Vulnerability-Lookup

CVE-2026-0274 (GCVE-0-2026-0274)

Vulnerability from cvelistv5 – Published: 2026-06-10 21:02 – Updated: 2026-06-11 13:45

Title

Cortex XSOAR: Improper Validation of Credentials in CommvaultSecurityIQ integration

Summary

An improper validation of credentials vulnerability in the CommvaultSecurityIQ integration for Cortex XSOAR and Cortex XSIAM allows an unauthenticated attacker to access and modify protected resources.

Severity

8.1 (High)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Red

SSVC

Exploitation: none Automatable: yes Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-1390 - Weak Authentication

Assigner

palo_alto

References

1 reference

URL	Tags
https://security.paloaltonetworks.com/CVE-2026-0274	vendor-advisory

Impacted products

2 products

Vendor	Product	Version
Palo Alto Networks	Cortex XSIAM CommvaultSecurityIQ Marketplace	Affected: 1.1.0 , < 1.2.0 (custom)
Palo Alto Networks	Cortex XSOAR CommvaultSecurityIQ Marketplace	Affected: 1.1.0 , < 1.2.0 (custom)

Date Public

2026-06-10 16:00

Credits

our internal security research teams

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-0274",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-11T13:45:28.414743Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-11T13:45:39.297Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Cortex XSIAM CommvaultSecurityIQ Marketplace",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "changes": [
                {
                  "at": "1.2.0",
                  "status": "unaffected"
                }
              ],
              "lessThan": "1.2.0",
              "status": "affected",
              "version": "1.1.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Cortex XSOAR CommvaultSecurityIQ Marketplace",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "changes": [
                {
                  "at": "1.2.0",
                  "status": "unaffected"
                }
              ],
              "lessThan": "1.2.0",
              "status": "affected",
              "version": "1.1.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "eng",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "No special configuration is required to be affected by this issue."
            }
          ],
          "value": "No special configuration is required to be affected by this issue."
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:palo_alto_networks:cortex_xsiam_commvaultsecurityiq_marketplace:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.2.0",
                  "versionStartIncluding": "1.2.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:palo_alto_networks:cortex_xsoar_commvaultsecurityiq_marketplace:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.2.0",
                  "versionStartIncluding": "1.2.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "our internal security research teams"
        }
      ],
      "datePublic": "2026-06-10T16:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An improper validation of credentials vulnerability in the CommvaultSecurityIQ integration for Cortex XSOAR and Cortex XSIAM allows an unauthenticated attacker to access and modify protected resources."
            }
          ],
          "value": "An improper validation of credentials vulnerability in the CommvaultSecurityIQ integration for Cortex XSOAR and Cortex XSIAM allows an unauthenticated attacker to access and modify protected resources."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
            }
          ],
          "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-475",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-475 Signature Spoofing by Improper Validation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NO",
            "Recovery": "USER",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "exploitMaturity": "UNREPORTED",
            "privilegesRequired": "NONE",
            "providerUrgency": "RED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "DIFFUSE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Red",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "MODERATE"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1390",
              "description": "CWE-1390 Weak Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-10T21:02:26.497Z",
        "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "shortName": "palo_alto"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.paloaltonetworks.com/CVE-2026-0274"
        }
      ],
      "solutions": [
        {
          "lang": "eng",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003ctable class=\"tbl\"\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eVersion\u003cbr\u003e\u003c/th\u003e\u003cth\u003eMinor Version\u003cbr\u003e\u003c/th\u003e\u003cth\u003eSuggested Solution\u003cbr\u003e\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\n                                \u003ctd\u003eCortex XSIAM CommvaultSecurityIQ Marketplace 1.1\u003cbr\u003e\u003c/td\u003e\n                                \u003ctd\u003e1.1.0 through 1.1.9\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 1.2.0 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003eCortex XSOAR CommvaultSecurityIQ Marketplace 1.1\u003cbr\u003e\u003c/td\u003e\n                                \u003ctd\u003e1.1.0 through 1.1.9\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 1.2.0 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e"
            }
          ],
          "value": "VERSION                                            MINOR VERSION         SUGGESTED SOLUTION\nCortex XSIAM CommvaultSecurityIQ Marketplace 1.1   1.1.0 through 1.1.9   Upgrade to 1.2.0 or later.\nCortex XSOAR CommvaultSecurityIQ Marketplace 1.1   1.1.0 through 1.1.9   Upgrade to 1.2.0 or later."
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2026-06-10T16:00:00.000Z",
          "value": "Initial Publication."
        }
      ],
      "title": "Cortex XSOAR: Improper Validation of Credentials in CommvaultSecurityIQ integration",
      "workarounds": [
        {
          "lang": "eng",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "No known workarounds exist for this issue."
            }
          ],
          "value": "No known workarounds exist for this issue."
        }
      ],
      "x_affectedList": [
        "Cortex XSIAM CommvaultSecurityIQ Marketplace 1.1.0",
        "Cortex XSIAM CommvaultSecurityIQ Marketplace 1.1.1",
        "Cortex XSIAM CommvaultSecurityIQ Marketplace 1.1.2",
        "Cortex XSIAM CommvaultSecurityIQ Marketplace 1.1.3",
        "Cortex XSIAM CommvaultSecurityIQ Marketplace 1.1.4",
        "Cortex XSIAM CommvaultSecurityIQ Marketplace 1.1.5",
        "Cortex XSIAM CommvaultSecurityIQ Marketplace 1.1.6",
        "Cortex XSIAM CommvaultSecurityIQ Marketplace 1.1.7",
        "Cortex XSOAR CommvaultSecurityIQ Marketplace 1.1.0",
        "Cortex XSOAR CommvaultSecurityIQ Marketplace 1.1.1",
        "Cortex XSOAR CommvaultSecurityIQ Marketplace 1.1.2",
        "Cortex XSOAR CommvaultSecurityIQ Marketplace 1.1.3",
        "Cortex XSOAR CommvaultSecurityIQ Marketplace 1.1.4",
        "Cortex XSOAR CommvaultSecurityIQ Marketplace 1.1.5",
        "Cortex XSOAR CommvaultSecurityIQ Marketplace 1.1.6",
        "Cortex XSOAR CommvaultSecurityIQ Marketplace 1.1.7",
        "Cortex XSOAR CommvaultSecurityIQ Marketplace 1.1.8",
        "Cortex XSOAR CommvaultSecurityIQ Marketplace 1.1.9"
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
    "assignerShortName": "palo_alto",
    "cveId": "CVE-2026-0274",
    "datePublished": "2026-06-10T21:02:26.497Z",
    "dateReserved": "2025-11-03T20:44:33.634Z",
    "dateUpdated": "2026-06-11T13:45:39.297Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2026-0274",
      "date": "2026-06-11",
      "epss": "0.00037",
      "percentile": "0.1132"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-0274\",\"sourceIdentifier\":\"psirt@paloaltonetworks.com\",\"published\":\"2026-06-10T22:16:55.187\",\"lastModified\":\"2026-06-11T15:21:30.653\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An improper validation of credentials vulnerability in the CommvaultSecurityIQ integration for Cortex XSOAR and Cortex XSIAM allows an unauthenticated attacker to access and modify protected resources.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"psirt@paloaltonetworks.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Red\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"UNREPORTED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NO\",\"Recovery\":\"USER\",\"valueDensity\":\"DIFFUSE\",\"vulnerabilityResponseEffort\":\"MODERATE\",\"providerUrgency\":\"RED\"}}]},\"weaknesses\":[{\"source\":\"psirt@paloaltonetworks.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1390\"}]}],\"references\":[{\"url\":\"https://security.paloaltonetworks.com/CVE-2026-0274\",\"source\":\"psirt@paloaltonetworks.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"cna\": {\"providerMetadata\": {\"orgId\": \"d6c1279f-00f6-4ef7-9217-f89ffe703ec0\", \"shortName\": \"palo_alto\", \"dateUpdated\": \"2026-06-10T21:02:26.497Z\"}, \"title\": \"Cortex XSOAR: Improper Validation of Credentials in CommvaultSecurityIQ integration\", \"datePublic\": \"2026-06-10T16:00:00.000Z\", \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"cweId\": \"CWE-1390\", \"description\": \"CWE-1390 Weak Authentication\", \"type\": \"CWE\"}]}], \"impacts\": [{\"capecId\": \"CAPEC-475\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-475 Signature Spoofing by Improper Validation\"}]}], \"affected\": [{\"vendor\": \"Palo Alto Networks\", \"product\": \"Cortex XSIAM CommvaultSecurityIQ Marketplace\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.1.0\", \"lessThan\": \"1.2.0\", \"changes\": [{\"at\": \"1.2.0\", \"status\": \"unaffected\"}], \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Palo Alto Networks\", \"product\": \"Cortex XSOAR CommvaultSecurityIQ Marketplace\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.1.0\", \"lessThan\": \"1.2.0\", \"changes\": [{\"at\": \"1.2.0\", \"status\": \"unaffected\"}], \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}], \"cpeApplicability\": [{\"nodes\": [{\"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:palo_alto_networks:cortex_xsiam_commvaultsecurityiq_marketplace:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.2.0\", \"versionStartIncluding\": \"1.2.0\", \"vulnerable\": true}], \"negate\": false, \"operator\": \"OR\"}, {\"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:palo_alto_networks:cortex_xsoar_commvaultsecurityiq_marketplace:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.2.0\", \"versionStartIncluding\": \"1.2.0\", \"vulnerable\": true}], \"negate\": false, \"operator\": \"OR\"}], \"operator\": \"OR\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"An improper validation of credentials vulnerability in the CommvaultSecurityIQ integration for Cortex XSOAR and Cortex XSIAM allows an unauthenticated attacker to access and modify protected resources.\", \"supportingMedia\": [{\"type\": \"text/html\", \"base64\": false, \"value\": \"An improper validation of credentials vulnerability in the CommvaultSecurityIQ integration for Cortex XSOAR and Cortex XSIAM allows an unauthenticated attacker to access and modify protected resources.\"}]}], \"references\": [{\"url\": \"https://security.paloaltonetworks.com/CVE-2026-0274\", \"tags\": [\"vendor-advisory\"]}], \"metrics\": [{\"format\": \"CVSS\", \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}], \"cvssV4_0\": {\"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"vulnConfidentialityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"HIGH\", \"subIntegrityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"NONE\", \"exploitMaturity\": \"UNREPORTED\", \"Safety\": \"NOT_DEFINED\", \"Automatable\": \"NO\", \"Recovery\": \"USER\", \"valueDensity\": \"DIFFUSE\", \"vulnerabilityResponseEffort\": \"MODERATE\", \"providerUrgency\": \"RED\", \"version\": \"4.0\", \"baseSeverity\": \"HIGH\", \"baseScore\": 8.1, \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Red\"}}], \"configurations\": [{\"lang\": \"eng\", \"value\": \"No special configuration is required to be affected by this issue.\", \"supportingMedia\": [{\"type\": \"text/html\", \"base64\": false, \"value\": \"No special configuration is required to be affected by this issue.\"}]}], \"workarounds\": [{\"lang\": \"eng\", \"value\": \"No known workarounds exist for this issue.\", \"supportingMedia\": [{\"type\": \"text/html\", \"base64\": false, \"value\": \"No known workarounds exist for this issue.\"}]}], \"solutions\": [{\"lang\": \"eng\", \"value\": \"VERSION                                            MINOR VERSION         SUGGESTED SOLUTION\\nCortex XSIAM CommvaultSecurityIQ Marketplace 1.1   1.1.0 through 1.1.9   Upgrade to 1.2.0 or later.\\nCortex XSOAR CommvaultSecurityIQ Marketplace 1.1   1.1.0 through 1.1.9   Upgrade to 1.2.0 or later.\", \"supportingMedia\": [{\"type\": \"text/html\", \"base64\": false, \"value\": \"\u003ctable class=\\\"tbl\\\"\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eVersion\u003cbr\u003e\u003c/th\u003e\u003cth\u003eMinor Version\u003cbr\u003e\u003c/th\u003e\u003cth\u003eSuggested Solution\u003cbr\u003e\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\\n                                \u003ctd\u003eCortex XSIAM CommvaultSecurityIQ Marketplace 1.1\u003cbr\u003e\u003c/td\u003e\\n                                \u003ctd\u003e1.1.0 through 1.1.9\u003c/td\u003e\\n                                \u003ctd\u003eUpgrade to 1.2.0 or later.\u003c/td\u003e\\n                            \u003c/tr\u003e\u003ctr\u003e\\n                                \u003ctd\u003eCortex XSOAR CommvaultSecurityIQ Marketplace 1.1\u003cbr\u003e\u003c/td\u003e\\n                                \u003ctd\u003e1.1.0 through 1.1.9\u003c/td\u003e\\n                                \u003ctd\u003eUpgrade to 1.2.0 or later.\u003c/td\u003e\\n                            \u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\"}]}], \"exploits\": [{\"lang\": \"en\", \"value\": \"Palo Alto Networks is not aware of any malicious exploitation of this issue.\", \"supportingMedia\": [{\"type\": \"text/html\", \"base64\": false, \"value\": \"Palo Alto Networks is not aware of any malicious exploitation of this issue.\"}]}], \"timeline\": [{\"time\": \"2026-06-10T16:00:00.000Z\", \"lang\": \"en\", \"value\": \"Initial Publication.\"}], \"credits\": [{\"lang\": \"en\", \"value\": \"our internal security research teams\", \"type\": \"finder\"}], \"source\": {\"discovery\": \"INTERNAL\"}, \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"x_affectedList\": [\"Cortex XSIAM CommvaultSecurityIQ Marketplace 1.1.0\", \"Cortex XSIAM CommvaultSecurityIQ Marketplace 1.1.1\", \"Cortex XSIAM CommvaultSecurityIQ Marketplace 1.1.2\", \"Cortex XSIAM CommvaultSecurityIQ Marketplace 1.1.3\", \"Cortex XSIAM CommvaultSecurityIQ Marketplace 1.1.4\", \"Cortex XSIAM CommvaultSecurityIQ Marketplace 1.1.5\", \"Cortex XSIAM CommvaultSecurityIQ Marketplace 1.1.6\", \"Cortex XSIAM CommvaultSecurityIQ Marketplace 1.1.7\", \"Cortex XSOAR CommvaultSecurityIQ Marketplace 1.1.0\", \"Cortex XSOAR CommvaultSecurityIQ Marketplace 1.1.1\", \"Cortex XSOAR CommvaultSecurityIQ Marketplace 1.1.2\", \"Cortex XSOAR CommvaultSecurityIQ Marketplace 1.1.3\", \"Cortex XSOAR CommvaultSecurityIQ Marketplace 1.1.4\", \"Cortex XSOAR CommvaultSecurityIQ Marketplace 1.1.5\", \"Cortex XSOAR CommvaultSecurityIQ Marketplace 1.1.6\", \"Cortex XSOAR CommvaultSecurityIQ Marketplace 1.1.7\", \"Cortex XSOAR CommvaultSecurityIQ Marketplace 1.1.8\", \"Cortex XSOAR CommvaultSecurityIQ Marketplace 1.1.9\"]}, \"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-0274\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-06-11T13:45:28.414743Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-06-11T13:45:34.933Z\"}}]}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-0274\", \"assignerOrgId\": \"d6c1279f-00f6-4ef7-9217-f89ffe703ec0\", \"state\": \"PUBLISHED\", \"assignerShortName\": \"palo_alto\", \"dateReserved\": \"2025-11-03T20:44:33.634Z\", \"datePublished\": \"2026-06-10T21:02:26.497Z\", \"dateUpdated\": \"2026-06-11T13:45:39.297Z\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

CERTFR-2026-AVI-0734

Vulnerability from certfr_avis - Published: 2026-06-11 - Updated: 2026-06-11

De multiples vulnérabilités ont été découvertes dans les produits Palo Alto Networks. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Palo Alto Networks	Prisma Access Browser	Prisma Access Agent versions antérieures à 26.2.1 sur Linux
Palo Alto Networks	PAN-OS	PAN-OS versions 11.2.x antérieures à 11.2.11
Palo Alto Networks	Prisma Access Browser	Prisma Browser versions antérieures à 148.18.4.217
Palo Alto Networks	PAN-OS	PAN-OS versions 10.2.0 antérieures à 10.2.7-h35
Palo Alto Networks	PAN-OS	PAN-OS versions 10.2.x à 11.1.x antérieures à 11.1.14
Palo Alto Networks	GlobalProtect App	GlobalProtect App versions 6.2.x antérieures à 6.2.8-h2
Palo Alto Networks	Cortex XSOAR	Cortex XSOAR CommvaultSecurityIQ Marketplace versions antérieures à 1.2.0
Palo Alto Networks	Cortex XSOAR	Cortex XSOAR versions antérieures à 8.13.0.11 sur Linux
Palo Alto Networks	PAN-OS	PAN-OS versions 12.1.x antérieures à 12.1.5
Palo Alto Networks	GlobalProtect App	GlobalProtect App versions 6.3.x antérieures à 6.3.3-h1
Palo Alto Networks	Cortex XSIAM	Cortex XSIAM CommvaultSecurityIQ Marketplace versions antérieures à 1.2.0

References

Title

Publication Time

Tags

Bulletin de sécurité Palo Alto Networks CVE-2026-0273	2026-06-10	vendor-advisory
Bulletin de sécurité Palo Alto Networks CVE-2026-0269	2026-06-10	vendor-advisory
Bulletin de sécurité Palo Alto Networks CVE-2026-0266	2026-06-10	vendor-advisory
Bulletin de sécurité Palo Alto Networks CVE-2026-0268	2026-06-10	vendor-advisory
Bulletin de sécurité Palo Alto Networks CVE-2026-0270	2026-06-10	vendor-advisory
Bulletin de sécurité Palo Alto Networks PAN-SA-2026-0008	2026-06-10	vendor-advisory
Bulletin de sécurité Palo Alto Networks CVE-2026-0272	2026-06-10	vendor-advisory
Bulletin de sécurité Palo Alto Networks CVE-2026-0271	2026-06-10	vendor-advisory
Bulletin de sécurité Palo Alto Networks CVE-2026-0274	2026-06-10	vendor-advisory
Bulletin de sécurité Palo Alto Networks CVE-2026-0267	2026-06-10	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Prisma Access Agent versions ant\u00e9rieures \u00e0 26.2.1 sur Linux",
      "product": {
        "name": "Prisma Access Browser",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 11.2.x ant\u00e9rieures \u00e0 11.2.11",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Prisma Browser versions ant\u00e9rieures \u00e0 148.18.4.217",
      "product": {
        "name": "Prisma Access Browser",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 10.2.0 ant\u00e9rieures \u00e0 10.2.7-h35",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 10.2.x \u00e0 11.1.x ant\u00e9rieures \u00e0 11.1.14",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "GlobalProtect App versions 6.2.x ant\u00e9rieures \u00e0 6.2.8-h2",
      "product": {
        "name": "GlobalProtect App",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Cortex XSOAR CommvaultSecurityIQ Marketplace versions ant\u00e9rieures \u00e0 1.2.0",
      "product": {
        "name": "Cortex XSOAR",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Cortex XSOAR versions ant\u00e9rieures \u00e0 8.13.0.11 sur Linux",
      "product": {
        "name": "Cortex XSOAR",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 12.1.x ant\u00e9rieures \u00e0 12.1.5",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "GlobalProtect App versions 6.3.x ant\u00e9rieures \u00e0 6.3.3-h1",
      "product": {
        "name": "GlobalProtect App",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Cortex XSIAM CommvaultSecurityIQ Marketplace versions ant\u00e9rieures \u00e0 1.2.0",
      "product": {
        "name": "Cortex XSIAM",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2026-9998",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9998"
    },
    {
      "name": "CVE-2026-9873",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9873"
    },
    {
      "name": "CVE-2026-9911",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9911"
    },
    {
      "name": "CVE-2026-9961",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9961"
    },
    {
      "name": "CVE-2026-9124",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9124"
    },
    {
      "name": "CVE-2026-9942",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9942"
    },
    {
      "name": "CVE-2026-9989",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9989"
    },
    {
      "name": "CVE-2026-9952",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9952"
    },
    {
      "name": "CVE-2026-9905",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9905"
    },
    {
      "name": "CVE-2026-0274",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-0274"
    },
    {
      "name": "CVE-2026-9877",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9877"
    },
    {
      "name": "CVE-2026-8554",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-8554"
    },
    {
      "name": "CVE-2026-8559",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-8559"
    },
    {
      "name": "CVE-2026-8547",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-8547"
    },
    {
      "name": "CVE-2026-8542",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-8542"
    },
    {
      "name": "CVE-2026-9900",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9900"
    },
    {
      "name": "CVE-2026-9890",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9890"
    },
    {
      "name": "CVE-2026-0268",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-0268"
    },
    {
      "name": "CVE-2026-9914",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9914"
    },
    {
      "name": "CVE-2026-9115",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9115"
    },
    {
      "name": "CVE-2026-8562",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-8562"
    },
    {
      "name": "CVE-2026-8513",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-8513"
    },
    {
      "name": "CVE-2026-8560",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-8560"
    },
    {
      "name": "CVE-2026-9985",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9985"
    },
    {
      "name": "CVE-2026-8534",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-8534"
    },
    {
      "name": "CVE-2026-9949",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9949"
    },
    {
      "name": "CVE-2026-10006",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-10006"
    },
    {
      "name": "CVE-2026-9898",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9898"
    },
    {
      "name": "CVE-2026-0273",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-0273"
    },
    {
      "name": "CVE-2026-8531",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-8531"
    },
    {
      "name": "CVE-2026-9912",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9912"
    },
    {
      "name": "CVE-2026-9901",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9901"
    },
    {
      "name": "CVE-2026-8578",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-8578"
    },
    {
      "name": "CVE-2026-8565",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-8565"
    },
    {
      "name": "CVE-2026-8520",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-8520"
    },
    {
      "name": "CVE-2026-9968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9968"
    },
    {
      "name": "CVE-2026-9882",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9882"
    },
    {
      "name": "CVE-2026-9974",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9974"
    },
    {
      "name": "CVE-2026-8536",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-8536"
    },
    {
      "name": "CVE-2026-9118",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9118"
    },
    {
      "name": "CVE-2026-9947",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9947"
    },
    {
      "name": "CVE-2026-9976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9976"
    },
    {
      "name": "CVE-2026-9935",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9935"
    },
    {
      "name": "CVE-2026-9893",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9893"
    },
    {
      "name": "CVE-2026-9971",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9971"
    },
    {
      "name": "CVE-2026-9940",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9940"
    },
    {
      "name": "CVE-2026-8587",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-8587"
    },
    {
      "name": "CVE-2026-9973",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9973"
    },
    {
      "name": "CVE-2026-9110",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9110"
    },
    {
      "name": "CVE-2026-9943",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9943"
    },
    {
      "name": "CVE-2026-10019",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-10019"
    },
    {
      "name": "CVE-2026-9937",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9937"
    },
    {
      "name": "CVE-2026-8571",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-8571"
    },
    {
      "name": "CVE-2026-8556",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-8556"
    },
    {
      "name": "CVE-2026-8543",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-8543"
    },
    {
      "name": "CVE-2026-9895",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9895"
    },
    {
      "name": "CVE-2026-9936",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9936"
    },
    {
      "name": "CVE-2026-9894",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9894"
    },
    {
      "name": "CVE-2026-10004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-10004"
    },
    {
      "name": "CVE-2026-9999",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9999"
    },
    {
      "name": "CVE-2026-8557",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-8557"
    },
    {
      "name": "CVE-2026-9121",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9121"
    },
    {
      "name": "CVE-2026-0272",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-0272"
    },
    {
      "name": "CVE-2026-9958",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9958"
    },
    {
      "name": "CVE-2026-8538",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-8538"
    },
    {
      "name": "CVE-2026-9954",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9954"
    },
    {
      "name": "CVE-2026-8526",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-8526"
    },
    {
      "name": "CVE-2026-9970",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9970"
    },
    {
      "name": "CVE-2026-9951",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9951"
    },
    {
      "name": "CVE-2026-9918",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9918"
    },
    {
      "name": "CVE-2026-10001",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-10001"
    },
    {
      "name": "CVE-2026-8523",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-8523"
    },
    {
      "name": "CVE-2026-9992",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9992"
    },
    {
      "name": "CVE-2026-9889",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9889"
    },
    {
      "name": "CVE-2026-9950",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9950"
    },
    {
      "name": "CVE-2026-9883",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9883"
    },
    {
      "name": "CVE-2026-8549",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-8549"
    },
    {
      "name": "CVE-2026-8530",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-8530"
    },
    {
      "name": "CVE-2026-9996",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9996"
    },
    {
      "name": "CVE-2026-9913",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9913"
    },
    {
      "name": "CVE-2026-8541",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-8541"
    },
    {
      "name": "CVE-2026-9930",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9930"
    },
    {
      "name": "CVE-2026-8535",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-8535"
    },
    {
      "name": "CVE-2026-9965",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9965"
    },
    {
      "name": "CVE-2026-8515",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-8515"
    },
    {
      "name": "CVE-2026-8583",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-8583"
    },
    {
      "name": "CVE-2026-9876",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9876"
    },
    {
      "name": "CVE-2026-9879",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9879"
    },
    {
      "name": "CVE-2026-9872",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9872"
    },
    {
      "name": "CVE-2026-9875",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9875"
    },
    {
      "name": "CVE-2026-9963",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9963"
    },
    {
      "name": "CVE-2026-9922",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9922"
    },
    {
      "name": "CVE-2026-9975",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9975"
    },
    {
      "name": "CVE-2026-9931",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9931"
    },
    {
      "name": "CVE-2026-9980",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9980"
    },
    {
      "name": "CVE-2026-10000",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-10000"
    },
    {
      "name": "CVE-2026-9904",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9904"
    },
    {
      "name": "CVE-2026-8533",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-8533"
    },
    {
      "name": "CVE-2026-10007",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-10007"
    },
    {
      "name": "CVE-2026-8585",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-8585"
    },
    {
      "name": "CVE-2026-9116",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9116"
    },
    {
      "name": "CVE-2026-9983",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9983"
    },
    {
      "name": "CVE-2026-8527",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-8527"
    },
    {
      "name": "CVE-2026-10014",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-10014"
    },
    {
      "name": "CVE-2026-10022",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-10022"
    },
    {
      "name": "CVE-2026-9892",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9892"
    },
    {
      "name": "CVE-2026-8584",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-8584"
    },
    {
      "name": "CVE-2026-9880",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9880"
    },
    {
      "name": "CVE-2026-8517",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-8517"
    },
    {
      "name": "CVE-2026-9979",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9979"
    },
    {
      "name": "CVE-2026-10011",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-10011"
    },
    {
      "name": "CVE-2026-9978",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9978"
    },
    {
      "name": "CVE-2026-8579",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-8579"
    },
    {
      "name": "CVE-2026-10020",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-10020"
    },
    {
      "name": "CVE-2026-9899",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9899"
    },
    {
      "name": "CVE-2026-10015",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-10015"
    },
    {
      "name": "CVE-2026-8573",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-8573"
    },
    {
      "name": "CVE-2026-9969",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9969"
    },
    {
      "name": "CVE-2026-8569",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-8569"
    },
    {
      "name": "CVE-2026-9123",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9123"
    },
    {
      "name": "CVE-2026-9919",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9919"
    },
    {
      "name": "CVE-2026-8545",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-8545"
    },
    {
      "name": "CVE-2026-8529",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-8529"
    },
    {
      "name": "CVE-2026-8561",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-8561"
    },
    {
      "name": "CVE-2026-9920",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9920"
    },
    {
      "name": "CVE-2026-9921",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9921"
    },
    {
      "name": "CVE-2026-9977",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9977"
    },
    {
      "name": "CVE-2026-9878",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9878"
    },
    {
      "name": "CVE-2026-9888",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9888"
    },
    {
      "name": "CVE-2026-9113",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9113"
    },
    {
      "name": "CVE-2026-9923",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9923"
    },
    {
      "name": "CVE-2026-9909",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9909"
    },
    {
      "name": "CVE-2026-9962",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9962"
    },
    {
      "name": "CVE-2026-9881",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9881"
    },
    {
      "name": "CVE-2026-8546",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-8546"
    },
    {
      "name": "CVE-2026-10010",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-10010"
    },
    {
      "name": "CVE-2026-9945",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9945"
    },
    {
      "name": "CVE-2026-9956",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9956"
    },
    {
      "name": "CVE-2026-8522",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-8522"
    },
    {
      "name": "CVE-2026-8544",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-8544"
    },
    {
      "name": "CVE-2026-10008",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-10008"
    },
    {
      "name": "CVE-2026-8540",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-8540"
    },
    {
      "name": "CVE-2026-9927",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9927"
    },
    {
      "name": "CVE-2026-9120",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9120"
    },
    {
      "name": "CVE-2026-8555",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-8555"
    },
    {
      "name": "CVE-2026-9944",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9944"
    },
    {
      "name": "CVE-2026-9948",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9948"
    },
    {
      "name": "CVE-2026-9117",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9117"
    },
    {
      "name": "CVE-2026-9902",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9902"
    },
    {
      "name": "CVE-2026-9988",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9988"
    },
    {
      "name": "CVE-2026-9925",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9925"
    },
    {
      "name": "CVE-2026-8528",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-8528"
    },
    {
      "name": "CVE-2026-0269",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-0269"
    },
    {
      "name": "CVE-2026-8570",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-8570"
    },
    {
      "name": "CVE-2026-9114",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9114"
    },
    {
      "name": "CVE-2026-9928",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9928"
    },
    {
      "name": "CVE-2026-8512",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-8512"
    },
    {
      "name": "CVE-2026-9886",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9886"
    },
    {
      "name": "CVE-2026-10021",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-10021"
    },
    {
      "name": "CVE-2026-9957",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9957"
    },
    {
      "name": "CVE-2026-10005",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-10005"
    },
    {
      "name": "CVE-2026-9896",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9896"
    },
    {
      "name": "CVE-2026-9915",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9915"
    },
    {
      "name": "CVE-2026-9990",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9990"
    },
    {
      "name": "CVE-2026-9907",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9907"
    },
    {
      "name": "CVE-2026-9932",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9932"
    },
    {
      "name": "CVE-2026-8553",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-8553"
    },
    {
      "name": "CVE-2026-10016",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-10016"
    },
    {
      "name": "CVE-2026-8566",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-8566"
    },
    {
      "name": "CVE-2026-8551",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-8551"
    },
    {
      "name": "CVE-2026-8577",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-8577"
    },
    {
      "name": "CVE-2026-9997",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9997"
    },
    {
      "name": "CVE-2026-8539",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-8539"
    },
    {
      "name": "CVE-2026-8525",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-8525"
    },
    {
      "name": "CVE-2026-8563",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-8563"
    },
    {
      "name": "CVE-2026-9994",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9994"
    },
    {
      "name": "CVE-2026-8514",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-8514"
    },
    {
      "name": "CVE-2026-9874",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9874"
    },
    {
      "name": "CVE-2026-8509",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-8509"
    },
    {
      "name": "CVE-2026-10017",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-10017"
    },
    {
      "name": "CVE-2026-9929",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9929"
    },
    {
      "name": "CVE-2026-9984",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9984"
    },
    {
      "name": "CVE-2026-8521",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-8521"
    },
    {
      "name": "CVE-2026-9885",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9885"
    },
    {
      "name": "CVE-2026-8524",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-8524"
    },
    {
      "name": "CVE-2026-8558",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-8558"
    },
    {
      "name": "CVE-2026-8564",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-8564"
    },
    {
      "name": "CVE-2026-9887",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9887"
    },
    {
      "name": "CVE-2026-9910",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9910"
    },
    {
      "name": "CVE-2026-0270",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-0270"
    },
    {
      "name": "CVE-2026-8580",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-8580"
    },
    {
      "name": "CVE-2026-9906",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9906"
    },
    {
      "name": "CVE-2026-9111",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9111"
    },
    {
      "name": "CVE-2026-9917",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9917"
    },
    {
      "name": "CVE-2026-9959",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9959"
    },
    {
      "name": "CVE-2026-8516",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-8516"
    },
    {
      "name": "CVE-2026-8567",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-8567"
    },
    {
      "name": "CVE-2026-9908",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9908"
    },
    {
      "name": "CVE-2026-9946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9946"
    },
    {
      "name": "CVE-2026-9903",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9903"
    },
    {
      "name": "CVE-2026-9993",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9993"
    },
    {
      "name": "CVE-2026-8510",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-8510"
    },
    {
      "name": "CVE-2026-9966",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9966"
    },
    {
      "name": "CVE-2026-8576",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-8576"
    },
    {
      "name": "CVE-2026-9955",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9955"
    },
    {
      "name": "CVE-2026-9953",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9953"
    },
    {
      "name": "CVE-2026-9967",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9967"
    },
    {
      "name": "CVE-2026-8568",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-8568"
    },
    {
      "name": "CVE-2026-0271",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-0271"
    },
    {
      "name": "CVE-2026-9960",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9960"
    },
    {
      "name": "CVE-2026-8582",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-8582"
    },
    {
      "name": "CVE-2026-9916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9916"
    },
    {
      "name": "CVE-2026-10018",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-10018"
    },
    {
      "name": "CVE-2026-8518",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-8518"
    },
    {
      "name": "CVE-2026-8586",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-8586"
    },
    {
      "name": "CVE-2026-8575",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-8575"
    },
    {
      "name": "CVE-2026-9982",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9982"
    },
    {
      "name": "CVE-2026-9986",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9986"
    },
    {
      "name": "CVE-2026-10013",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-10013"
    },
    {
      "name": "CVE-2026-8572",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-8572"
    },
    {
      "name": "CVE-2026-10003",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-10003"
    },
    {
      "name": "CVE-2026-9981",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9981"
    },
    {
      "name": "CVE-2026-9112",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9112"
    },
    {
      "name": "CVE-2026-9933",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9933"
    },
    {
      "name": "CVE-2026-8548",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-8548"
    },
    {
      "name": "CVE-2026-8532",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-8532"
    },
    {
      "name": "CVE-2026-9938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9938"
    },
    {
      "name": "CVE-2026-9934",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9934"
    },
    {
      "name": "CVE-2026-8574",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-8574"
    },
    {
      "name": "CVE-2026-9991",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9991"
    },
    {
      "name": "CVE-2026-8581",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-8581"
    },
    {
      "name": "CVE-2026-9939",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9939"
    },
    {
      "name": "CVE-2026-9897",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9897"
    },
    {
      "name": "CVE-2026-9926",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9926"
    },
    {
      "name": "CVE-2026-9972",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9972"
    },
    {
      "name": "CVE-2026-9987",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9987"
    },
    {
      "name": "CVE-2026-9995",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9995"
    },
    {
      "name": "CVE-2026-0266",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-0266"
    },
    {
      "name": "CVE-2026-9126",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9126"
    },
    {
      "name": "CVE-2026-9964",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9964"
    },
    {
      "name": "CVE-2026-0267",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-0267"
    },
    {
      "name": "CVE-2026-10002",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-10002"
    },
    {
      "name": "CVE-2026-8537",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-8537"
    },
    {
      "name": "CVE-2026-8519",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-8519"
    },
    {
      "name": "CVE-2026-8550",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-8550"
    },
    {
      "name": "CVE-2026-10009",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-10009"
    },
    {
      "name": "CVE-2026-8511",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-8511"
    },
    {
      "name": "CVE-2026-9924",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9924"
    },
    {
      "name": "CVE-2026-10012",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-10012"
    },
    {
      "name": "CVE-2026-9891",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9891"
    },
    {
      "name": "CVE-2026-9941",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9941"
    },
    {
      "name": "CVE-2026-9884",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9884"
    },
    {
      "name": "CVE-2026-8552",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-8552"
    }
  ],
  "initial_release_date": "2026-06-11T00:00:00",
  "last_revision_date": "2026-06-11T00:00:00",
  "links": [],
  "reference": "CERTFR-2026-AVI-0734",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2026-06-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Palo Alto Networks. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Palo Alto Networks",
  "vendor_advisories": [
    {
      "published_at": "2026-06-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2026-0273",
      "url": "https://security.paloaltonetworks.com/CVE-2026-0273"
    },
    {
      "published_at": "2026-06-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2026-0269",
      "url": "https://security.paloaltonetworks.com/CVE-2026-0269"
    },
    {
      "published_at": "2026-06-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2026-0266",
      "url": "https://security.paloaltonetworks.com/CVE-2026-0266"
    },
    {
      "published_at": "2026-06-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2026-0268",
      "url": "https://security.paloaltonetworks.com/CVE-2026-0268"
    },
    {
      "published_at": "2026-06-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2026-0270",
      "url": "https://security.paloaltonetworks.com/CVE-2026-0270"
    },
    {
      "published_at": "2026-06-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks PAN-SA-2026-0008",
      "url": "https://security.paloaltonetworks.com/PAN-SA-2026-0008"
    },
    {
      "published_at": "2026-06-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2026-0272",
      "url": "https://security.paloaltonetworks.com/CVE-2026-0272"
    },
    {
      "published_at": "2026-06-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2026-0271",
      "url": "https://security.paloaltonetworks.com/CVE-2026-0271"
    },
    {
      "published_at": "2026-06-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2026-0274",
      "url": "https://security.paloaltonetworks.com/CVE-2026-0274"
    },
    {
      "published_at": "2026-06-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2026-0267",
      "url": "https://security.paloaltonetworks.com/CVE-2026-0267"
    }
  ]
}

FKIE_CVE-2026-0274

Vulnerability from fkie_nvd - Published: 2026-06-10 22:16 - Updated: 2026-06-11 15:21

Severity

8.1 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Red

Summary

References

	URL	Tags
	psirt@paloaltonetworks.com	https://security.paloaltonetworks.com/CVE-2026-0274

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An improper validation of credentials vulnerability in the CommvaultSecurityIQ integration for Cortex XSOAR and Cortex XSIAM allows an unauthenticated attacker to access and modify protected resources."
    }
  ],
  "id": "CVE-2026-0274",
  "lastModified": "2026-06-11T15:21:30.653",
  "metrics": {
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NO",
          "Recovery": "USER",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "NETWORK",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "UNREPORTED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "NONE",
          "providerUrgency": "RED",
          "subAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "userInteraction": "NONE",
          "valueDensity": "DIFFUSE",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Red",
          "version": "4.0",
          "vulnAvailabilityImpact": "HIGH",
          "vulnConfidentialityImpact": "HIGH",
          "vulnIntegrityImpact": "HIGH",
          "vulnerabilityResponseEffort": "MODERATE"
        },
        "source": "psirt@paloaltonetworks.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-06-10T22:16:55.187",
  "references": [
    {
      "source": "psirt@paloaltonetworks.com",
      "url": "https://security.paloaltonetworks.com/CVE-2026-0274"
    }
  ],
  "sourceIdentifier": "psirt@paloaltonetworks.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-1390"
        }
      ],
      "source": "psirt@paloaltonetworks.com",
      "type": "Secondary"
    }
  ]
}

GHSA-FX9P-PVQH-VRHG

Vulnerability from github – Published: 2026-06-11 00:32 – Updated: 2026-06-11 00:32

Details

Severity

8.1 (High)


                  
                    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Red

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2026-0274"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1390"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-10T22:16:55Z",
    "severity": "HIGH"
  },
  "details": "An improper validation of credentials vulnerability in the CommvaultSecurityIQ integration for Cortex XSOAR and Cortex XSIAM allows an unauthenticated attacker to access and modify protected resources.",
  "id": "GHSA-fx9p-pvqh-vrhg",
  "modified": "2026-06-11T00:32:04Z",
  "published": "2026-06-11T00:32:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0274"
    },
    {
      "type": "WEB",
      "url": "https://security.paloaltonetworks.com/CVE-2026-0274"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Red",
      "type": "CVSS_V4"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2026-0274 (GCVE-0-2026-0274)

CERTFR-2026-AVI-0734

Solutions

FKIE_CVE-2026-0274

GHSA-FX9P-PVQH-VRHG

Tags

Sightings

Nomenclature