CVE-2025-20381 SPL commands allowlist controls bypass in Splunk MCP Server app through "run_splunk_query" MCP tool

In Splunk MCP Server app versions below 0.2.4, a user with access to the "runsplunkquery" Model Context Protocol MCP tool could bypass the SPL command allowlist controls in MCP by embedding SPL commands as sub-searches, leading to unauthorized actions beyond the intended MCP restrictions...

Splunk MCP Server 安全漏洞

Splunk MCP Server is a multi-cloud platform server from Splunk USA. A security vulnerability exists in Splunk MCP Server versions prior to 0.2.4, which stems from the runsplunkquery tool that can bypass the SPL Command Allow List control, potentially leading to unauthorized operations...