Splunk AI Toolkit Critical Flaw (CVE-2026-20266, CVSS 9.1) Lets Admins Execute Arbitrary OS Commands — No Detection Mechanism Exists

Splunk disclosed two vulnerabilities in its AI Toolkit on June 18: CVE-2026-20266 (CVSS 9.1) lets any user holding the Splunk 'admin' role execute arbitrary OS commands by exploiting an unsafe shell-execution pattern in the btool configuration helper that constructs OS command strings from dynamic parameters without disabling shell interpretation. A companion medium-severity flaw (CVE-2026-20265, CVSS 4.3) lets low-privilege users exfiltrate data to attacker-controlled domains via an insecure default domain allowlist. All AI Toolkit versions below 5.7.4 are affected; Splunk confirms no detection mechanism currently exists for the critical flaw, making immediate upgrade to 5.7.4—or full toolkit removal—the only available remediation.