CVE-2026-20266

OS Command Injection in the btool Configuration Helper in Splunk AI Toolkit

CVSS 9.1 CRITICALEPSS 0.5%CWE-78

Vexday Risk Score

28Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 9.1EPSS 0.5%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

17 Jun 2026Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

In Splunk AI Toolkit versions below 5.7.4, a user who holds the "admin" Splunk role could execute arbitrary OS commands on the host running the Splunk Enterprise instance. The vulnerability is possible because of an unsafe shell execution pattern in the btool configuration helper, which constructs OS command strings from dynamic parameters without disabling shell interpretation.

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Affected products

Splunk · Splunk AI Toolkit

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://advisory.splunk.com/advisories/SVD-2026-0614