CVE-2026-20238: Improper Access Control through Role Inheritance in Splunk AI Toolkit app

Q: What is the severity of CVE-2026-20238?

CVE-2026-20238 has a low severity related to improper access control through role inheritance.

Q: How do I fix CVE-2026-20238?

To fix CVE-2026-20238, upgrade the Splunk AI Toolkit to version 5.7.3 or later.

Q: What is the impact of CVE-2026-20238?

CVE-2026-20238 allows low-privileged users to access confidential data restricted by `srchFilter` configurations.

Q: Which versions are affected by CVE-2026-20238?

CVE-2026-20238 affects all versions of Splunk AI Toolkit below 5.7.3.

Q: Who is vulnerable to CVE-2026-20238?

Low-privileged users without 'admin' or 'power' roles in the Splunk AI Toolkit are vulnerable to CVE-2026-20238.

Published May 20, 2026

Updated

In Splunk AI Toolkit versions below 5.7.3, a low-privileged user that does not hold the 'admin' or 'power' roles could access confidential data that was restricted through `srchFilter` configurations on custom roles.<br><br>The app contains an `authorize.conf` configuration file with a `srchFilter` entry that modifies the built-in ‘user’ role. Because the Splunk platform combines inherited search filters with the `OR` SPL operator, the injected filter overrides more restrictive filters on child roles.

Affected Software

1 affected component

Splunk Splunk AI Toolkit<5.7.3

Event History

May 20, 2026

CVE Published

via MITRE·04:32 PM

Data Sourced

via MITRE·04:32 PM

DescriptionSeverityWeakness

Data Sourced

via NVD·06:16 PM

DescriptionSeverityWeakness

Frequently Asked Questions

What is the severity of CVE-2026-20238?

CVE-2026-20238 has a low severity related to improper access control through role inheritance.

How do I fix CVE-2026-20238?

To fix CVE-2026-20238, upgrade the Splunk AI Toolkit to version 5.7.3 or later.

What is the impact of CVE-2026-20238?

CVE-2026-20238 allows low-privileged users to access confidential data restricted by `srchFilter` configurations.

Which versions are affected by CVE-2026-20238?

CVE-2026-20238 affects all versions of Splunk AI Toolkit below 5.7.3.

Who is vulnerable to CVE-2026-20238?

Low-privileged users without 'admin' or 'power' roles in the Splunk AI Toolkit are vulnerable to CVE-2026-20238.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.