PT-2026-33067 · Splunk · Splunk Mcp Server
Published
2026-04-15
·
Updated
2026-04-15
·
CVE-2026-20205
CVSS v3.1
7.2
High
| AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
In Splunk MCP Server app versions below 1.0.3 , a user who holds a role with access to the Splunk
The vulnerability would require either local access to the log files or administrative access to internal indexes, which by default only the admin role receives.
Review roles and capabilities on your instance and restrict internal index access to administrator-level roles. See Define roles on the Splunk platform with capabilities and Connecting to MCP Server and Admin settings in the Splunk documentation for more information.
internal index or possesses the high-privilege capability mcp tool admin could view users session and authorization tokens in clear text.The vulnerability would require either local access to the log files or administrative access to internal indexes, which by default only the admin role receives.
Review roles and capabilities on your instance and restrict internal index access to administrator-level roles. See Define roles on the Splunk platform with capabilities and Connecting to MCP Server and Admin settings in the Splunk documentation for more information.
Fix
Insertion into Log File
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Splunk Mcp Server