Skip to main content

Splunk Mcp Server EUVDEUVD-2026-22935

| CVE-2026-20205 HIGH
Insertion of Sensitive Information into Log File (CWE-532)
2026-04-15 cisco GHSA-6qfc-m9fp-c5rm
7.2
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.2 HIGH
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Patch released
Apr 17, 2026 - 15:09 nvd
Patch available
Patch available
Apr 16, 2026 - 05:29 EUVD
1.0.3
EUVD ID Assigned
Apr 15, 2026 - 15:30 euvd
EUVD-2026-22935
CVE Published
Apr 15, 2026 - 15:17 nvd
HIGH 7.2

DescriptionCVE.org

In Splunk MCP Server app versions below 1.0.3 , a user who holds a role with access to the Splunk _internal index or possesses the high-privilege capability mcp_tool_admin could view users session and authorization tokens in clear text.<br><br>The vulnerability would require either local access to the log files or administrative access to internal indexes, which by default only the admin role receives. <br><br>Review roles and capabilities on your instance and restrict internal index access to administrator-level roles. See Define roles on the Splunk platform with capabilities and Connecting to MCP Server and Admin settings in the Splunk documentation for more information.

Analysis

In Splunk MCP Server app versions below 1.0.3 , a user who holds a role with access to the Splunk _internal index or possesses the high-privilege capability mcp_tool_admin could view users session and authorization tokens in clear text.<br><br>The vulnerability would require either local access to the log files or administrative access to internal indexes, which by default only the admin role receives. <br><br>Review roles and capabilities on your instance and restrict internal index access to administrator-level roles. See Define roles on the Splunk platform with capabilities and Connecting to MCP Server and Admin settings in the Splunk documentation for more information.

Share

EUVD-2026-22935 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy