CVE-2026-0234

high

Microsoft

CVSS v3 Base Score

7.2

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Red

EPSS Score

0.0%

Exploitation probability in 30 days

Top 93% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Published: April 13, 2026 (31 days ago)

Last Modified: April 14, 2026

Vendor: Microsoft

Source: MITRE

Description

An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR and Cortex XSIAM platforms during integration of Microsoft Teams that enables an unauthenticated user to access and modify protected resources.

CWE

CWE-347

Affected Products

Palo Alto Networks Cortex XSOAR Microsoft Teams MarketplacePalo Alto Networks Cortex XSIAM Microsoft Teams Marketplace

References

🔗 security.paloaltonetworks.com

CVE-2026-0234

Vulnerability Report

Description

CWE

Affected Products

References