CVE-2026-0276
Received Received - Intake

Privilege Escalation in Palo Alto Networks Cortex XDR Broker VM

Vulnerability report for CVE-2026-0276, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-09

Last updated on: 2026-07-09

Assigner: Palo Alto Networks, Inc.

Description

A privilege escalation vulnerability in Palo Alto Networks Cortexยฎ XDR Broker VM enables a locally authenticated user to perform actions as the root user.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-09
Last Modified
2026-07-09
Generated
2026-07-10
AI Q&A
2026-07-09
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
palo_alto_networks cortex_xdr_broker_vm From 20.0.96 (inc) to 31.0.58 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-269 The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-0276 is a privilege escalation vulnerability in Palo Alto Networks Cortex XDR Broker VM. It allows a locally authenticated user to perform actions with root user privileges, meaning the user can gain full control over the affected system.

This vulnerability affects versions of Cortex XDR Broker VM from 20.0.96 up to, but not including, 31.0.58. No special configuration is required for exposure, and exploitation does not require additional privileges or user interaction.

Impact Analysis

The vulnerability can impact you by allowing a locally authenticated user to escalate their privileges to root level, potentially enabling them to take full control of the system, modify or delete data, install malicious software, or disrupt system operations.

Although the severity is rated as LOW and the CVSS base score is 1.1, the suggested urgency is MODERATE because root access can lead to significant security risks if exploited.

Detection Guidance

There is no specific information provided about detection methods or commands to identify this vulnerability on your network or system.

Mitigation Strategies

To mitigate this vulnerability, ensure your Palo Alto Networks Cortex XDR Broker VM is updated to version 31.0.58 or later, where the issue is fixed.

If automatic upgrades are enabled on your system, no further action is needed.

If automatic upgrades are not enabled, it is recommended to enable them or manually upgrade to the fixed version.

No workarounds are available for this vulnerability.

Compliance Impact

The provided information does not specify how this privilege escalation vulnerability in Palo Alto Networks Cortex XDR Broker VM impacts compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant

Ask questions about this CVE
Hi! Iโ€™m here to help you understand CVE-2026-0276. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart