CVE-2026-20266
Last modified
CVE-2026-20266 is a critical-severity vulnerability rated 9.1/10 on the CVSS scale. In Splunk AI Toolkit versions below 5.7.4, a user who holds the "admin" Splunk role could execute arbitrary OS commands on the host running the Splunk Enterprise instance. The vulnerability is possible because of an unsafe shell execution pattern in the btool configuration helper, which constructs OS command strings from dynamic parameters without disabling shell interpretation.. EPSS estimates a 0.47% chance of exploitation in the next 30 days.
Description
In Splunk AI Toolkit versions below 5.7.4, a user who holds the "admin" Splunk role could execute arbitrary OS commands on the host running the Splunk Enterprise instance. The vulnerability is possible because of an unsafe shell execution pattern in the btool configuration helper, which constructs OS command strings from dynamic parameters without disabling shell interpretation.
Metrics
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Splunk | Ai Toolkit | >= 5.7.0, < 5.7.4 |
References
- https://advisory.splunk.com/advisories/SVD-2026-0614Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2026-20266?
How severe is CVE-2026-20266?
How do I fix CVE-2026-20266?
Are you affected by CVE-2026-20266?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST