3 matches found
CVE-2026-20266
Summary: CVE-2026-20266 affects Splunk AI Toolkit
CVE-2026-20238
The CVE affects Splunk AI Toolkit prior to 5.7.3. A low-privilege user (not admin/power) can access data restricted by srchFilter settings in authorize.conf. The toolkit stores a srchFilter entry that alters the built-in user role; Splunk’s inheritance with OR in search filters allows the injecte...
CVE-2026-20265
Splunk AI Toolkit has a vulnerability in versions below 5.7.4 where a low-privilege user (not admin/power) can cause the toolkit to issue outbound HTTP requests to an attacker-controlled server due to an insecure default domain allowlist. This could enable data exfiltration. Root cause: outbound ...