Skip to main content
Mallory
Back to vulnerabilities
Unrated

SSRF / data exfiltration in Splunk AI Toolkit default domain allowlist

IdentifiersCVE-2026-20265CWE-918

CVE-2026-20265 affects Splunk AI Toolkit versions prior to 5.7.4. The issue is caused by an insecure default domain allowlist that does not properly restrict outbound AI agent HTTP requests to approved external domains. As a result, an attacker can cause the toolkit to initiate outbound HTTP requests to attacker-controlled infrastructure. The provided content indicates this can be triggered by a low-privileged user, though one mention context inconsistently states admin or power-role users; the primary description and advisory data indicate low-privileged non-admin, non-power users are sufficient. The vulnerability can expose data through outbound requests and is best characterized as a server-side request forgery style weakness arising from insufficient destination restriction.

Share:
For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial
ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation can cause Splunk AI Toolkit to send outbound HTTP requests to attacker-controlled servers, creating an information disclosure and data exfiltration path. Depending on what request content, prompts, context, or connected data the AI agent includes in those outbound interactions, sensitive information available to the toolkit or associated workflows could be disclosed to the attacker.

Mitigation

If you can’t patch tonight, do this now.

If immediate upgrade is not possible, restrict outbound AI agent requests to an explicit approved domain allowlist, enforce network egress controls so the toolkit cannot reach arbitrary external hosts, and monitor/block unexpected outbound HTTP traffic from the Splunk AI Toolkit environment. The supplied content also notes Splunk recommended uninstalling the AI Toolkit if upgrading is not possible.

Remediation

Patch, then assume compromise.

Upgrade Splunk AI Toolkit to version 5.7.4 or later, which fixes the insecure default domain allowlist behavior.
PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType
SplunkAi Toolkitapplication

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

4 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

4 SOURCESView more in app
What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.
Start free trial
Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity2

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES
MITRE CVE
cve.org · CVE-2026-20265
NVD
nvd.nist.gov/vuln/detail/CVE-2026-20265
MITRE CWE · CWE-918
cwe.mitre.org