Home

Description

An information disclosure vulnerability in Trust Protection Foundation enables an authenticated attacker to obtain sensitive information from the server's vault. Successful exploitation of this issue allows the attacker to impersonate any user within the environment and arbitrarily modify configuration settings.

PUBLISHED Reserved 2025-11-03 | Published 2026-05-13 | Updated 2026-05-15 | Assigner palo_alto




MEDIUM: 4.5CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber

Problem types

CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere

Product status

Default status
unaffected

25.3.0 (custom) before 25.3.3
affected

25.1.0 (custom) before 25.1.8
affected

24.3.0 (custom) before 24.3.6
affected

24.1.0 (custom) before 24.1.13
affected

Timeline

2026-05-13:Initial publication.

Credits

Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue. other

References

security.paloaltonetworks.com/CVE-2026-0240 vendor-advisory

cve.org (CVE-2026-0240)

nvd.nist.gov (CVE-2026-0240)

Download JSON