OS Command Injection in the btool Configuration Helper in Splunk AI Toolkit

Advisory ID: SVD-2026-0614

CVE ID: CVE-2026-20266

Published: 2026-06-17

Last Update: 2026-06-17

CVSSv3.1 Score: 9.1, Critical

CWE: CWE-78

Bug ID: VULN-65723

Description

In Splunk AI Toolkit versions below 5.7.4, a user who holds the “admin” Splunk role could execute arbitrary OS commands on the host running the Splunk Enterprise instance.

The vulnerability is possible because of an unsafe shell execution pattern in the btool configuration helper, which constructs OS command strings from dynamic parameters without disabling shell interpretation.

Solution

Upgrade Splunk AI Toolkit to version 5.7.4 or higher.

Product Status

ProductBase VersionAffected VersionFix Version
Splunk AI Toolkit5.7Below 5.7.45.7.4

Mitigations and Workarounds

Uninstall the Splunk AI Toolkit. See Manage app and add-on objects in the Splunk documentation.

Detections

None

Severity

Splunk rates this vulnerability a 9.1, Critical, with a CVSSv3.1 vector of CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H.

Acknowledgments

Gabriel Nitu, Splunk