CVE-2026-20265

EUVD-2026-37767

17.06.2026, 18:17

In Splunk AI Toolkit versions below 5.7.4, a low-privileged user that does not hold the "admin" or "power" Splunk roles could cause the Splunk AI Toolkit to make outbound requests over HTTP to a server that an attacker controls, which could allow for data exfiltration.  

The vulnerability exists because of an insecure default domain allowlist in the Splunk AI Toolkit, which does not restrict outbound AI agent  requests to approved external domains.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
cisco	CNA	4.3 MEDIUM	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Early Detection

Affected products identified ahead of NVD analysis through intelligence sources.

Vendor	Product	Version	Source
splunk	ai_toolkit	5.7 ≤ 𝑥 < 5.7.4	CNA

Common Weakness Enumeration

CWE-1188 - Insecure Default Initialization of Resource
The software initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure.

References

https://advisory.splunk.com/advisories/SVD-2026-0613