What is CVE-2026-20265?

CVE-2026-20265 is a medium-severity vulnerability in Splunk Ai Toolkit, classified under Initialization of a Resource with an Insecure Default. CVSS score: 4.3/10. Published 2026-06-17.

How severe is CVE-2026-20265?

Medium severity. CVSS v3 base score is 4.3 out of 10.

RCE in Splunk Ai Toolkit

CVE-2026-20265

In Splunk AI Toolkit versions below 5.7.4, a low-privileged user that does not hold the "admin" or "power" Splunk roles could cause the Splunk AI Toolkit to make outbound requests over HTTP to a server that an attacker controls, which coul…

CVSS v3 metric

CVSS v3 base score 4.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N.

Affected products

Splunk Ai Toolkit — versions 5.7

Weakness classification (CWE)

CWE-1188 — Initialization of a Resource with an Insecure Default

References

psirt@cisco.com

Frequently asked questions

What is CVE-2026-20265?: CVE-2026-20265 is a medium-severity vulnerability in Splunk Ai Toolkit, classified under Initialization of a Resource with an Insecure Default. CVSS score: 4.3/10. Published 2026-06-17.
How severe is CVE-2026-20265?: Medium severity. CVSS v3 base score is 4.3 out of 10.