Medium severity6.5NVD Advisory· Published May 20, 2026· Updated May 26, 2026
CVE-2026-20238
CVE-2026-20238
Description
In Splunk AI Toolkit versions below 5.7.3, a low-privileged user that does not hold the 'admin' or 'power' roles could access confidential data that was restricted through srchFilter configurations on custom roles.The app contains an authorize.conf configuration file with a srchFilter entry that modifies the built-in ‘user’ role. Because the Splunk platform combines inherited search filters with the OR SPL operator, the injected filter overrides more restrictive filters on child roles.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <5.7.3
Patches
Vulnerability mechanics
References
1- advisory.splunk.com/advisories/SVD-2026-0502nvdMitigationVendor Advisory
News mentions
0No linked articles in our index yet.