CVE-2026-20266
CriticalCVSS 9.1Exploitation Probability (EPSS)
Low risk36th percentile — higher than 36% of all known CVEs
Summary
In Splunk AI Toolkit versions below 5.7.4, a user with the 'admin' role can execute arbitrary OS commands on the host running the Splunk Enterprise instance. The vulnerability is due to an unsafe shell execution pattern in the btool configuration helper.
Risk Assessment
The organization may be exposed to unauthorized execution of OS commands, potentially leading to serious security breaches and data loss.
Recommendation
It is recommended to upgrade to Splunk AI Toolkit version 5.7.4 or later to mitigate this vulnerability.
Original NVD description (English source)
In Splunk AI Toolkit versions below 5.7.4, a user who holds the "admin" Splunk role could execute arbitrary OS commands on the host running the Splunk Enterprise instance. The vulnerability is possible because of an unsafe shell execution pattern in the btool configuration helper, which constructs OS command strings from dynamic parameters without disabling shell interpretation.

