CVE-2026-20238

Published May 20, 2026

Last updated 4 days ago

Overview

AI description

Automated description summarized from trusted sources.

CVE-2026-20238 describes a vulnerability found in Splunk AI Toolkit versions prior to 5.7.3. This flaw enables a low-privileged user, who does not possess 'admin' or 'power' roles, to access confidential data that should otherwise be restricted through `srchFilter` configurations on custom roles. The issue stems from a logic error in how the Splunk AI Toolkit manages inherited search filters. An `authorize.conf` configuration file within the application contains an `srchFilter` entry that modifies the built-in 'user' role. Due to the Splunk platform's use of the `OR` SPL operator when combining inherited search filters, this injected filter overrides more restrictive `srchFilter` settings applied to child roles, thereby bypassing intended data segmentation controls.

Description: In Splunk AI Toolkit versions below 5.7.3, a low-privileged user that does not hold the 'admin' or 'power' roles could access confidential data that was restricted through `srchFilter` configurations on custom roles.<br><br>The app contains an `authorize.conf` configuration file with a `srchFilter` entry that modifies the built-in ‘user’ role. Because the Splunk platform combines inherited search filters with the `OR` SPL operator, the injected filter overrides more restrictive filters on child roles.
Source: psirt@cisco.com
NVD status: Awaiting Analysis

Risk scores

CVSS 3.1

Type: Primary
Base score: 6.5
Impact score: 3.6
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Severity: MEDIUM

Weaknesses

psirt@cisco.com: CWE-863

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score: 7

References