CVE-2026-20265 – Splunk AI Toolkit

CVSS 4.3 MODERATE Critical or Zero Day – Immediate Deployment

“AI integrations create new opportunities for productivity, but also new paths to system compromise when controls fail.”

Splunk patched two vulnerabilities in Splunk AI Toolkit versions below 5.7.4. CVE-2026-20266 has a CVSS score of 9.1, which is Critical severity. CVE-2026-20265 has a CVSS score of 4.3, which is Medium severity.

The update addresses an OS command injection vulnerability caused by unsafe shell execution in the btool configuration helper and an outbound request control weakness caused by an insecure default domain allowlist. Successful exploitation of CVE-2026-20266 could allow an administrator to execute arbitrary operating system commands on the host running Splunk Enterprise. CVE-2026-20265 could allow a low-privileged user to trigger outbound HTTP requests to attacker-controlled infrastructure, creating a potential data exfiltration path.

No verified exploitation, zero-day activity, or public proof-of-concept activity has been confirmed.

Key Details

Affected Product
Splunk Ai Toolkit
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
CWE Classification
CWE-1188
Patch this CVE on all your endpoints in under 5 minutes. First 200 endpoints are free forever, scale as needed.