CVE-2026-0231

An information disclosure vulnerability in Palo Alto Networks Cortex XDR® Broker VM allows an authenticated user to obtain and modify sensitive information by triggering live terminal session via Cortex UI and modifying any configuration setting. The attacker must have network access to the Broker VM to exploit this issue.

CVSS

No CVSS.

References

Link	Resource
https://security.paloaltonetworks.com/CVE-2026-0231

Configurations

No configuration.

History

No history.

Information

Published : 2026-03-11 18:16

Updated : 2026-03-12 21:08

NVD link : CVE-2026-0231

Mitre link : CVE-2026-0231

CVE.ORG link : CVE-2026-0231

JSON object : View

Products Affected

No product.

CWE

CWE-497

Exposure of Sensitive System Information to an Unauthorized Control Sphere

{"id": "CVE-2026-0231", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "psirt@paloaltonetworks.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "USER", "baseScore": 5.7, "Automatable": "NO", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber", "exploitMaturity": "UNREPORTED", "providerUrgency": "AMBER", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "MODERATE", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-03-11T18:16:21.413", "references": [{"url": "https://security.paloaltonetworks.com/CVE-2026-0231", "source": "psirt@paloaltonetworks.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "psirt@paloaltonetworks.com", "description": [{"lang": "en", "value": "CWE-497"}]}], "descriptions": [{"lang": "en", "value": "An information disclosure vulnerability in\u00a0Palo Alto Networks Cortex XDR\u00ae Broker VM allows an authenticated user to obtain and modify sensitive information by triggering live terminal session via Cortex UI and modifying any configuration setting.\u00a0\nThe attacker must have network access to the Broker VM to exploit this issue."}, {"lang": "es", "value": "Una vulnerabilidad de revelaci\u00f3n de informaci\u00f3n en Palo Alto Networks Cortex XDR\u00ae Broker VM permite a un usuario autenticado obtener y modificar informaci\u00f3n sensible al activar una sesi\u00f3n de terminal en vivo a trav\u00e9s de la interfaz de usuario de Cortex y modificar cualquier ajuste de configuraci\u00f3n.\nEl atacante debe tener acceso de red al Broker VM para explotar este problema."}], "lastModified": "2026-03-12T21:08:22.643", "sourceIdentifier": "psirt@paloaltonetworks.com"}

CVE-2026-0231

JSON object

Attach tags to CVE-2026-0231

Attach tags to `CVE-2026-0231`