Unrated

OS Command Injection in Splunk AI Toolkit btool Configuration Helper

IdentifiersCVE-2026-20266CWE-78

CVE-2026-20266 is a critical OS command injection vulnerability in the btool configuration helper of Splunk AI Toolkit. It affects Splunk AI Toolkit versions below 5.7.4. The flaw is caused by an unsafe shell execution pattern in which the helper constructs operating system command strings from dynamic parameters without disabling shell interpretation. As a result, a user holding the Splunk "admin" role can cause arbitrary OS commands to be executed on the host running the Splunk Enterprise instance.

For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial

ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation allows arbitrary operating system command execution on the underlying host running Splunk Enterprise. This can lead to full compromise of the host in the security context of the vulnerable process, with high impact to confidentiality, integrity, and availability. The provided context also indicates a CVSS v3.1 score of 9.1 with scope changed, reflecting the potential for compromise beyond the application boundary.

Mitigation

If you can’t patch tonight, do this now.

If immediate patching is not possible, Splunk's listed workaround is to uninstall the Splunk AI Toolkit. Additional defensive mitigation based on the described root cause would be to avoid or disable use of the vulnerable helper path where feasible until the upgrade is completed.

Remediation

Patch, then assume compromise.

Upgrade Splunk AI Toolkit to version 5.7.4 or later. The provided context identifies 5.7.4 as the fixed release and recommends applying the vendor update promptly.

PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

ACTIVITY FEED

Recent activity

7 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

7 SOURCESView more in app

security online infoNews

Jun 17, 2026

Splunk AI Toolkit Vulnerabilities: Critical RCE & Data Risks

A critical OS command injection vulnerability in the Splunk AI Toolkit btool Configuration Helper that allows an admin-role user to execute arbitrary OS commands on the host running Splunk Enterprise.

cvefeed high severityNews

Jun 17, 2026

CVE-2026-20266 - OS Command Injection in the btool Configuration Helper in Splunk AI Toolkit

An OS command injection vulnerability in the btool configuration helper of Splunk AI Toolkit that allows a user with the admin Splunk role to execute arbitrary OS commands on the host running Splunk Enterprise.

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.

Start free trial

Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity4

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES

MITRE CVE

cve.org · CVE-2026-20266

NVD

nvd.nist.gov/vuln/detail/CVE-2026-20266

MITRE CWE · CWE-78

cwe.mitre.org