Security Advisory: Addressing Critical Vulnerabilities in Splunk Enterprise, Cloud Platform, and AI Toolkit
Splunk has issued urgent security updates to remediate three newly identified vulnerabilities. These flaws present significant risks to the integrity and availability of Splunk deployments, ranging from unauthorized data access by low-privileged users to complete system disruption via Denial-of-Service (DoS) attacks. The vulnerabilities impact Splunk Enterprise, the Splunk Cloud Platform, and the Splunk AI Toolkit application.
The vulnerabilities are categorized as follows:
- SVD-2026-0502 / CVE-2026-20238: Improper access control within the Splunk AI Toolkit (Medium severity).
- SVD-2026-0503 / CVE-2026-20239: Sensitive information disclosure via internal log files (High severity).
- SVD-2026-0504 / CVE-2026-20240: Denial of Service (DoS) via the
coldToFrozen.shscript (High severity).
CVE-2026-20238: Broken Access Control in Splunk AI Toolkit
Versions of the Splunk AI Toolkit prior to 5.7.3 suffer from a configuration flaw within the authorize.conf file. This flaw undermines the intended Role-Based Access Control (RBAC) mechanisms used for search filters.
Technical Root Cause: The application modifies the default “user” role by injecting a srchFilter entry. Due to Splunk’s internal role inheritance logic—which processes filters using a logical OR operation—this modification can inadvertently override more restrictive filters applied to custom child roles. This allows users without administrative or “power” privileges to bypass security boundaries and query sensitive data, including confidential AI operational history stored in the ai_agent_run_history_index.
Mitigation Strategies:
- Primary Fix: Upgrade the Splunk AI Toolkit to version 5.7.3 or later immediately.
- Interim Workaround: Disable the Splunk AI Toolkit (versions 5.7.2 and below) until a patch can be deployed.
- Manual Hardening: If the app must remain active, manually remove the
srchFilterline from the defaultauthorize.confor override it with an empty string in the local configuration. Furthermore, ensureai_agent_run_history_indexis strictly protected using thesrchIndexesAllowedattribute on AI-specific roles.
CVE-2026-20239: Sensitive Data Exposure in Internal Logs
This vulnerability impacts Splunk Enterprise versions below 10.2.2 and 10.0.5, along with specific Splunk Cloud Platform builds. It carries a high CVSS score of 7.5 due to the nature of the data at risk.
Technical Root Cause: The issue resides in the TcpChannel component. A lack of sufficient output buffer sanitization causes the system to log the entirety of I/O buffer contents at a WARN level whenever a socket error occurs. Consequently, session cookies and sensitive HTTP response bodies are written directly into the _internal index. Any user with permission to search the _internal index can subsequently harvest these credentials.
Mitigation Strategies:
- Primary Fix: Upgrade Splunk Enterprise to 10.2.2, 10.0.5, or the latest available maintenance release. Splunk Cloud customers will receive these fixes via platform updates.
- Immediate Defensive Action: Audit all user roles and restrict access to the
_internalindex exclusively to admin-level accounts to prevent unauthorized data harvesting.
CVE-2026-20240: Denial of Service via Path Traversal in Splunk Archiver
The third vulnerability, rated 7.1 (High), targets the splunk_archiver component. This flaw allows a low-privileged attacker to render a Splunk instance completely non-functional.
Technical Root Cause: The coldToFrozen.sh script lacks rigorous input validation. It fails to restrict file path arguments to the designated directories used for bucket transitions. An attacker can exploit this by providing arbitrary paths, allowing the script to execute a rename operation on critical Splunk system directories. This effectively breaks the application’s file structure and halts service.
Mitigation Strategies:
- Primary Fix: Apply the appropriate upgrade based on your deployment branch:
- Splunk Enterprise: 10.2.2, 10.0.5, 9.4.11, or 9.3.12.
- Splunk Cloud Platform: Ensure you are on the latest maintenance release (e.g., 10.4.2603.1, 10.3.2512.9, or 10.2.2510.11).
- Interim Workaround: Deactivate the Splunk Archiver app. If the app is not actively utilized for your operational workflows, disabling it eliminates the attack vector without impacting system availability.
Summary Checklist for Administrators
Given the potential for data leakage and system downtime, organizations—particularly those operating in multi-tenant environments—should prioritize the following:
- Patching: Execute a phased upgrade to the fixed versions listed above.
- App Management: Temporarily disable the Splunk AI Toolkit and Splunk Archiver if immediate patching is not possible.
- Least Privilege: Review and tighten permissions for the
_internalindex and all AI-related indexes.