Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2026-20205— Sensitive Information Disclosure in ''_internal'' index in Splunk MCP Server app

CVSS 7.2 · High EPSS 0.05% · P16
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-20205

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Sensitive Information Disclosure in ''_internal'' index in Splunk MCP Server app
Source: NVD (National Vulnerability Database)
Vulnerability Description
In Splunk MCP Server app versions below 1.0.3 , a user who holds a role with access to the Splunk `_internal` index or possesses the high-privilege capability `mcp_tool_admin` could view users session and authorization tokens in clear text.<br><br>The vulnerability would require either local access to the log files or administrative access to internal indexes, which by default only the admin role receives. <br><br>Review roles and capabilities on your instance and restrict internal index access to administrator-level roles. See [Define roles on the Splunk platform with capabilities](https://docs.splunk.com/Documentation/Splunk/latest/Security/Rolesandcapabilities) and [Connecting to MCP Server and Admin settings](https://help.splunk.com/en/splunk-enterprise/mcp-server-for-splunk-platform/connecting-to-mcp-server-and-admin-settings) in the Splunk documentation for more information.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
通过日志文件的信息暴露
Source: NVD (National Vulnerability Database)
Vulnerability Title
Splunk MCP Server 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Splunk MCP Server是美国Splunk公司的一个多云平台服务器。 Splunk MCP Server app 1.0.3之前版本存在安全漏洞,该漏洞源于明文存储会话和授权令牌,可能导致具有特定权限的用户查看明文令牌。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
SplunkSplunk MCP Server 1.0 ~ 1.0.3 -

II. Public POCs for CVE-2026-20205

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-20205

登录查看更多情报信息。

Same Patch Batch · Splunk · 2026-04-15 · 4 CVEs total

CVE-2026-202047.1 HIGHImproper Handling and Insufficient Isolation of Specific Temporary Files in Splunk Enterpr
CVE-2026-202026.6 MEDIUMImproper Input Validation during User Account Creation in Splunk Enterprise
CVE-2026-202034.3 MEDIUMImproper Access Control in Data Model Acceleration in Splunk Enterprise

IV. Related Vulnerabilities

Same product: Splunk MCP Server
Same vendor: Splunk
Same weakness: CWE-532

V. Comments for CVE-2026-20205

No comments yet

Leave a comment