CVE-2026-20265
published 2026-06-17CVE-2026-20265: In Splunk AI Toolkit versions below 5.7.4, a low-privileged user that does not hold the "admin" or "power" Splunk roles could cause the Splunk AI Toolkit to…
PriorityP423medium4.3CVSS 3.1
AVNACLPRLUINSUCLINAN
EPSS
0.22%
12.0th percentile
In Splunk AI Toolkit versions below 5.7.4, a low-privileged user that does not hold the "admin" or "power" Splunk roles could cause the Splunk AI Toolkit to make outbound requests over HTTP to a server that an attacker controls, which could allow for data exfiltration.
The vulnerability exists because of an insecure default domain allowlist in the Splunk AI Toolkit, which does not restrict outbound AI agent requests to approved external domains.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| splunk | ai_toolkit | >= 5.7.0 < 5.7.4 | 5.7.4 |
| splunk | splunk_ai_toolkit | >= 5.7 < 5.7.4 | 5.7.4 |
CVSS provenance
nvdv3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
cvelistv5v3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
In Splunk AI Toolkit versions below 5.7.4, a low-privileged user that does not hold the "admin" or "power" Splunk roles could cause the Splunk AI Toolkit to make outbound requests over HTTP to a serve
ghsa_unreviewed·2026-06-17
CVE-2026-20265 [MEDIUM] CWE-1188 In Splunk AI Toolkit versions below 5.7.4, a low-privileged user that does not hold the "admin" or "power" Splunk roles could cause the Splunk AI Toolkit to make outbound requests over HTTP to a serve
In Splunk AI Toolkit versions below 5.7.4, a low-privileged user that does not hold the "admin" or "power" Splunk roles could cause the Splunk AI Toolkit to make outbound requests over HTTP to a server that an attacker controls, which could allow for data exfiltration.
The vulnerability exists because of an insecure default domain allowlist in the Splunk AI Toolkit, which does not restrict outbound AI agent requests to approved external domains.
CVEList
Insecure Default Domain Allowlist in Splunk AI Toolkit
cvelistv5·2026-06-17·CVSS 4.3
CVE-2026-20265 [MEDIUM] CWE-1188 Insecure Default Domain Allowlist in Splunk AI Toolkit
Insecure Default Domain Allowlist in Splunk AI Toolkit
In Splunk AI Toolkit versions below 5.7.4, a low-privileged user that does not hold the "admin" or "power" Splunk roles could cause the Splunk AI Toolkit to make outbound requests over HTTP to a server that an attacker controls, which could allow for data exfiltration.
The vulnerability exists because of an insecure default domain allowlist in the Splunk AI Toolkit, which does not restrict outbound AI agent requests to approved external domains.
VulDB
Splunk AI Toolkit up to 5.7.3 Outbound Requests insecure default initialization of resource (SVD-2026-0613)
vuldb·2026-06-17
CVE-2026-20265 [LOW] Splunk AI Toolkit up to 5.7.3 Outbound Requests insecure default initialization of resource (SVD-2026-0613)
A vulnerability classified as problematic has been found in Splunk AI Toolkit up to 5.7.3. Impacted is an unknown function of the component Outbound Requests Handler. This manipulation causes insecure default initialization of resource.
This vulnerability is handled as CVE-2026-20265. The attack can be initiated remotely. There is not any exploit available.
It is recommended to upgrade the affected component.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-06-17
Published