CVE-2026-0270
Awaiting Analysis Awaiting Analysis - Queue

Path Traversal in Palo Alto Networks Cortex XSOAR Engine

Vulnerability report for CVE-2026-0270, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-10

Last updated on: 2026-06-10

Assigner: Palo Alto Networks, Inc.

Description

A path traversal vulnerability in Palo Alto Networks Cortex XSOAR engine software running on Linux allows an unauthenticated attacker on an adjacent network, with the ability to intercept and manipulate network response traffic via a man-in-the-middle (MITM) attack, to write arbitrary files to the host.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-10
Last Modified
2026-06-10
Generated
2026-07-01
AI Q&A
2026-06-11
EPSS Evaluated
2026-06-30
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
palo_alto_networks cortex_xsoar *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is a path traversal flaw in the Palo Alto Networks Cortex XSOAR engine software running on Linux. It allows an unauthenticated attacker who is on an adjacent network and capable of performing a man-in-the-middle (MITM) attack to intercept and manipulate network response traffic. By exploiting this, the attacker can write arbitrary files to the host system.

Impact Analysis

The vulnerability can allow an attacker to write arbitrary files to the host system without authentication. This could lead to unauthorized modification or insertion of malicious files, potentially compromising the integrity and security of the affected system.

Compliance Impact

The provided information does not specify how this vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.

Detection Guidance

The vulnerability in Palo Alto Networks Cortex XSOAR engine software allows an unauthenticated attacker on an adjacent network to perform a man-in-the-middle (MITM) attack and write arbitrary files to the host. Detection involves monitoring for unusual network traffic indicative of MITM attacks or unexpected file writes on the host system.

Since the vulnerability requires interception and manipulation of network response traffic, network monitoring tools can be used to detect suspicious ARP spoofing or DNS poisoning attempts that facilitate MITM attacks.

On the host system, checking for unexpected or unauthorized file changes in the Cortex XSOAR installation directories may help detect exploitation attempts.

Specific commands are not provided in the available resources, but general suggestions include:

  • Use network analysis tools like tcpdump or Wireshark to monitor for suspicious MITM activity.
  • Use commands like 'find' or 'stat' on the Linux host to identify recently modified files in the Cortex XSOAR directories.
  • Check system logs for unusual access or errors related to the Cortex XSOAR engine.

The best mitigation is to upgrade Cortex XSOAR to version 8.13.0.11 or later as recommended.

Mitigation Strategies

The suggested solution to mitigate this vulnerability is to upgrade Palo Alto Networks Cortex XSOAR engine software running on Linux to version 8.13.0.11 or later.

No special configuration is required for exposure, so applying the update is the primary mitigation step.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-0270. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart