HarborGuardharborguardDatabase
Back to search
CRITICALCVE-2026-20266Published Modified CNA cisco

CVE-2026-20266: OS Command Injection in the btool Configuration Helper in Splunk AI Toolkit

In Splunk AI Toolkit versions below 5.7.4, a user who holds the "admin" Splunk role could execute arbitrary OS commands on the host running the Splunk Enterprise instance. The vulnerability is possible because of an unsafe shell execution pattern in the btool configuration helper, which constructs OS command strings from dynamic parameters without disabling shell interpretation.

Metrics

CVSS v3.1
9.1
Severity
CRITICAL
Fixed in
5.7.4
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

This is an OS command injection vulnerability in the btool configuration helper component of Splunk AI Toolkit versions below 5.7.4. It is reachable over the network but requires an admin-level Splunk account; the btool helper constructs OS command strings from dynamic parameters without sanitizing or disabling shell interpretation, letting an attacker inject arbitrary shell commands. Successful exploitation gives the attacker full command execution on the underlying host running Splunk Enterprise, enabling data theft, file tampering, and service disruption. A patched-image rebuild at version 5.7.4 is available on HarborGuard for environments running an affected version.

HarborGuard Coverage

Detection

Detection of CVE-2026-20266 is available across every HarborGuard environment; the CVE is ingested from upstream feeds and matched against customer images within minutes of publication, covering both official Splunk AI Toolkit images and any custom-built images that bundle the affected package. Images at versions below 5.7.4 are flagged automatically in both registry scans and CI/CD pipeline checks.

Available
Triage

HarborGuard scores this finding at CVSS 9.1 Critical and weights it against each environment's compliance policy to determine priority routing. Findings are surfaced to the appropriate team inbox within each customer organization based on configured ownership rules, so the right engineers see the alert without manual triage overhead.

Available
Patch

A patched-image rebuild at Splunk AI Toolkit 5.7.4 becomes available through HarborGuard once the fix version is confirmed against the upstream advisory. For customers who opt into auto-remediation, HarborGuard triggers a rebuild, runs a regression test suite, and opens a pull request against affected workloads automatically.

Available

Exploit Conditions

  • Network reachabilityRequired

    The attacker must reach the Splunk Enterprise web or API surface over the network; the service must be accessible from the attacker's position.

  • AuthenticationRequired

    An admin-level Splunk role account is required; a standard low-privilege user account is not sufficient to reach the vulnerable btool code path.

  • Victim interactionNot required

    No victim interaction is needed; the attacker triggers the injection directly through the admin interface without any social-engineering step.

  • Attack complexityDetail

    Attack complexity is low, meaning the exploit is reliable and does not depend on race conditions, specific memory layout, or other unpredictable environmental factors.

Blast Radius

  • Executes arbitrary OS commands on the host running Splunk Enterprise, giving the attacker a shell on the underlying server.
  • Reads any file accessible to the Splunk process user, including configuration files, credentials, and indexed log data.
  • Writes or modifies files on the host, enabling persistence mechanisms such as backdoors or cron jobs.
  • Crashes or disables the Splunk Enterprise process and dependent services, disrupting log ingestion and security monitoring pipelines.

How HarborGuard Handles This

Available on HarborGuard: images running Splunk AI Toolkit below 5.7.4 are matched against this CVE the moment the record is ingested, with no manual configuration needed. A patched rebuild at version 5.7.4 is available for affected images; for customers who opt into auto-remediation, HarborGuard performs the rebuild, runs regression tests, and opens a pull request against affected workloads. For Critical-severity findings, the median time from CVE publication to a merged patch PR is around 90 minutes in environments with auto-remediation enabled. Where auto-remediation is not enabled, the finding is routed to the configured owner inbox with full CVSS context and fix-version detail so engineers can act immediately. Because this vulnerability requires an admin-level account, customers may also apply compensating controls such as restricting admin role assignment and isolating the Splunk management interface behind a network policy while a patched image is validated and promoted.

See how HarborGuard automates this

Fix available

5.7.4
Affected packages
  • Splunk / Splunk AI Toolkit
    < 5.7.4 (from 5.7)
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
References