CVE-2026-0233
Received
Received - Intake
Certificate Validation Flaw in Palo Alto ADM Enables SYSTEM Code Execution
Vulnerability report for CVE-2026-0233, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-04-13
Last updated on: 2026-04-13
Assigner: Palo Alto Networks, Inc.
Description
Description
A certificate validation vulnerability in Palo Alto Networks Autonomous Digital Experience Manager on Windows allows an unauthenticated attacker with adjacent network access to execute arbitrary code with NT AUTHORITY\SYSTEM privileges.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| palo_alto_networks | autonomous_digital_experience_manager | * |
| palo_alto_networks | autonomous_digital_experience_manager | to 5.10.14 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-295 | The product does not validate, or incorrectly validates, a certificate. |