PatchSiren cyber security CVE debrief
CVE-2026-20265 Splunk CVE debrief
A vulnerability in Splunk AI Toolkit versions below 5.7.4 allows low-privileged users to make outbound HTTP requests to attacker-controlled servers, potentially leading to data exfiltration. This is due to an insecure default domain allowlist that does not restrict outbound AI agent requests to approved external domains. The vulnerability has a CVSS score of 4.3 and is classified as MEDIUM severity.
- Vendor
- Splunk
- Product
- Splunk AI Toolkit
- CVSS
- MEDIUM 4.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-17
- Original CVE updated
- 2026-06-22
- Advisory published
- 2026-06-17
- Advisory updated
- 2026-06-22
Who should care
Users of Splunk AI Toolkit versions below 5.7.4 should apply the patch to prevent potential data exfiltration. Low-privileged users with access to the toolkit are at risk. Operators, platform administrators, vulnerability management teams, and security teams should review the vulnerability and apply mitigations.
Technical summary
The Splunk AI Toolkit has an insecure default domain allowlist that does not restrict outbound AI agent requests to approved external domains. A low-privileged user, without 'admin' or 'power' roles, can cause the toolkit to make outbound HTTP requests to a server controlled by an attacker. This could allow for data exfiltration. The vulnerability exists in versions below 5.7.4. Affected product deployments should be identified and reviewed for potential exposure. Operators and administrators should apply the patch to upgrade to version 5.7.4 or higher, restrict outbound AI agent requests, and monitor for suspicious activity. Evidence from the CVE and NVD records supports this assessment, and defenders should verify affected deployments and review vendor guidance.
Defensive priority
Medium priority due to the CVSS score of 4.3 and the potential for data exfiltration.
Recommended defensive actions
- Apply the patch to upgrade Splunk AI Toolkit to version 5.7.4 or higher.
- Restrict outbound AI agent requests to approved external domains.
- Monitor for suspicious outbound requests from the Splunk AI Toolkit.
- Review and update user roles and permissions to prevent low-privileged users from exploiting the vulnerability.
- Perform an exposure review to identify potentially affected systems.
- Implement compensating controls for exposed systems while remediation is scheduled and verified.
- Track exceptions and retest remediated assets.
Evidence notes
The CVE record was published on 2026-06-17T18:17:40.600Z and was last modified on 2026-06-22T12:46:06.703Z. The NVD entry is currently Analyzed. The vulnerability exists in Splunk AI Toolkit versions below 5.7.4. Evidence is based on CVE and NVD information. Defenders should verify affected deployments and review vendor guidance.
Official resources
-
CVE-2026-20265 CVE record
CVE.org
-
CVE-2026-20265 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory, Mitigation
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T18:17:40.600Z and has not been modified since then. The NVD entry is currently Analyzed.