Home

Description

A SQL injection vulnerability in Trust Protection Foundation allows an authenticated attacker to execute arbitrary SQL commands against the product database. Successful exploitation could allow an attacker to read sensitive data, modify database contents, and escalate privileges to gain full administrative control of the platform.

PUBLISHED Reserved 2025-11-03 | Published 2026-05-13 | Updated 2026-05-15 | Assigner palo_alto




MEDIUM: 6.1CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N/E:U/AU:Y/R:U/V:C/RE:M/U:Amber

Problem types

CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Product status

Default status
unaffected

25.3.0 (custom) before 25.3.3
affected

25.1.0 (custom) before 25.1.8
affected

24.3.0 (custom) before 24.3.6
affected

24.1.0 (custom) before 24.1.13
affected

Timeline

2026-05-13:Initial publication.

Credits

Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue. other

References

security.paloaltonetworks.com/CVE-2026-0242 vendor-advisory

cve.org (CVE-2026-0242)

nvd.nist.gov (CVE-2026-0242)

Download JSON