Home

Description

An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR and Cortex XSIAM platforms during integration of Microsoft Teams that enables an unauthenticated user to access and modify protected resources.

PUBLISHED Reserved 2025-11-03 | Published 2026-04-13 | Updated 2026-04-14 | Assigner palo_alto




HIGH: 7.2CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Red

Problem types

CWE-347 Improper Verification of Cryptographic Signature

Product status

Default status
unaffected

1.5.0 (custom) before 1.5.52
affected

Default status
unaffected

1.5.0 (custom) before 1.5.52
affected

Timeline

2026-04-08:Initial Publication

Credits

quinn finder

References

security.paloaltonetworks.com/CVE-2026-0234 vendor-advisory

cve.org (CVE-2026-0234)

nvd.nist.gov (CVE-2026-0234)

Download JSON