PT-2026-42211 · Splunk · Splunk Ai Toolkit+1

·

CVE-2026-20238

·

Published

2026-05-20

·

Updated

2026-05-26

CVSS v3.1

6.5

Medium

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
In Splunk AI Toolkit versions below 5.7.3, a low-privileged user that does not hold the 'admin' or 'power' roles could access confidential data that was restricted through srchFilter configurations on custom roles.

The app contains an authorize.conf configuration file with a srchFilter entry that modifies the built-in ‘user’ role. Because the Splunk platform combines inherited search filters with the OR SPL operator, the injected filter overrides more restrictive filters on child roles.

Fix

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-20238

Affected Products

Splunk Ai Toolkit
Ai Toolkit