Remote Command Execution in Splunk AI Toolkit by Splunk
CVE-2026-20266

9.1CRITICAL

Key Information:

Vendor: Splunk
Status: Splunk Ai Toolkit
Vendor: CVE Published:; 17 June 2026

What is CVE-2026-20266?

The Splunk AI Toolkit, particularly in versions prior to 5.7.4, is susceptible to a vulnerability that allows users with admin privileges to execute arbitrary operating system commands on the host machine running Splunk Enterprise. This flaw arises from an insecure shell execution mechanism in the btool configuration helper, which improperly constructs command strings using dynamic parameters without adequate safeguards against shell interpretation. This oversight poses a significant security risk, potentially enabling unauthorized access and control over the host system.

Affected Version(s)

Splunk AI Toolkit 5.7 < 5.7.4

References

https://advisory.splunk.com/advisories/SVD-2026-0614

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 17, 2026
Vulnerability Reserved
Oct 8, 2025

Credit

Gabriel Nitu, Splunk

CVE-2026-20266 Data

JSON