securityonline.info 6/17/2026, 8:12:32 PM · external

Splunk AI Toolkit flaw allows arbitrary command execution

CyberSIXT Evidence Panel

Primary Source

advisory.splunk.com

CVE Intel

CVE-2026-20266 - NVD Not in KEV 9.1 CRITICAL Patch Unknown

CVE-2026-20265 - NVD Not in KEV 4.3 MEDIUM Patch Unknown

CISA KEV Not in KEV

Patch Patch Status Unknown

THE Splunk AI Toolkit has two critical vulnerabilities: CVE-2026-20266, an OS Command Injection issue rated at CVSS 9.1, and CVE-2026-20265, an insecure default domain allowlist rated at CVSS 4.3. Patches are available in version 5.7.4. The OS Command Injection allows attackers to execute arbitrary commands on the host, while the second flaw can lead to data exfiltration. Organizations are urged to update to the latest version immediately to mitigate risks.

View Primary Source Via securityonline.info

Article by CyberSIXT