Splunk AI Toolkit Vulnerabilities Lead to Remote Connections

EXECUTIVE SUMMARY:

Multiple security vulnerabilities have been identified in the Splunk AI Toolkit, affecting versions. The flaws include an OS command injection that enables remote code execution and an insecure outbound request mechanism that can be leveraged for data exfiltration. Both issues arise from inadequate validation in the btool configuration helper and a permissive domain allowlist, respectively. If exploited, an attacker with administrative privileges could execute arbitrary system commands, while a low‑privileged user could force the toolkit to contact external servers, potentially exposing sensitive information. These weaknesses pose significant operational and reputational risk to organizations relying on Splunk Enterprise.[emaillocker id="1283"]

CVE-2026-20266 with a CVSS score of 9.1 – This OS command injection flaw allows an admin‑role user to craft parameters that are passed to a shell without sanitization, enabling arbitrary command execution on the host; exploitation requires only valid admin credentials.

CVE-2026-20265 with a CVSS score of 4.3 – The vulnerability permits a low‑privileged user to trigger outbound HTTP requests to arbitrary domains due to an overly permissive allowlist, potentially facilitating data exfiltration; no special privileges are needed beyond normal user access.

RECOMMENDATION:

• We recommend you to update Splunk AI Toolkit to version 5.7.4 or later.

REFERENCES:

The following reports contain further technical details:
https://securityonline.info/splunk-ai-toolkit-vulnerabilities/