Clear Text Exposure in Splunk MCP Server App for Certain Roles
CVE-2026-20205

7.2HIGH

Key Information:

Vendor: Splunk
Status: Splunk Mcp Server
Vendor: CVE Published:; 15 April 2026

What is CVE-2026-20205?

In the Splunk MCP Server app prior to version 1.0.3, unauthorized users holding elevated roles could access sensitive information including session and authorization tokens in clear text. This issue primarily affects users who have either local access to server log files or administrative control over internal indexes, a privilege typically reserved for the admin role. It is crucial to audit roles and permissions on your Splunk instance, ensuring that access to the internal index is restricted to administrator-level roles only. For detailed guidance, refer to the Splunk documentation on defining roles and capabilities and connecting to the MCP Server.

Affected Version(s)

Splunk MCP Server 1.0 < 1.0.3

References

https://advisory.splunk.com/advisories/SVD-2026-0407

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 15, 2026
Vulnerability Reserved
Oct 8, 2025

Credit

Charlie Huggard, Splunk

CVE-2026-20205 Data

JSON