Primary

Context

Splunk MCP Server Sensitive Information Disclosure Vulnerability in Internal Index

Vulnerability

A vulnerability exists in the Splunk MCP Server app in versions prior to 1.0.3. Users with access to the Splunk '_internal' index or the 'mcp_tool_admin' capability could view session and authorization tokens in clear text. This issue requires either local access to the log files or administrative access to internal indexes, which is typically reserved for the admin role.

Impact

Exploitation of this vulnerability could lead to unauthorized access to session and authorization tokens, allowing for potential impersonation or unauthorized actions on behalf of the user.

Remediation

Users are advised to upgrade the Splunk MCP Server app to version 1.0.3 or higher.

Added: Apr 15, 2026, 5:00 PM

Updated: Apr 15, 2026, 5:00 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.5

remediation

0.0

relevance

6.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.5

remediation

0.0

relevance

6.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Splunk MCP Server Sensitive Information Disclosure Vulnerability in Internal Index

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating