CVE-2026-0233

LOW

Autonomous Digital Experience Manager: Improper validation of ADEM certificate

Title source: cna

Description

A certificate validation vulnerability in Palo Alto Networks Autonomous Digital Experience Manager on Windows allows an unauthenticated attacker with adjacent network access to execute arbitrary code with NT AUTHORITY\SYSTEM privileges.

References (1)

[Vendor Advisory] https://security.paloaltonetworks.com/CVE-2026-0233

Scores

CVSS v4 2.0

EPSS 0.0001

EPSS Percentile 2.4%

CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Green

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-295

Status published

Products (1)

Palo Alto Networks/Autonomous Digital Experience Manager 5.10.0 - 5.10.14

Published Apr 13, 2026

Tracked Since Apr 13, 2026