Splunk AI Toolkit versions older than 5.7.4 allow a user with the "admin" role to execute arbitrary operating system commands on the host running Splunk Enterprise. The flaw stems from the btool configuration helper building shell command strings from dynamic parameters without disabling shell interpretation, creating a classic OS command injection vulnerability. As a result, an attacker who can obtain admin credentials can run any command on the underlying host, compromising confidentiality, integrity, and availability of the system. This is a high‑impact weakness identified as CWE‑78.

The vulnerability affects Splunk AI Toolkit. Any installation of the toolkit below version 5.7.4 is susceptible. The tool is part of the Splunk platform, so any Splunk Enterprise instance that includes the AI Toolkit and can be accessed by users with the admin role is impacted.

The CVSS score of 9.1 indicates critical severity. The EPSS score is below 1%, suggesting a low but nonzero likelihood of exploitation in the wild. The vulnerability is not listed in CISA’s KEV catalog, implying no publicly known exploits are confirmed. Extrapolating from the description, the attack vector would require an attacker to gain or abuse an admin role within Splunk Enterprise, either through credential compromise or by exploiting another vulnerability that elevates privileges. Once admin access is achieved, the attacker can invoke arbitrary OS commands via the btool helper, leading to full system compromise.