Access Control Flaw in Splunk AI Toolkit Allows Unauthorized Data Retrieval
CVE-2026-20238

6.5MEDIUM

Key Information:

Vendor: Splunk
Status: Splunk Ai Toolkit
Vendor: CVE Published:; 20 May 2026

What is CVE-2026-20238?

In affected versions of the Splunk AI Toolkit, specifically versions prior to 5.7.3, a low-privileged user lacking administrative roles can exploit a configuration flaw to gain access to sensitive data. The vulnerability arises from an authorize.conf file containing a flawed srchFilter setting that overrides the intended restrictions on user roles. This configuration issue allows unauthorized retrieval of confidential data, posing significant risks to data security. This situation worsens due to the way Splunk handles inherited search filters, which can unintentionally expose restricted information.

Affected Version(s)

Splunk AI Toolkit 5.7 < 5.7.3

References

https://advisory.splunk.com/advisories/SVD-2026-0502

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 20, 2026
Vulnerability Reserved
Oct 8, 2025

Credit

Martin Muller, Splunk

CVE-2026-20238 Data

JSON