Home

Description

An information disclosure vulnerability in Palo Alto Networks Cortex XDR® Broker VM allows an authenticated user to obtain and modify sensitive information by triggering live terminal session via Cortex UI and modifying any configuration setting. The attacker must have network access to the Broker VM to exploit this issue.

PUBLISHED Reserved 2025-11-03 | Published 2026-03-11 | Updated 2026-03-11 | Assigner palo_alto




MEDIUM: 5.7CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber

Problem types

CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere

Product status

Default status
unaffected

30.0.0 (custom) before 30.0.49
affected

Timeline

2026-03-11:Initial Publication

Credits

an internal reporter, Nicola Kalak, finder

References

security.paloaltonetworks.com/CVE-2026-0231 vendor-advisory

cve.org (CVE-2026-0231)

nvd.nist.gov (CVE-2026-0231)

Download JSON