πŸ” CVE Alert

CVE-2026-20238

MEDIUM 6.5

Improper Access Control through Role Inheritance in Splunk AI Toolkit app

CVSS Score
6.5
EPSS Score
0.0%
EPSS Percentile
0th

In Splunk AI Toolkit versions below 5.7.3, a low-privileged user that does not hold the 'admin' or 'power' roles could access confidential data that was restricted through `srchFilter` configurations on custom roles.<br><br>The app contains an `authorize.conf` configuration file with a `srchFilter` entry that modifies the built-in β€˜user’ role. Because the Splunk platform combines inherited search filters with the `OR` SPL operator, the injected filter overrides more restrictive filters on child roles.

CWE CWE-863
Vendor splunk
Product splunk ai toolkit
Published May 20, 2026
Stay Ahead of the Next One

Get instant alerts for splunk splunk ai toolkit

Be the first to know when new medium vulnerabilities affecting splunk splunk ai toolkit are published β€” delivered to Slack, Telegram or Discord.

Get Free Alerts β†’ Free Β· No credit card Β· 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability

Affected Versions

Splunk / Splunk AI Toolkit
5.7 < 5.7.3

References

NVD β†— CVE.org β†— EPSS Data β†—
advisory.splunk.com: https://advisory.splunk.com/advisories/SVD-2026-0502

Credits

Martin Muller, Splunk