CVE Catalog

CVE-2026-20265

MediumCVSS 4.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.20%

10th percentile — higher than 10% of all known CVEs

Summary

In Splunk AI Toolkit versions below 5.7.4, a low-privileged user that does not hold the 'admin' or 'power' roles could cause the toolkit to make outbound HTTP requests to a server controlled by an attacker, potentially leading to data exfiltration.

Risk Assessment

This vulnerability poses a risk of data leakage as it allows unauthorized users to send requests to malicious servers.

Recommendation

It is recommended to upgrade to Splunk AI Toolkit version 5.7.4 or later and review the allowlist settings to restrict requests to approved external domains.

Original NVD description (English source)

In Splunk AI Toolkit versions below 5.7.4, a low-privileged user that does not hold the "admin" or "power" Splunk roles could cause the Splunk AI Toolkit to make outbound requests over HTTP to a server that an attacker controls, which could allow for data exfiltration. The vulnerability exists because of an insecure default domain allowlist in the Splunk AI Toolkit, which does not restrict outbound AI agent requests to approved external domains.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS