—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Multiple Vulnerabilities in Splunk Products 

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: CRITICAL

Software Affected

Splunk AI Toolkit versions prior to 5.7.4

Overview

Multiple vulnerabilities have been reported in Splunk products, which could allow a remote attacker to execute arbitrary OS commands and make outbounds requests over HTTP to an attacker-controlled server.

Target Audience:

All organizations and individuals using Splunk products.

Risk Assessment:

Potential for unauthorized access to sensitive information and data exfiltration. 

Impact Assessment:

High risk of information disclosure, privilege misuse, and compromise of confidentiality and integrity.

Description

Splunk is a platform used for searching, monitoring, and analyzing machine-generated data in real time. It collects, indexes, and correlates large volumes of data generated by applications, servers, networks, and other infrastructure components.

These vulnerabilities exist in Splunk products due to unsafe shell execution pattern in the btool configuration helper, which constructs operating system command strings from dynamic parameters without disabling shell interpretation and insecure default domain allowlist in the Splunk AI Toolkit, which does not restrict outbound AI agent requests to approved external domains.

Successful exploitation of these vulnerabilities could allow a user with the Splunk ‘admin’ role to execute arbitrary commands and a low-privileged user that does not hold the Splunk ‘admin’ or ‘power’ roles could make outbound request to attacker-controlled servers, which could allow for data exfiltration from the targeted system.

Solution

Apply appropriate updates as mentioned by the vendor:

https://advisory.splunk.com/advisories/SVD-2026-0613

https://advisory.splunk.com/advisories/SVD-2026-0614

Vendor Information

Splunk

https://advisory.splunk.com/advisories/SVD-2026-0613

https://advisory.splunk.com/advisories/SVD-2026-0614

References

Splunk

https://advisory.splunk.com/advisories/SVD-2026-0613

https://advisory.splunk.com/advisories/SVD-2026-0614

CVE Name

CVE-2026-20265

CVE-2026-20266

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmo768gACgkQ3jCgcSdc

ys+T0hAAjsJttxHP9Vfp6C7TrAywDqmYxa2TuB7wKpFlP5BwnmRTsaaOaxy0+91j

DEK/QMSUgOgBLKb3232BFZFVQ8jv/Y90a+hjFJ4o4vJB0h23k09nUByYWTHGQCN5

Dty7oVSIS/bwx+aHFJFPIcHBmMgoHSLRVa3RxELnJxp8kFzsgM7/sCVmSzpwWMwz

hR6gqwDP2dTG7PV6f4+3u9rMRohj4pVvN2rr5MeT4L99kCwdYJ7+AkOxCbl5zuM0

XxR/brLyNh+NIezaMsoltNBWAPcoF3i7MzH6NVD4INlzW0xv4VwRn1F4QoZ2P6QR

LfjybR0gzF48n8EGMuJ8J24u2WAWYAbUn0iWdu/U/NLuxDpdVO1QNxvCkrbpZE8P

9EUxb3RAWrpnaOtYz9+4a2bZ0JZQ5fyzu6QvGrEzgWuwWMJSDLMjizg5P47pCUfK

SSuBmIqiJM6K5dUk3Uj7p0HTIQ5vTerzX6XTJUnuk19/Q52ggjjL9jd1Joi25c3L

KKMuC1XLM/VS7B3+3m8pHLDww2BL+k5mcnZVG9j0pVCgx8SgBOGkVw+QafFlz04C

eGAABi5fUs027LDYhBSAY8gSER5H+1/b5XppHCcPe571OtP9v5/iEPeXYlfCGnos

ptdeKMWDCDF1wlaFVyrC/Ex5x/1OYYXRApGkITLgSzOSK1VHWeQ=

=NaR6

—–END PGP SIGNATURE—–