CVE-2026-20238
Published May 20, 2026
Last updated 2 months ago
AI description
CVE-2026-20238 describes a vulnerability found in Splunk AI Toolkit versions prior to 5.7.3. This flaw enables a low-privileged user, who does not possess 'admin' or 'power' roles, to access confidential data that should otherwise be restricted through `srchFilter` configurations on custom roles. The issue stems from a logic error in how the Splunk AI Toolkit manages inherited search filters. An `authorize.conf` configuration file within the application contains an `srchFilter` entry that modifies the built-in 'user' role. Due to the Splunk platform's use of the `OR` SPL operator when combining inherited search filters, this injected filter overrides more restrictive `srchFilter` settings applied to child roles, thereby bypassing intended data segmentation controls.
- Description
- In Splunk AI Toolkit versions below 5.7.3, a low-privileged user that does not hold the 'admin' or 'power' roles could access confidential data that was restricted through `srchFilter` configurations on custom roles.<br><br>The app contains an `authorize.conf` configuration file with a `srchFilter` entry that modifies the built-in ‘user’ role. Because the Splunk platform combines inherited search filters with the `OR` SPL operator, the injected filter overrides more restrictive filters on child roles.
- Source
- psirt@cisco.com
- NVD status
- Analyzed
- Products
- ai_toolkit
CVSS 3.1
- Type
- Primary
- Base score
- 6.5
- Impact score
- 3.6
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
- Severity
- MEDIUM
- psirt@cisco.com
- CWE-863
- Hype score
- Not currently trending
Splunk の脆弱性 CVE-2026-20238/20239/20240 が FIX:DoS 攻撃や機密情報漏洩の恐れ https://t.co/StxJU5o36l Splunk の新たな脆弱性は、ロール継承時の条件結合の不備/ログ出力時のサニタイズ不足/スクリプトにおける入
@iototsecnews
28 May 2026
92 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Warning: #Splunk has released security updates addressing multiple vulnerabilities, including CVE-2026-20238, CVE-2026-20239, and CVE-2026-20240, across #Splunk Enterprise, #Splunk Cloud Platform, and #Splunk AI Toolkit. Risks of DoS conditions and sensitive data exposure. #Patch
@CCBalert
26 May 2026
180 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
شركة (Splunk) نزلت ٣ تحديثات أمنية للمنتجات التالية 📍 ثغرة (CVE-2026-20238 | CVSS 6.5) المنتج المتأثر: (Splunk AI Toolkit) 📍 ثغرة (CVE-2026-20239 | CVSS 7.5) المنتج المتأثر: (Splunk Enterprise) و (Splu
@buhaimedi
24 May 2026
3845 Impressions
2 Retweets
32 Likes
31 Bookmarks
1 Reply
0 Quotes
خطرناک اون زمانی هست که برای سیستم تشخیص نفوذ باگ منتشر بشه . برای Splunk چند آسیب پذیری با کدهای شناسایی CVE-2026-20238 و CVE-2026-20239 و CVE-2026-20240 منتشر شده که علاوه بر ای
@EthicalSafe
22 May 2026
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Splunkが深刻な脆弱性を修正。DoSのCVE-2026-20240やエラー時のバッファ漏洩CVE-2026-20239、AI Toolkitの機密情報漏洩CVE-2026-20238。 https://t.co/v5Y8zWQPFh
@__kokumoto
22 May 2026
728 Impressions
1 Retweet
4 Likes
1 Bookmark
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:splunk:ai_toolkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F310917-EE7D-4F78-B75C-8BA1DEDF49A3",
"versionEndExcluding": "5.7.3",
"versionStartIncluding": "5.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]