Description
In Splunk AI Toolkit versions below 5.7.4, a low-privileged user that does not hold the "admin" or "power" Splunk roles could cause the Splunk AI Toolkit to make outbound requests over HTTP to a server that an attacker controls, which could allow for data exfiltration.

The vulnerability exists because of an insecure default domain allowlist in the Splunk AI Toolkit, which does not restrict outbound AI agent requests to approved external domains.
Published: 2026-06-17
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

In Splunk AI Toolkit versions earlier than 5.7.4, an insecure default domain allowlist permits outbound HTTP requests to any external server. A low‑privileged user with no "admin" or "power" role can trigger the AI agent to contact an attacker‑controlled host, enabling data exfiltration in the context of the Splunk instance. The flaw is classified as CWE-1188, an improper restriction of network resources.

Affected Systems

Splunk AI Toolkit 5.7.3 and earlier are vulnerable. The issue does not affect 5.7.4 or later releases where the allowlist restriction is implemented.

Risk and Exploitability

The CVSS score of 4.3 indicates a moderate risk, and the EPSS score of less than 1% suggests a very low probability of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog. A likely attack vector is a local user with limited permissions executing a command that forces the toolkit to perform an outbound HTTP request; inference implies that an attacker must already have local access to the Splunk system or exploit a related privilege‑escalation flaw to widen the reach.

Generated by OpenCVE AI on June 18, 2026 at 18:44 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Splunk AI Toolkit to version 5.7.4 or later, where the outbound domain allowlist is properly enforced.
  • Configure the toolkit with an explicit approved domain allowlist and remove the insecure defaults to limit outbound traffic.
  • Implement network firewall rules that restrict outbound connections from the Splunk AI services to only the domains and IP ranges specified in the allowlist.
  • Conduct periodic audits of outbound connections and review the allowlist configuration for any unauthorized changes.

Generated by OpenCVE AI on June 18, 2026 at 18:44 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 18 Jun 2026 19:00:00 +0000

Type Values Removed Values Added
First Time appeared Splunk
Splunk splunk Ai Toolkit
Vendors & Products Splunk
Splunk splunk Ai Toolkit

Thu, 18 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Description In Splunk AI Toolkit versions below 5.7.4, a low-privileged user that does not hold the "admin" or "power" Splunk roles could cause the Splunk AI Toolkit to make outbound requests over HTTP to a server that an attacker controls, which could allow for data exfiltration. The vulnerability exists because of an insecure default domain allowlist in the Splunk AI Toolkit, which does not restrict outbound AI agent requests to approved external domains.
Title Insecure Default Domain Allowlist in Splunk AI Toolkit
Weaknesses CWE-1188
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Subscriptions

Splunk Splunk Ai Toolkit
cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published:

Updated: 2026-06-17T18:04:30.312Z

Reserved: 2025-10-08T11:59:15.402Z

Link: CVE-2026-20265

cve-icon Vulnrichment

Updated: 2026-06-17T18:04:27.161Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T18:45:03Z

Weaknesses
  • CWE-1188

    Initialization of a Resource with an Insecure Default