CVE-2026-0234
HIGHCortex XSOAR: Improper Verification of Cryptographic Signature in Microsoft Teams integration
Title source: cnaDescription
An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR and Cortex XSIAM platforms during integration of Microsoft Teams that enables an unauthenticated user to access and modify protected resources.
References (1)
Core 1
Core References
Vendor Advisory vendor-advisory
https://security.paloaltonetworks.com/CVE-2026-0234
Scores
CVSS v4
7.2
EPSS
0.0024
EPSS Percentile
14.4%
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Red
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-347
Status
published
Products (2)
Palo Alto Networks/Cortex XSIAM Microsoft Teams Marketplace
1.5.0 - 1.5.52
Palo Alto Networks/Cortex XSOAR Microsoft Teams Marketplace
1.5.0 - 1.5.52
Published
Apr 13, 2026
Tracked Since
Apr 13, 2026