VYPR

Splunk Mcp Server App

by Splunk

CVEs (2)

  • CVE-2026-20205HigApr 15, 2026
    risk 0.47cvss 7.2epss 0.00

    In Splunk MCP Server app versions below 1.0.3 , a user who holds a role with access to the Splunk `_internal` index or possesses the high-privilege capability `mcp_tool_admin` could view users session and authorization tokens in clear text.The vulnerability would require…

  • CVE-2025-20381MedDec 3, 2025
    risk 0.35cvss 5.4epss 0.00

    In Splunk MCP Server app versions below 0.2.4, a user with access to the "run_splunk_query" Model Context Protocol (MCP) tool could bypass the SPL command allowlist controls in MCP by embedding SPL commands as sub-searches, leading to unauthorized actions beyond the intended MCP…