Executive Summary

CVE-2026-0231 is an information disclosure vulnerability in Palo Alto Networks Cortex XDR Broker VM. It allows an authenticated user with network access to the Broker VM to obtain and modify sensitive information by triggering a live terminal session through the Cortex UI and changing any configuration settings.

The vulnerability affects versions from 30.0.0 up to but not including 30.0.49 and requires no special configuration to be exploited. It involves exposure of sensitive system information to an unauthorized control sphere.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can impact you by allowing an authenticated user with network access and high privileges to obtain and modify sensitive information within the Cortex XDR Broker VM.

The attacker can alter any configuration settings, which can compromise the confidentiality, integrity, and availability of the product.

Since the vulnerability has a medium severity CVSS v4.0 score of 5.7 and a high CVSS v3.1 score of 8.4, it represents a significant risk if exploited.

Useful 0 Not Useful 0

Compliance Impact

I don't know

Useful 0 Not Useful 0

Detection Guidance

There are no specific detection commands or methods provided to identify this vulnerability on your network or system.

The vulnerability requires an authenticated user with network access to the Cortex XDR Broker VM and involves triggering a live terminal session via the Cortex UI to modify configuration settings.

No known exploits or malicious activity have been reported, and no special configuration is required to be vulnerable.

Useful 0 Not Useful 0

Mitigation Strategies

The vulnerability is fixed in Cortex XDR Broker VM version 30.0.49 and later.

If your system has automatic upgrades enabled, no action is required.

Otherwise, manual upgrading to version 30.0.49 or later is recommended as there are no known workarounds or mitigations currently available.

Useful 0 Not Useful 0