MEDIUM✓ PATCH🇵🇱 Wersja polska

CVE-2026-20265

CVSS 4.3v3.1pub. 2026-06-17upd. 2026-06-22

In Splunk AI Toolkit versions below 5.7.4, a low-privileged user that does not hold the "admin" or "power" Splunk roles could cause the Splunk AI Toolkit to make outbound requests over HTTP to a server that an attacker controls, which could allow for data exfiltration. The vulnerability exists because of an insecure default domain allowlist in the Splunk AI Toolkit, which does not restrict outbound AI agent requests to approved external domains.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
  • Splunk Ai Toolkit

    APP
    Splunk
    5.7.0 – 5.7.4 (bez)
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References

Related vulnerabilities

CVE-2026-20266CRITICAL9.1ten sam produkt

In Splunk AI Toolkit versions below 5.7.4, a user who holds the "admin" Splunk role could execute arbitrary OS...

CVE-2026-20238MEDIUM6.5ten sam produkt

In Splunk AI Toolkit versions below 5.7.3, a low-privileged user that does not hold the 'admin' or 'power' rol...

CVE-2026-20253CRITICAL9.8⚠ KEVPL ✓ten sam vendor

Splunk Enterprise — tworzenie/skracanie plików bez uwierzytelnienia przez sidecar PostgreSQL

CVE-2023-23914CRITICAL9.1ten sam vendor

A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS ...

CVE-2022-32221CRITICAL9.8ten sam vendor

When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask ...