CVE-2026-0274

Summary

An improper validation of credentials vulnerability in the CommvaultSecurityIQ integration for Cortex XSOAR and Cortex XSIAM allows an unauthenticated attacker to access and modify protected resources.

Affected Software

VendorProductVersion RangeStatus
Palo Alto NetworksCortex XSIAM CommvaultSecurityIQ Marketplace1.1.0 < 1.2.0affected
Palo Alto NetworksCortex XSOAR CommvaultSecurityIQ Marketplace1.1.0 < 1.2.0affected

Weaknesses

  • CWE-1390: CWE-1390 Weak Authentication

Workarounds

No known workarounds exist for this issue.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References