CVE-2026-7589
Received Received - Intake
Path Traversal in ghantakiran Splunk-MCP-Integration

Publication date: 2026-05-01

Last updated on: 2026-05-01

Assigner: VulDB

Description
A vulnerability was determined in ghantakiran splunk-mcp-integration up to 0b86b09d5e5adf0433acd43c975951224613a1a6. Impacted is the function create_csv_export of the file services/csv-export-service/app/api/v1/endpoints/csv_export.py of the component CSV Export. This manipulation of the argument job_name causes path traversal. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The project was informed of the problem early through an issue report but has not responded yet.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-01
Last Modified
2026-05-01
Generated
2026-06-16
AI Q&A
2026-05-01
EPSS Evaluated
2026-06-15
NVD
CVE-2026-7589
EUVD
EUVD-2026-26706
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
ghantakiran splunk-mcp-integration to 0b86b09d5e5adf0433acd43c975951224613a1a6 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the ghantakiran splunk-mcp-integration component, specifically in the create_csv_export function of the CSV Export service. It involves manipulation of the job_name argument, which leads to a path traversal issue. This means an attacker can craft input to access files or directories outside the intended scope.

The attack can be initiated remotely, and the exploit has been publicly disclosed, meaning it is known and potentially usable by attackers.

Impact Analysis

The path traversal vulnerability allows an attacker to access files or directories outside the intended directory structure by manipulating the job_name argument. This can lead to unauthorized access to sensitive files on the system.

Since the attack can be performed remotely without authentication, it increases the risk of exploitation and potential data exposure.

Compliance Impact

The vulnerability allows an authenticated attacker with csv_create permission to perform arbitrary file writes outside the intended directory via path traversal in the job_name parameter. This can lead to integrity and availability impacts by creating or overwriting files in unauthorized locations.

While the CVE description and resources do not explicitly mention compliance with standards such as GDPR or HIPAA, the ability to write arbitrary files could potentially lead to unauthorized data exposure or manipulation, which may violate data protection and security requirements under these regulations.

Mitigations such as sanitizing input, enforcing path resolution checks, and using server-side generated filenames are recommended to reduce the risk and help maintain compliance with security best practices.

Detection Guidance

This vulnerability can be detected by monitoring for unusual file creation or modification activities outside the intended CSV output directory, especially involving file paths with traversal patterns in the job_name parameter.

Since the vulnerability involves the create_csv_export function accepting a job_name parameter that allows path traversal, detection can focus on identifying requests or logs where job_name contains traversal tokens such as '../'.

Suggested commands to detect potential exploitation attempts include searching application logs or audit logs for suspicious job_name values:

  • grep -r "job_name=.*\.\./" /path/to/logs
  • grep -r "job_name=.*\/\/" /path/to/logs
  • find / -path "*/tmp/csv_poc*" -type f

Additionally, monitoring file creation outside the expected CSV_OUTPUT_DIR directory can help detect exploitation.

Mitigation Strategies

Immediate mitigation steps include sanitizing the job_name parameter to prevent path traversal by stripping path separators and traversal tokens.

Other recommended mitigations are:

  • Enforce server-side generation of filenames using UUIDs instead of relying on user input.
  • Implement path resolution checks to ensure files are created only within the intended CSV_OUTPUT_DIR directory.
  • Restrict permissions to only authenticated users with the csv_create permission.

Monitoring and alerting on suspicious file creation attempts can also help mitigate impact until a patch or update is available.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-7589. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart