CVE-2026-20205

Name of the Vulnerable Software and Affected Versions Splunk MCP Server app versions prior to 1.0.3

Description A user with a role that has access to the Splunk internal index or the high-privilege capability mcp tool admin can view user session and authorization tokens in clear text. This issue requires either local access to log files or administrative access to internal indexes, which are typically restricted to the admin role by default.

Recommendations Update to version 1.0.3 or later. Review roles and capabilities on the instance and restrict internal index access to administrator-level roles.