Insecure Default Domain Allowlist in Splunk AI Toolkit
Advisory ID: SVD-2026-0613
CVE ID: CVE-2026-20265
Published: 2026-06-17
Last Update: 2026-06-17
CVSSv3.1 Score: 4.3, Medium
CVSSv3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CWE: CWE-1188
Bug ID: VULN-73543
Description
In Splunk AI Toolkit versions below 5.7.4, a low-privileged user that does not hold the “admin” or “power” Splunk roles could cause the Splunk AI Toolkit to make outbound requests over HTTP to a server that an attacker controls, which could allow for data exfiltration.
The vulnerability exists because of an insecure default domain allowlist in the Splunk AI Toolkit, which does not restrict outbound AI agent requests to approved external domains.
See Algorithms and scoring metrics in the AI Toolkit in the Splunk documentation for more information.
Solution
Upgrade Splunk AI Toolkit to version 5.7.4 or higher.
Product Status
| Product | Base Version | Affected Version | Fix Version |
|---|---|---|---|
| Splunk AI Toolkit | 5.7 | Below 5.7.4 | 5.7.4 |
Mitigations and Workarounds
In the local/mlspl.conf configuration file, under the [ai:AllowedDomains] stanza, give the allowed_domains setting an explicit list of approved domains. Confirm that enforce_domain_validation has a value of true in the same stanza. When enforce_domain_validation is false, Splunk AI Tooklit ignores the domain list and agents can connect to any domain.
If you are not able to make the previously-described configuration changes, turn off or remove the Splunk AI Toolkit. See Manage app and add-on objects in the Splunk documentation.
Detections
None
Severity
Splunk rates this vulnerability a 4.3, Medium, with a CVSSv3.1 vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N.
Acknowledgments
Gabriel Nitu, Splunk