CVE-2026-0231
Information Disclosure and Configuration Modification in Cortex XDR Broker VM
Publication date: 2026-03-11
Last updated on: 2026-03-11
Assigner: Palo Alto Networks, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| palo_alto_networks | cortex_xdr_broker_vm | * |
| palo_alto_networks | cortex_xdr_broker_vm | From 30.0.0 (inc) to 30.0.49 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-497 | The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-0231 is an information disclosure vulnerability in Palo Alto Networks Cortex XDR Broker VM. It allows an authenticated user with network access to the Broker VM to obtain and modify sensitive information by triggering a live terminal session through the Cortex UI and changing any configuration settings.
The vulnerability affects versions from 30.0.0 up to but not including 30.0.49 and requires no special configuration to be exploited. It involves exposure of sensitive system information to an unauthorized control sphere.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing an authenticated user with network access and high privileges to obtain and modify sensitive information within the Cortex XDR Broker VM.
The attacker can alter any configuration settings, which can compromise the confidentiality, integrity, and availability of the product.
Since the vulnerability has a medium severity CVSS v4.0 score of 5.7 and a high CVSS v3.1 score of 8.4, it represents a significant risk if exploited.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
There are no specific detection commands or methods provided to identify this vulnerability on your network or system.
The vulnerability requires an authenticated user with network access to the Cortex XDR Broker VM and involves triggering a live terminal session via the Cortex UI to modify configuration settings.
No known exploits or malicious activity have been reported, and no special configuration is required to be vulnerable.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability is fixed in Cortex XDR Broker VM version 30.0.49 and later.
If your system has automatic upgrades enabled, no action is required.
Otherwise, manual upgrading to version 30.0.49 or later is recommended as there are no known workarounds or mitigations currently available.