CVE-2026-0242

Summary

A SQL injection vulnerability in Trust Protection Foundation allows an authenticated attacker to execute arbitrary SQL commands against the product database. Successful exploitation could allow an attacker to read sensitive data, modify database contents, and escalate privileges to gain full administrative control of the platform.

Affected Software

VendorProductVersion RangeStatus
Palo Alto NetworksTrust Protection Foundation25.3.0 < 25.3.3affected
Palo Alto NetworksTrust Protection Foundation25.1.0 < 25.1.8affected
Palo Alto NetworksTrust Protection Foundation24.3.0 < 24.3.6affected
Palo Alto NetworksTrust Protection Foundation24.1.0 < 24.1.13affected

Weaknesses

  • CWE-89: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References