CVE-2026-0234
Received
Received - Intake
Cryptographic Signature Bypass in Cortex XSOAR/XSIAM Enables Unauthorized Access
Vulnerability report for CVE-2026-0234, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-04-13
Last updated on: 2026-04-13
Assigner: Palo Alto Networks, Inc.
Description
Description
An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR and Cortex XSIAM platforms during integration of Microsoft Teams that enables an unauthenticated user to access and modify protected resources.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| palo_alto_networks | cortex_xsoar | * |
| palo_alto_networks | cortex_xsiam | * |
| palo_alto_networks | cortex_xsoar | From 1.5.0 (inc) to 1.5.52 (exc) |
| palo_alto_networks | cortex_xsiam | From 1.5.0 (inc) to 1.5.52 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-347 | The product does not verify, or incorrectly verifies, the cryptographic signature for data. |