CVE-2026-0234

EUVD-2026-21899
An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR and Cortex XSIAM platforms during integration of Microsoft Teams that enables an unauthenticated user to access and modify protected resources.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.1 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 13%
Affected Products (NVD)
VendorProductVersion
paloaltonetworkscortex_xsiam
1.5.0 ≤
𝑥
< 1.5.52
paloaltonetworkscortex_xsoar
1.5.0 ≤
𝑥
< 1.5.52
𝑥
= Vulnerable software versions