Skip to main content

Splunk MCP Integration EUVDEUVD-2026-26706

| CVE-2026-7589 MEDIUM
Path Traversal (CWE-22)
2026-05-01 VulDB
5.5
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

6
PoC Detected
May 01, 2026 - 20:21 vuln.today
Public exploit code
Analysis Generated
May 01, 2026 - 19:30 vuln.today
CVSS changed
May 01, 2026 - 19:22 NVD
5.3 (MEDIUM) 5.5 (MEDIUM)
EUVD ID Assigned
May 01, 2026 - 19:00 euvd
EUVD-2026-26706
Analysis Generated
May 01, 2026 - 19:00 vuln.today
CVE Published
May 01, 2026 - 18:30 nvd
MEDIUM 5.5

DescriptionCVE.org

A vulnerability was determined in ghantakiran splunk-mcp-integration up to 0b86b09d5e5adf0433acd43c975951224613a1a6. Impacted is the function create_csv_export of the file services/csv-export-service/app/api/v1/endpoints/csv_export.py of the component CSV Export. This manipulation of the argument job_name causes path traversal. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The project was informed of the problem early through an issue report but has not responded yet.

AnalysisAI

Path traversal in the CSV Export endpoint of ghantakiran's splunk-mcp-integration allows remote unauthenticated attackers to access arbitrary files on the server by manipulating the job_name parameter in the create_csv_export function. The vulnerability affects all versions up to commit 0b86b09d5e5adf0433acd43c975951224613a1a6, with publicly available exploit code disclosed via GitHub issue; no vendor patch has been released despite early notification.

Technical ContextAI

The vulnerability exists in the CSV Export component (csv_export.py) where the create_csv_export function in the v1 API endpoint fails to sanitize the job_name argument before using it in file path operations. This classic CWE-22 path traversal flaw allows attackers to inject directory traversal sequences (such as ../) to navigate outside the intended directory and access sensitive files. The affected product is a Splunk integration tool written in Python using a rolling-release continuous delivery model, meaning specific version numbers are not tracked; instead, a Git commit hash (0b86b09d5e5adf0433acd43c975951224613a1a6) marks the last known vulnerable state.

RemediationAI

No vendor-released patch is currently available; the project maintainer has not responded to the early notification despite the public disclosure. Immediate mitigation requires either removing the splunk-mcp-integration tool from production use or implementing network-layer compensating controls: restrict HTTP/HTTPS access to the CSV Export endpoint (/api/v1/endpoints/csv_export) by IP whitelist, limiting access to trusted internal administrative networks only; disable the CSV Export feature entirely if not actively used by blocking requests to the /csv_export path prefix; implement rate limiting and request validation at a reverse proxy (nginx, Apache) to reject job_name parameters containing path traversal sequences (../, ..\, encoded variants); or deploy a Web Application Firewall (WAF) rule to sanitize the job_name parameter. Organizations should monitor the GitHub repository (https://github.com/ghantakiran/splunk-mcp-integration/) and VulDB advisory (https://vuldb.com/vuln/360542) for any future security updates from the maintainer. If the tool is critical to operations, consider forking the repository to apply a local patch that sanitizes the job_name parameter by removing or rejecting ../ sequences before file path construction.

More in Splunk

View all
CVE-2026-20253 CRITICAL POC
9.8 Jun 10

Unauthenticated arbitrary file write in Splunk Enterprise (below 10.2.4 and 10.0.7) and Splunk Cloud Platform (below 10.

CVE-2024-36985 HIGH POC
8.8 Jul 01

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10, a low-privileged user that does not hold the admin or powe

CVE-2023-46214 HIGH POC
8.8 Nov 16

In Splunk Enterprise versions below 9.0.7 and 9.1.2, Splunk Enterprise does not safely sanitize extensible stylesheet la

CVE-2023-32707 HIGH POC
8.8 Jun 01

In versions of Splunk Enterprise below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform below version 9.0.2303.100,

CVE-2022-43571 HIGH POC
8.8 Nov 03

In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can execute arbitrary code through t

CVE-2022-43567 HIGH POC
8.8 Nov 04

In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can run arbitrary operating system c

CVE-2023-22934 HIGH POC
8.0 Feb 14

In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘pivot’ search processing language (SPL) command lets

CVE-2022-43566 HIGH POC
8.0 Nov 04

In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can run risky commands using a more

CVE-2024-36991 HIGH POC
7.5 Jul 01

In Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10, an attacker could perform a path traversal on t

CVE-2024-36990 MEDIUM POC
6.5 Jul 01

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.2.2403.100, an a

CVE-2017-17067 CRITICAL
9.8 Nov 30

Splunk Web in Splunk Enterprise 7.0.x before 7.0.0.1, 6.6.x before 6.6.3.2, 6.5.x before 6.5.6, 6.4.x before 6.4.9, and

CVE-2013-6771 CRITICAL
9.3 Aug 07

Directory traversal vulnerability in the collect script in Splunk before 5.0.5 allows remote attackers to execute arbitr

Share

EUVD-2026-26706 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy