Splunk MCP Server Bug Exposes Session Tokens

The National Vulnerability Database (NVD) recently detailed CVE-2026-20205, a high-severity vulnerability (CVSS 7.2) affecting Splunk MCP Server app versions prior to 1.0.3. This flaw allows high-privilege users to view other users’ session and authorization tokens in clear text. This isn’t just a minor info leak; it’s a critical exposure that could lead to session hijacking or further privilege escalation if an attacker gains the necessary access.

To exploit this, an attacker would need either local access to log files or administrative access to Splunk’s internal indexes. The NVD points out that by default, only the admin role has this level of access. However, in larger, complex Splunk deployments, it’s not uncommon for custom roles to be granted overly broad permissions, potentially expanding the attack surface for this kind of vulnerability. The underlying issue, classified as CWE-532, highlights a common pitfall: storing sensitive information in an unencrypted or easily accessible format within log files or application data.

Organizations running affected Splunk MCP Server versions are strongly advised to audit their Splunk roles and capabilities. Restricting access to the _internal index and the mcp_tool_admin capability to only true administrator-level roles is paramount. This isn’t just about patching; it’s about hardening your environment and adhering to the principle of least privilege, especially around critical data like session tokens.