CVE-2026-0240

Summary

An information disclosure vulnerability in Trust Protection Foundation enables an authenticated attacker to obtain sensitive information from the server's vault. Successful exploitation of this issue allows the attacker to impersonate any user within the environment and arbitrarily modify configuration settings.

Affected Software

VendorProductVersion RangeStatus
Palo Alto NetworksTrust Protection Foundation25.3.0 < 25.3.3affected
Palo Alto NetworksTrust Protection Foundation25.1.0 < 25.1.8affected
Palo Alto NetworksTrust Protection Foundation24.3.0 < 24.3.6affected
Palo Alto NetworksTrust Protection Foundation24.1.0 < 24.1.13affected

Weaknesses

  • CWE-497: CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere

Workarounds

No known workarounds exist for this issue.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References