Splunk Mcp Server
Approved changes feed: RSS · Atom
cpe:2.3:a:splunk:splunk_mcp_server:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Splunk (0f7ef08f-e3f5-59a4-ba5f-26afb7835b46) |
|---|---|
| Product | Splunk Mcp Server (2f883c4d-b6a7-564b-a697-92400e260ede) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-20205 |
vulnerable | 2026-06-03 15:15:45.516394 |
Sensitive Information Disclosure in ''_internal'' index in Splunk MCP Server app
HIGH (7.2)
In Splunk MCP Server app versions below 1.0.3 , a user who holds a role with access to the Splunk `_internal` index or possesses the high-privilege capability `mcp_tool_admin` could view users session and authorization tokens in clear text.<br><br>The vulnerability would require either local access to the log files or administrative access to internal indexes, which by default only the admin role receives. <br><br>Review roles and capabilities on your instance and restrict internal index access to administrator-level roles. See [Define roles on the Splunk platform with capabilities](https://docs.splunk.com/Documentation/Splunk/latest/Security/Rolesandcapabilities) and [Connecting to MCP Server and Admin settings](https://help.splunk.com/en/splunk-enterprise/mcp-server-for-splunk-platform/connecting-to-mcp-server-and-admin-settings) in the Splunk documentation for more information.
Published: 2026-04-15T15:17:58.202Z
Updated: 2026-04-15T17:39:19.517Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-20381 |
vulnerable | 2026-06-03 14:59:14.789479 |
SPL commands allowlist controls bypass in Splunk MCP Server app through "run_splunk_query" MCP tool
MEDIUM (5.4)
In Splunk MCP Server app versions below 0.2.4, a user with access to the "run_splunk_query" Model Context Protocol (MCP) tool could bypass the SPL command allowlist controls in MCP by embedding SPL commands as sub-searches, leading to unauthorized actions beyond the intended MCP restrictions.
Published: 2025-12-03T17:00:25.945Z
Updated: 2025-12-03T21:29:51.839Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.