CVE-2026-0234
7.2
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Red
Summary
An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR and Cortex XSIAM platforms during integration of Microsoft Teams that enables an unauthenticated user to access and modify protected resources.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Palo Alto Networks | Cortex XSOAR Microsoft Teams Marketplace | 1.5.0 < 1.5.52 | affected |
| Palo Alto Networks | Cortex XSIAM Microsoft Teams Marketplace | 1.5.0 < 1.5.52 | affected |
Weaknesses
- CWE-347: CWE-347 Improper Verification of Cryptographic Signature
Workarounds
No known workarounds exist for this issue.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.