CVE-2026-20238

Published May 20, 2026

Last updated 2 months ago

CVSS medium 6.5
Splunk AI Toolkit
Splunk Platform

Overview

AI description

Automated description summarized from trusted sources.

CVE-2026-20238 describes a vulnerability found in Splunk AI Toolkit versions prior to 5.7.3. This flaw enables a low-privileged user, who does not possess 'admin' or 'power' roles, to access confidential data that should otherwise be restricted through `srchFilter` configurations on custom roles. The issue stems from a logic error in how the Splunk AI Toolkit manages inherited search filters. An `authorize.conf` configuration file within the application contains an `srchFilter` entry that modifies the built-in 'user' role. Due to the Splunk platform's use of the `OR` SPL operator when combining inherited search filters, this injected filter overrides more restrictive `srchFilter` settings applied to child roles, thereby bypassing intended data segmentation controls.

Description
In Splunk AI Toolkit versions below 5.7.3, a low-privileged user that does not hold the 'admin' or 'power' roles could access confidential data that was restricted through `srchFilter` configurations on custom roles.<br><br>The app contains an `authorize.conf` configuration file with a `srchFilter` entry that modifies the built-in ‘user’ role. Because the Splunk platform combines inherited search filters with the `OR` SPL operator, the injected filter overrides more restrictive filters on child roles.
Source
psirt@cisco.com
NVD status
Analyzed
Products
ai_toolkit

Risk scores

CVSS 3.1

Type
Primary
Base score
6.5
Impact score
3.6
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Severity
MEDIUM

Weaknesses

psirt@cisco.com
CWE-863

Social media

Hype score
Not currently trending
  1. Splunk の脆弱性 CVE-2026-20238/20239/20240 が FIX:DoS 攻撃や機密情報漏洩の恐れ https://t.co/StxJU5o36l Splunk の新たな脆弱性は、ロール継承時の条件結合の不備/ログ出力時のサニタイズ不足/スクリプトにおける入

    @iototsecnews

    28 May 2026

    92 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Warning: #Splunk has released security updates addressing multiple vulnerabilities, including CVE-2026-20238, CVE-2026-20239, and CVE-2026-20240, across #Splunk Enterprise, #Splunk Cloud Platform, and #Splunk AI Toolkit. Risks of DoS conditions and sensitive data exposure. #Patch

    @CCBalert

    26 May 2026

    180 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. شركة (Splunk) نزلت ٣ تحديثات أمنية للمنتجات التالية 📍 ثغرة (CVE-2026-20238 | CVSS 6.5) المنتج المتأثر: (Splunk AI Toolkit) 📍 ثغرة (CVE-2026-20239 | CVSS 7.5) المنتج المتأثر: (Splunk Enterprise) و (Splu

    @buhaimedi

    24 May 2026

    3845 Impressions

    2 Retweets

    32 Likes

    31 Bookmarks

    1 Reply

    0 Quotes

  4. خطرناک اون زمانی هست که برای سیستم تشخیص نفوذ باگ منتشر بشه . برای Splunk چند آسیب پذیری با کدهای شناسایی CVE-2026-20238 و CVE-2026-20239 و CVE-2026-20240 منتشر شده که علاوه بر ای

    @EthicalSafe

    22 May 2026

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. Splunkが深刻な脆弱性を修正。DoSのCVE-2026-20240やエラー時のバッファ漏洩CVE-2026-20239、AI Toolkitの機密情報漏洩CVE-2026-20238。 https://t.co/v5Y8zWQPFh

    @__kokumoto

    22 May 2026

    728 Impressions

    1 Retweet

    4 Likes

    1 Bookmark

    0 Replies

    0 Quotes

Configurations

References

Sources include official advisories and independent security research.