CVE-2026-0240

MEDIUM

Trust Protection Foundation: Sensitive Information Disclosure Vulnerability

Title source: cna
STIX 2.1

Description

An information disclosure vulnerability in Trust Protection Foundation enables an authenticated attacker to obtain sensitive information from the server's vault. Successful exploitation of this issue allows the attacker to impersonate any user within the environment and arbitrarily modify configuration settings.

References (1)

Core 1
Core References
Vendor Advisory vendor-advisory
https://security.paloaltonetworks.com/CVE-2026-0240

Scores

CVSS v4 4.5
EPSS 0.0021
EPSS Percentile 11.0%
CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-497
Status published
Products (4)
Palo Alto Networks/Trust Protection Foundation 24.1.0 - 24.1.13
Palo Alto Networks/Trust Protection Foundation 24.3.0 - 24.3.6
Palo Alto Networks/Trust Protection Foundation 25.1.0 - 25.1.8
Palo Alto Networks/Trust Protection Foundation 25.3.0 - 25.3.3
Published May 13, 2026
Tracked Since May 14, 2026