CVEFinder.io

CVE-2026-20266

⛔ critical
🔍 Scan for this CVE
Summary

In Splunk AI Toolkit versions below 5.7.4, a user who holds the "admin" Splunk role could execute arbitrary OS commands on the host running the Splunk Enterprise instance. The vulnerability is possible because of an unsafe shell execution pattern in the btool configuration helper, which constructs OS command strings from dynamic parameters without disabling shell interpretation.

CVSS Score
9.1
Critical
EPSS Score
0.5
Exploit Probability
Published Date
2026-06-17
First Seen: 2026-06-25
📊 Relative Risk Intelligence

This CVE is High Risk - more severe than 87.7% of all 330,193 vulnerabilities in our database.

#40,600
Top 25% most severe
Severity Percentile
🎯 CISA SSVC Assessment Updated: Jun 17, 2026
🔍 Exploitation Status
None
No known exploits
⚙️ Automatable
NO
Requires human interaction
💥 Technical Impact
Total
Complete system compromise possible
🏆 Discovered By
Gabriel Nitu, Splunk
SSVC data provided by CISA
Last Modified 2026-06-22
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CWE IDs (Weakness Types)
CWE-78

📦 Affected Products 1

Vendor Product Status Affected Versions
splunk ai_toolkit Affected
> 5.7.0 < 5.7.4

🔗 References 1

https://advisory.splunk.com/advisories/SVD-2026-0614
Vendor Advisory

🔗 Related CVEs 2

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-20265 🔶 medium 4.3 0.2 In Splunk AI Toolkit versions below 5.7.4, a low-privileged user that does not hold the "admin" or "power" Splunk roles ... 2026-06-17
CVE-2026-20238 🔶 medium 6.5 0.0 In Splunk AI Toolkit versions below 5.7.3, a low-privileged user that does not hold the 'admin' or 'power' roles could a... 2026-05-20
These CVEs affect the same products