What is the official website of Splunk ?

The official website of Splunk is http://www.splunk.com.

What is Splunk's cybersecurity risk score?

Splunk has an AI-generated cybersecurity risk score of 774 out of 1000, indicating a Fair security posture according to Rankiteo's assessment.

How many security incidents has Splunk experienced?

According to Rankiteo, Splunk currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.

Has Splunk been affected by any supply chain cyber incidents ?

According to Rankiteo, Splunk has been affected by multiple supply chain cyber incidents. The affected supply chain sources and their corresponding incident IDs are: Oracle (Incident ID: ORA1780418023) Splunk (Incident ID: SPLCIS1781519269)

Does Splunk have SOC 2 Type 1 certification ?

According to Rankiteo, Splunk is not certified under SOC 2 Type 1.

Does Splunk have SOC 2 Type 2 certification ?

According to Rankiteo, Splunk does not hold a SOC 2 Type 2 certification.

Does Splunk comply with GDPR ?

According to Rankiteo, Splunk is not listed as GDPR compliant.

Does Splunk have PCI DSS certification ?

According to Rankiteo, Splunk does not currently maintain PCI DSS compliance.

Does Splunk comply with HIPAA ?

According to Rankiteo, Splunk is not compliant with HIPAA regulations.

Does Splunk have ISO 27001 certification ?

According to Rankiteo,Splunk is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.

Which industry does Splunk operate in ?

Splunk operates primarily in the Software Development industry.

How many employees does Splunk have ?

Splunk employs approximately 9,686 people worldwide.

Does Splunk own any subsidiaries ?

Splunk presently has no subsidiaries across any sectors.

How many LinkedIn followers does Splunk have ?

Splunk's official LinkedIn profile has approximately 772,636 followers.

What is the NAICS classification code for Splunk ?

Splunk is classified under the NAICS code 5112, which corresponds to Software Publishers.

Does Splunk have a Crunchbase profile ?

Yes, Splunk has an official profile on Crunchbase, which can be accessed here: https://www.crunchbase.com/organization/splunk.

Does Splunk have a LinkedIn profile ?

Yes, Splunk maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/splunk.

How many cybersecurity incidents has Splunk experienced ?

As of June 16, 2026, Rankiteo reports that Splunk has experienced 6 cybersecurity incidents.

How many peer or competitor companies does Splunk have ?

Splunk has an estimated 30,082 peer or competitor companies worldwide.

What types of cybersecurity incidents has Splunk faced ?

Incident Types: The types of cybersecurity incidents that have occurred include Vulnerability.

NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop

WindowsmacOSLinux

Download

Badge your company to reduce your risk score and your cyber insurance costs!

Link verified badges to your company page to build trust with insurers and customers.

Apply now and get your badge!

Internal validation & live display

Insurers and partners see a safer profile

Faster underwriting decisions

Trusted by insurers. Chosen by leaders.

Proud contributor to the Society of Actuaries.

Splunk

Boost Score +25 with badge (5 left)

774

/1000

Fair

799

/1000

Fair

Splunk Vendor Cyber Rating & Cyber Score

splunk.com

cb in

Add Your Compliance Badge

Splunk is helping to build a safer and more resilient digital world by equipping customers with the unified security and observability platform they need to keep their organization securely up and running — no matter what digital disruptions come their way.

Splunk A.I CyberSecurity Scoring

Scoring History

Splunk

Splunk CyberSecurity News & History

Past Incidents

Attack Types

Entity

Type

Severity

Impact

Seen

Blog Details

Supply Chain Source

Incident Details

View

Splunk

Vulnerability

100

6/2026

Oracle

ORA1780418023

Splunk

Vulnerability

100

6/2026

Splunk

SPLCIS178151926...

Splunk

Vulnerability

4/2026

SPL1776320620

Splunk

Vulnerability

3/2026

SPL1773304071

Splunk

Vulnerability

6/2025

SPOMITSPL176777...

Splunk

Vulnerability

100

3/2025

SPL355032725

Loading…

A.I.

Splunk Company Scoring based on AI Models

Cyber Incidents Likelihood 3 - 6 - 9 months

Actual

Prediction

Incident Predictions locked

Access Monitoring Plan

A.I Risk Score Likelihood 3 - 6 - 9 months

Actual

Prediction A

Prediction B

Prediction C

Prediction D

A.I. Risk Score Predictions locked

Access Monitoring Plan

Loading…

Underwriter Stats for Splunk

Incidents vs Software Development Industry Avg (This Year)

Splunk has 280.95% more incidents than the average of same-industry companies with at least one recorded incident.

Incidents vs All-Companies Average (This Year)

Splunk has 273.83% more incidents than the average of all companies with at least one recorded incident.

Incident Types Splunk vs Software Development Industry Avg (This Year)

Splunk reported 4 incidents this year: 0 cyber attacks, 0 ransomware, 4 vulnerabilities, 0 data breaches, compared to industry peers with at least 1 incident.

Incident History - Splunk (X = Date, Y = Severity)

Loading…

SUBSIDIARY

Splunk Subsidiaries

Splunk

Software Development

Website: http://www.splunk.com

Company Size: 5,001-10,000 employees

Splunk Training and CertificationSoftware Development

.conf25Software Development

Loading…

Splunk Similar Companies

KPIT

kpit.com

About KPIT KPIT is reimagining the future of mobility, forging ahead with group companies and partners to shape a world that is cleaner, smarter, and safer. With over 25 years of specialized expertise in Mobility, KPIT is accelerating the transformation towards Software and AI-Defined Vehicles through its advanced solutions, platforms, and products—propelled by mobility-infused AI frameworks, software craftsmanship, and systems integration mastery. Vision in Motion Fueled by 2000+ vehicle production programs and powering 20+ million vehicles on the road with KPIT software, our experience in unmatched. At the same time, we push boundaries, developing solutions that enable Mobility OEMs to innovate at speed and scale. For more details, visit www.kpit.com

Canva

canva.com

We're a global online visual communications platform on a mission to empower the world to design. Featuring a simple drag-and-drop user interface and a vast range of templates ranging from presentations, documents, websites, social media graphics, posters, apparel to videos, plus a huge library of fonts, stock photography, illustrations, video footage, and audio clips, anyone can take an idea and create something beautiful on Canva on any device, from anywhere in the world. Since our launch in 2013, we’ve had the crazy big goal of making design accessible to everyone. We were founded on the belief that people shouldn't need to understand complex software to unlock their creativity. We’re leveling the playing field and democratizing access to design and visual communication by empowering 100% of the world to communicate in a way that was once limited to the 1%. We've always had a deeper mission surrounding Canva — which we talk about as our 'simple' two-step plan: to build one of the world’s most valuable companies, and to do the most good we possibly can. We're committed to our core value of Being a Force for Good, so as the value of our company grows, so too does our ability to have a positive impact on the world.

IGT

IGT.com

IGT is a leading global provider of gaming, digital and financial technology solutions, formed through the combination of International Game Technology PLC’s Gaming & Digital Business and Everi Holdings Inc. IGT’s offering spans gaming machines, game content and systems, iGaming, sports betting, cash access, loyalty and player engagement solutions, enabling it to deliver integrated, customer-centric experiences across land-based and digital environments. Organized into Gaming, Digital and FinTech business units, IGT drives innovation, efficiency and value for casino, digital and hospitality operators worldwide. The company is headquartered in Las Vegas.

Synopsys Inc

cb synopsys.com

Synopsys is the leader in engineering solutions from silicon to systems, enabling customers to rapidly innovate AI-powered products. We deliver industry-leading silicon design, IP, simulation and analysis solutions, and design services. We partner closely with our customers across a wide range of industries to maximize their R&D capability and productivity, powering innovation today that ignites the ingenuity of tomorrow.

ByteDance

bytedance.com

ByteDance is a global incubator of platforms at the cutting edge of commerce, content, entertainment and enterprise services - over 2.5bn people interact with ByteDance products including TikTok. Creation is the core of ByteDance's purpose. Our products are built to help imaginations thrive. This is doubly true of the teams that make our innovations possible. Together, we inspire creativity and enrich life - a mission we aim towards achieving every day. At ByteDance, we create together and grow together. That's how we drive impact - for ourselves, our company, and the users we serve. We are committed to building a safe, healthy and positive online environment for all our users. We have over 110,000 employees based in more than 30 countries globally. Join us.

Juniper Networks

juniper.net

Juniper Networks is leading the revolution in networking, making it one of the most exciting technology companies in Silicon Valley today. Since being founded by Pradeep Sindhu, Dennis Ferguson, and Bjorn Liencres nearly 20 years ago, Juniper’s sole mission has been to create innovative products and solutions that meet the growing demands of the connected world. Juniper Networks is headquartered in Sunnyvale, California, with over 9,000 employees in 50 countries and nearly $5 billion in revenue. Our customers include the top 100 global service providers and 30,000 enterprises, including the Global Fortune 100 as well as hundreds of federal, state and local government agencies and higher educational organizations. At Juniper Networks, we believe the network is the single greatest vehicle for knowledge, understanding, and human advancement that the world has ever known. Now more than ever, the world needs network innovation to connect ideas and unleash our full potential. Juniper is taking a new approach to the network — one that is intelligent, agile, secure and open to any vendor and any network environment. To learn more about Juniper, our products, and our vision for the decade ahead, visit our site at https://www.juniper.net. Acquired by Hewlett Packard Enterprise in 2025.

Siemens Digital Industries Software

siemens.com

We help organizations of all sizes digitally transform using software, hardware and services from the Siemens Xcelerator business platform. Our software and the comprehensive digital twin enable companies to optimize their design, engineering and manufacturing processes to turn today's ideas into the sustainable products of the future. From chips to entire systems, from product to process, across all industries. We help transform the everyday as part of @Siemens, To learn more, visit http://sw.siemens.com.

Workday

workday.com

Workday is a leading provider of enterprise cloud applications for finance and human resources, helping customers adapt and thrive in a changing world. Workday applications for financial management, human resources, planning, spend management, and analytics are built with artificial intelligence and machine learning at the core to help organizations around the world embrace the future of work. Workday is used by more than 10,000 organizations around the world and across industries – from medium-sized businesses to more than 50% of the Fortune 500.

Daraz

cb daraz.com

Founded in 2015, Daraz is the leading e-commerce platform in South Asia with operations in Pakistan, Bangladesh, Sri Lanka, Nepal, and Myanmar. It provides sellers and consumers with cutting-edge marketplace technology, targeting a rapidly growing region of over 500 million people. By building an integrated infrastructure covering e-commerce, logistics, payment and financial services, the company aims to deliver an immersive, personalized shopping experience and uplift South Asian communities through the power of commerce. Daraz has consistently invested in building an e-commerce ecosystem in South Asia through advancements in technology, logistics and digital payments. As digital penetration and consumer awareness have surged, the region is now ready for a transformative leap. Leveraging new-age advancements such as AI, Daraz is poised to further enhance the platform’s efficiency to enable a seamless experience for its consumers and sellers. Visit https://www.daraz.com/ to learn more.

Loading…

NEWS

Splunk CyberSecurity News

Latest updates, reports, and threat intel affecting the global network.

March 10, 2026 09:33 AM

Security Analytics Market to Reach US$ 15.42 Billion by 2033

Press release - DataM Intelligence 4Market Research LLP - Security Analytics Market to Reach US$ 15.42 Billion by 2033 Growing at 10.3% CAGR...

Read Article

March 04, 2026 10:28 PM

Former Splunk CEO: The Cybersecurity Industry’s $119 Billion Record Year Is Masking a Structural Crisis

Aviatrix CEO Doug Merritt to challenge conventional wisdom at Momentum Cyber's AIxCYBER event in Austin.

Read Article

February 26, 2026 08:00 AM

Splunk’s Paul Kurtz highlights urgency around AI-driven security strategies

Paul Kurtz, Chief Cybersecurity Advisor for Splunk, discussed the evolving challenges in cybersecurity, particularly the impact of AI on...

Read Article

February 20, 2026 08:00 AM

Splunk Enterprise for Windows Vulnerability Let Attackers Hijack DLLs and Gain SYSTEM Access

Splunk Enterprise for Windows Vulnerability Let Attackers Hijack DLLs and Gain SYSTEM Access ... Splunk has disclosed a high-severity...

Read Article

February 20, 2026 07:10 AM

Splunk Enterprise for Windows Vulnerability Allows DLL Hijacking and SYSTEM Access

A serious security flaw in Splunk Enterprise for Windows exposes organizations to local privilege escalation attacks through DLL search-order hijacking.

Read Article

February 09, 2026 08:00 AM

Integrating With Cisco XDR at Black Hat Europe

Cisco XDR's open platform powered the Black Hat Europe NOC. Explore our integrations with Corelight, Palo Alto Networks, and Splunk for...

Read Article

February 05, 2026 07:06 PM

John Morgan

John Morgan is Senior Vice President and General Manager of Splunk Security. In this role, he leads the strategy and innovation for Splunk's security...

Read Article

January 20, 2026 08:00 AM

CRWD vs. CSCO: Which Cybersecurity Stock Has an Edge Right Now?

CrowdStrike CRWD and Cisco Systems CSCO are well-known players in the cybersecurity domain. While CrowdStrike specializes in endpoint...

Read Article

January 06, 2026 08:00 AM

10 Prominent Cybersecurity Acquisitions of 2026

Cybersecurity market is set to grow from $153.6bn to $424.9bn. While mergers and cybersecurity acquisitions (M&A) are significantly...

Read Article

Loading…

CVE

Latest

Global CVEs (Not Company-Specific)

CVE-2026-53430

SUMMARY

Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in elixir-grpc grpc (GRPC.Compressor.Gzip, GRPC.Message modules) allows a denial of service via a gzip decompression bomb. This vulnerability is associated with program files lib/grpc/compressor/gzip.ex, lib/grpc/message.ex and program routines 'Elixir.GRPC.Compressor.Gzip':decompress/1, 'Elixir.GRPC.Message':from_data/2. 'Elixir.GRPC.Compressor.Gzip':decompress/1 calls :zlib.gunzip/1 directly on attacker-controlled bytes with no decompressed-size limit, ratio check, or incremental decoding. Because this module is the registered gzip GRPC.Compressor implementation, it is invoked automatically whenever an incoming gRPC frame carries the grpc-encoding: gzip header. :zlib.gunzip/1 allocates the entire decompressed result as a single binary, so a small highly compressible payload (for example a few kilobytes of zeros, which gzip compresses at roughly 1000:1) expands to multiple gigabytes inside a single call. The max_receive_message_length limit is enforced only against the already-decompressed message, so it provides no protection. An unauthenticated remote peer can send a single crafted frame to exhaust the BEAM node's heap and trigger an out-of-memory kill. This issue affects grpc: from 0.4.0 before 1.0.0.

Published

Date2026-06-15

Updated

Date2026-06-15

RISK INFORMATION (Score: )

cvss4

Base Score: 8.7

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

Exploitability

REFERENCES

CVE-2026-48854

SUMMARY

Allocation of Resources Without Limits or Throttling vulnerability in elixir-grpc grpc allows unauthenticated attackers to exhaust the BEAM's memory and crash the server by streaming a large or slow-trickle unary request body. 'Elixir.GRPC.Server.Adapters.Cowboy.Handler':read_full_body/3 (lib/grpc/server/adapters/cowboy/handler.ex) accumulates every received chunk into a single growing binary with no size cap. Additionally, when the client omits the grpc-timeout header, the per-chunk read timeout resolves to :infinity, allowing a slow-trickle client to keep the connection alive indefinitely while memory grows. A single connection is sufficient to exhaust server memory and crash the node. This issue affects grpc from 0.3.1 before 1.0.0.

Published

Date2026-06-15

Updated

Date2026-06-15

RISK INFORMATION (Score: )

cvss4

Base Score: 8.7

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

Exploitability

REFERENCES

CVE-2026-48853

SUMMARY

Deserialization of Untrusted Data and Allocation of Resources Without Limits or Throttling vulnerabilities in elixir-grpc grpc allow unauthenticated attackers to crash the BEAM node via atom table exhaustion and, when a decoded term flows into a call site that invokes it, achieve remote code execution on the server. 'Elixir.GRPC.Codec.Erlpack':decode/2 (lib/grpc/codec/erlpack.ex) calls :erlang.binary_to_term/1 on the raw gRPC message body without the :safe option, no size bound, and no type guard. Any unauthenticated peer that sends a request with Content-Type: application/grpc+erlpack can send a crafted payload that mints arbitrary new atoms (which are never garbage-collected, exhausting the bounded atom table and crashing the VM) or that encodes a fun term which, if applied anywhere downstream, executes attacker-controlled code inside the server process. This issue affects grpc from 0.4.0 before 1.0.0.

Published

Date2026-06-15

Updated

Date2026-06-15

RISK INFORMATION (Score: )

cvss4

Base Score: 9.2

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

Exploitability

REFERENCES

CVE-2026-48723

SUMMARY

The browserstack-cypress-cli is BrowserStack's CLI which allows users to run Cypress tests on BrowserStack. Versions prior to 1.36.4 are vulnerable to OS command injection via the cypress_config_file configuration parameter. In readCypressConfigUtil.js, the loadJsFile() function constructs a shell command by interpolating the user-controlled cypress_config_filepath value into a template literal, then executes it via child_process.execSync(). Shell metacharacters in the config path (specifically " and ;) allow breaking out of the quoted argument and injecting arbitrary commands. This issue has been fixed in version 1.36.6.

Published

Date2026-06-15

Updated

Date2026-06-15

RISK INFORMATION (Score: 7.8)

cvss3

Base Score: 7.8

Complexity: LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Impact Score

5.9

Exploitability

1.8

REFERENCES

CVE-2026-48599

SUMMARY

Authorization Bypass Through User-Controlled Key vulnerability in elixir-grpc grpc allows authenticated attackers to access or modify resources belonging to other users by smuggling a conflicting value for any path-bound field via the query string or request body. In 'Elixir.GRPC.Server.Transcode':map_request/5 (lib/grpc/server/transcode.ex), all three clauses use Map.merge/2 with path bindings as the first argument, giving them the lowest merge precedence. A request such as GET /users/me/profile?user_id=victim (or a POST with {"user_id": "victim"} when body: "*") yields a decoded protobuf struct where the path-bound field carries the attacker-supplied value rather than the router-extracted value. Any handler that uses the path-bound field for authorization, multi-tenancy scoping, or ownership checks is silently bypassed. This issue affects grpc from 0.8.0 before 1.0.0.

Published

Date2026-06-15

Updated

Date2026-06-15

RISK INFORMATION (Score: )

cvss4

Base Score: 7.6

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

Exploitability

REFERENCES

Loading…

API

Access Data Using Our API

Get company history

curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?
linkedin_id=axa' -H 'apikey: YOUR_API_KEY_HERE'

Try It API Documentation Rapid

MEASURE

What Do We Measure ?

Incident

Finding

Grade

Digital Assets

Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.

These are some of the factors we use to calculate the overall score:

Network SecurityIdentify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.

SBOM (Software Bill of Materials)Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.

CMDB (Configuration Management Database)Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.

Threat IntelligenceLeverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.

Rankiteo

By Rankiteo

★ ★ ★ ★ ★

View on G2.com

Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.

View latest plans →View all security reports →

MILESTONEG

Users
Love Us

Loading…