PT-2026-50502 · Splunk · Splunk Ai Toolkit
Published
2026-06-17
·
Updated
2026-06-17
·
CVE-2026-20266
CVSS v3.1
9.1
Critical
| Vector | AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Splunk AI Toolkit versions prior to 5.7.4
Description
A user with the "admin" Splunk role can execute arbitrary OS commands on the host running the Splunk Enterprise instance. This is caused by an unsafe shell execution pattern in the btool configuration helper, which creates OS command strings from dynamic parameters without disabling shell interpretation.
Recommendations
Update to version 5.7.4 or later.
Fix
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Splunk Ai Toolkit