CVE-2026-20265 | In Splunk AI Toolkit versions below 5.7.4, a low-privileged … | CVSS 4.3 MEDIUM

Description

In Splunk AI Toolkit versions below 5.7.4, a low-privileged user that does not hold the "admin" or "power" Splunk roles could cause the Splunk AI Toolkit to make outbound requests over HTTP to a server that an attacker controls, which could allow for data exfiltration. The vulnerability exists because of an insecure default domain allowlist in the Splunk AI Toolkit, which does not restrict outbound AI agent requests to approved external domains.

Metadata

CVE ID: CVE-2026-20265
State: PUBLISHED
Assigner: cisco
Reserved: 2025-10-08 11:59 UTC
Published: 2026-06-17 17:07 UTC
Last updated: 2026-06-17 18:04 UTC
Primary CWE: CWE-1188
The software initializes or sets a resource with a default t…
Vendor / Product: Splunk / Splunk AI Toolkit
Sources: cve.org · NVD

Severity & Metrics

4.3 MEDIUM CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

SSVC — CISA Coordinator

Exploitation: none
Automatable: no
Tech. Impact: partial

Affected products (1)

Vendor	Product	Platform	Versions
Splunk	Splunk AI Toolkit	—	5.7 < 5.7.4

Weakness (CWE)

CWE	Source	Description
CWE-1188	cna	The software initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure.

CVSS scores (1)

Score	Severity	Version	Source	Vector
4.3	MEDIUM	3.1	cna	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

References (1)

https://advisory.splunk.com/advisories/SVD-2026-0613