CVE-2026-0242

MEDIUM

Trust Protection Foundation: SQL Injection Vulnerability

Title source: cna
STIX 2.1

Description

A SQL injection vulnerability in Trust Protection Foundation allows an authenticated attacker to execute arbitrary SQL commands against the product database. Successful exploitation could allow an attacker to read sensitive data, modify database contents, and escalate privileges to gain full administrative control of the platform.

References (1)

Core 1
Core References
Vendor Advisory vendor-advisory
https://security.paloaltonetworks.com/CVE-2026-0242

Scores

CVSS v4 6.1
EPSS 0.0025
EPSS Percentile 15.8%
CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:C/RE:M/U:Amber

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-89
Status published
Products (4)
Palo Alto Networks/Trust Protection Foundation 24.1.0 - 24.1.13
Palo Alto Networks/Trust Protection Foundation 24.3.0 - 24.3.6
Palo Alto Networks/Trust Protection Foundation 25.1.0 - 25.1.8
Palo Alto Networks/Trust Protection Foundation 25.3.0 - 25.3.3
Published May 13, 2026
Tracked Since May 14, 2026