CVE-2026-0234

HIGH

Cortex XSOAR: Improper Verification of Cryptographic Signature in Microsoft Teams integration

Title source: cna

Description

An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR and Cortex XSIAM platforms during integration of Microsoft Teams that enables an unauthenticated user to access and modify protected resources.

References (1)

[Vendor Advisory] https://security.paloaltonetworks.com/CVE-2026-0234

Scores

CVSS v4 7.2

EPSS 0.0002

EPSS Percentile 5.9%

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Red

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-347

Status published

Products (2)

Palo Alto Networks/Cortex XSIAM Microsoft Teams Marketplace 1.5.0 - 1.5.52

Palo Alto Networks/Cortex XSOAR Microsoft Teams Marketplace 1.5.0 - 1.5.52

Published Apr 13, 2026

Tracked Since Apr 13, 2026