High7.4Palo Alto Networks
information disclosure vulnerability in Trust Protection Foundation enables an authenticated attacker to obtain se…
CVE-2026-0240 Published May 13, 2026Updated by vendor Jun 17, 2026
CVE-2026-0240
Affected products & platforms
Palo Alto NetworksUnclassified
Summary
An information disclosure vulnerability in Trust Protection Foundation enables an authenticated attacker to obtain sensitive information from the server's vault. Successful exploitation of this issue allows the attacker to impersonate any user within the environment and arbitrarily modify configuration settings.
Affected versions
- Trust Protection Foundation < 25.3.3
- Trust Protection Foundation < 25.1.8
- Trust Protection Foundation < 24.3.6
- Trust Protection Foundation < 24.1.13
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
Fixed versions
- Trust Protection Foundation >= 25.3.3
- Trust Protection Foundation >= 25.1.8
- Trust Protection Foundation >= 24.3.6
- Trust Protection Foundation >= 24.1.13
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
Mitigation checklist
Recommended fix / mitigation
- Upgrade to a fixed release: Trust Protection Foundation >= 25.3.3; Trust Protection Foundation >= 25.1.8; Trust Protection Foundation >= 24.3.6; Trust Protection Foundation >= 24.1.13.
Temporary workarounds
- No known workarounds exist for this issue.
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.