CVE-2026-20266
Received Received - Intake
BaseFortify

Publication date: 2026-06-17

Last updated on: 2026-06-17

Assigner: Cisco Systems, Inc.

Description
In Splunk AI Toolkit versions below 5.7.4, a user who holds the "admin" Splunk role could execute arbitrary OS commands on the host running the Splunk Enterprise instance. The vulnerability is possible because of an unsafe shell execution pattern in the btool configuration helper, which constructs OS command strings from dynamic parameters without disabling shell interpretation.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-17
Last Modified
2026-06-17
Generated
2026-06-18
AI Q&A
2026-06-17
EPSS Evaluated
N/A
NVD
CVE-2026-20266
EUVD
EUVD-2026-37768
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
splunk splunk_ai_toolkit to 5.7.4 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-20266 is a critical OS command injection vulnerability found in Splunk AI Toolkit versions below 5.7.4.

This vulnerability allows a user with the "admin" Splunk role to execute arbitrary operating system commands on the host running the Splunk Enterprise instance.

The root cause is an unsafe shell execution pattern in the btool configuration helper, which builds OS command strings from dynamic parameters without disabling shell interpretation, enabling command injection.

Impact Analysis

This vulnerability can have severe impacts because it allows an attacker with admin privileges in Splunk to execute arbitrary OS commands on the host system.

Such command execution can lead to full compromise of the host, including unauthorized data access, data modification, service disruption, or further network penetration.

Given the CVSS score of 9.1 (Critical), the risk level is very high.

Detection Guidance

No official detection methods or commands are currently available for this vulnerability.

Mitigation Strategies

To mitigate this vulnerability, upgrade the Splunk AI Toolkit to version 5.7.4 or higher.

As a temporary workaround, you can uninstall the Splunk AI Toolkit app.

Compliance Impact

This vulnerability allows users with the "admin" Splunk role to execute arbitrary OS commands on the host running Splunk Enterprise, which can lead to unauthorized access, data breaches, and system compromise.

Such unauthorized access and potential data breaches can negatively impact compliance with common standards and regulations like GDPR and HIPAA, which require strict controls over data confidentiality, integrity, and system security.

Therefore, if exploited, this vulnerability could result in violations of these regulations due to compromised data protection and system integrity.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-20266. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart