base score is 4.3, reflecting a network attack vector with low complexity and low privileges required, causing integrity impact only.

The vulnerability allows unauthorized modification of Data Model Acceleration settings by low-privileged users, potentially impacting the integrity of data processing configurations. There is no impact on confidentiality or availability. No known exploits are reported in the wild.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since this affects specific versions below certain releases, upgrading to the fixed versions listed by Splunk when available is recommended. Until then, restrict write permissions on apps to trusted users and review role assignments to minimize exposure.