PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-20265 Splunk CVE debrief

A vulnerability in Splunk AI Toolkit versions below 5.7.4 allows low-privileged users to make outbound HTTP requests to attacker-controlled servers, potentially leading to data exfiltration. This is due to an insecure default domain allowlist that does not restrict outbound AI agent requests to approved external domains. The vulnerability has a CVSS score of 4.3 and is classified as MEDIUM severity.

Vendor
Splunk
Product
Splunk AI Toolkit
CVSS
MEDIUM 4.3
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-17
Original CVE updated
2026-06-22
Advisory published
2026-06-17
Advisory updated
2026-06-22

Who should care

Users of Splunk AI Toolkit versions below 5.7.4 should apply the patch to prevent potential data exfiltration. Low-privileged users with access to the toolkit are at risk. Operators, platform administrators, vulnerability management teams, and security teams should review the vulnerability and apply mitigations.

Technical summary

The Splunk AI Toolkit has an insecure default domain allowlist that does not restrict outbound AI agent requests to approved external domains. A low-privileged user, without 'admin' or 'power' roles, can cause the toolkit to make outbound HTTP requests to a server controlled by an attacker. This could allow for data exfiltration. The vulnerability exists in versions below 5.7.4. Affected product deployments should be identified and reviewed for potential exposure. Operators and administrators should apply the patch to upgrade to version 5.7.4 or higher, restrict outbound AI agent requests, and monitor for suspicious activity. Evidence from the CVE and NVD records supports this assessment, and defenders should verify affected deployments and review vendor guidance.

Defensive priority

Medium priority due to the CVSS score of 4.3 and the potential for data exfiltration.

Recommended defensive actions

  • Apply the patch to upgrade Splunk AI Toolkit to version 5.7.4 or higher.
  • Restrict outbound AI agent requests to approved external domains.
  • Monitor for suspicious outbound requests from the Splunk AI Toolkit.
  • Review and update user roles and permissions to prevent low-privileged users from exploiting the vulnerability.
  • Perform an exposure review to identify potentially affected systems.
  • Implement compensating controls for exposed systems while remediation is scheduled and verified.
  • Track exceptions and retest remediated assets.

Evidence notes

The CVE record was published on 2026-06-17T18:17:40.600Z and was last modified on 2026-06-22T12:46:06.703Z. The NVD entry is currently Analyzed. The vulnerability exists in Splunk AI Toolkit versions below 5.7.4. Evidence is based on CVE and NVD information. Defenders should verify affected deployments and review vendor guidance.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T18:17:40.600Z and has not been modified since then. The NVD entry is currently Analyzed.