Skills
CVE-2026-20205: Splunk MCP Server Exposes User Session and Authorization Tokens in Cleartext via _internal Index (CVSS 7.2)
Splunk MCP Server app versions below 1.0.3 expose user session and authorization tokens in cleartext to anyone with access to the Splunk _internal index or the mcp_tool_admin capability. CVSS 7.2 (High). While exploitation requires elevated privileges (admin-level index access), the vulnerability enables full session impersonation and token reuse for privilege escalation. This is the second major MCP server credential-exposure CVE in April, following the Azure MCP Server CVE-2026-32211 (CVSS 9.1).
↳ Follow the thread