CVE-2026-20205

HIGH 7.2

Sensitive Information Disclosure in ''_internal'' index in Splunk MCP Server app

CVSS Score

7.2

EPSS Score

0.0%

EPSS Percentile

0th

In Splunk MCP Server app versions below 1.0.3 , a user who holds a role with access to the Splunk `_internal` index or possesses the high-privilege capability `mcp_tool_admin` could view users session and authorization tokens in clear text.<br><br>The vulnerability would require either local access to the log files or administrative access to internal indexes, which by default only the admin role receives. <br><br>Review roles and capabilities on your instance and restrict internal index access to administrator-level roles. See [Define roles on the Splunk platform with capabilities](https://docs.splunk.com/Documentation/Splunk/latest/Security/Rolesandcapabilities) and [Connecting to MCP Server and Admin settings](https://help.splunk.com/en/splunk-enterprise/mcp-server-for-splunk-platform/connecting-to-mcp-server-and-admin-settings) in the Splunk documentation for more information.

CWE	CWE-532
Vendor	splunk
Product	splunk mcp server
Published	Apr 15, 2026
Last Updated	Apr 15, 2026

Stay Ahead of the Next One

Get instant alerts for splunk splunk mcp server

Be the first to know when new high vulnerabilities affecting splunk splunk mcp server are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

Splunk / Splunk MCP Server

1.0 < 1.0.3

References

NVD ↗ CVE.org ↗ EPSS Data ↗

advisory.splunk.com: https://advisory.splunk.com/advisories/SVD-2026-0407

Credits

Charlie Huggard, Splunk