CVE-2026-0233 | THREATINT

Description

A certificate validation vulnerability in Palo Alto Networks Autonomous Digital Experience Manager on Windows allows an unauthenticated attacker with adjacent network access to execute arbitrary code with NT AUTHORITY\SYSTEM privileges.

PUBLISHED Reserved 2025-11-03 | Published 2026-04-13 | Updated 2026-04-14 | Assigner palo_alto

LOW: 2.0CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Green

Problem types

CWE-295: Improper Certificate Validation

Product status

Default status

unaffected

5.10.0 (custom) before 5.10.14

affected

Timeline

2026-04-08:	Initial publication.
2026-04-08:	Corrected the version ranges.

Credits

David Fischer with OBI finder

References

security.paloaltonetworks.com/CVE-2026-0233 vendor-advisory

cve.org (CVE-2026-0233)

nvd.nist.gov (CVE-2026-0233)

Download JSON