Critical9.2Palo Alto Networks
Cortex XSOAR: improper verification of cryptographic signature vulnerability exists in Cortex XSOAR and Cortex XSIAM platforms d…
CVE-2026-0234 Published Apr 13, 2026Updated by vendor Jun 17, 2026
CVE-2026-0234
Affected products & platforms
Palo Alto NetworksCortex
Summary
An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR and Cortex XSIAM platforms during integration of Microsoft Teams that enables an unauthenticated user to access and modify protected resources.
Affected versions
- Cortex XSOAR Microsoft Teams Marketplace < 1.5.52
- Cortex XSIAM Microsoft Teams Marketplace < 1.5.52
Official advisory · high-confidence parse· fetched 6 hours ago·verify at source
Fixed versions
- Cortex XSOAR Microsoft Teams Marketplace >= 1.5.52
- Cortex XSIAM Microsoft Teams Marketplace >= 1.5.52
Official advisory · high-confidence parse· fetched 6 hours ago·verify at source
Mitigation checklist
Recommended fix / mitigation
- VersionMinor VersionSuggested Solution Cortex XSOAR Microsoft Teams Marketplace 1.5 1.5.0 through 1.5.51 Upgrade to 1.5.52 or later.
- Cortex XSIAM Microsoft Teams Marketplace 1.5 1.5.0 through 1.5.51 Upgrade to 1.5.52 or later.
Temporary workarounds
- No known workarounds exist for this issue.
Official advisory · high-confidence parse· fetched 6 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.