The vulnerability arises from the failure to safely sanitize user-supplied extensible stylesheet language transformations (XSLT), enabling attackers to upload malicious XSLT and gain remote access to Splunk Enterprise instances.