HIGHCVE-2026-0234Published 2026-04-13Modified 2026-04-14CNA palo_alto

CVE-2026-0234: Cortex XSOAR: Improper Verification of Cryptographic Signature in Microsoft Teams integration

An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR and Cortex XSIAM platforms during integration of Microsoft Teams that enables an unauthenticated user to access and modify protected resources.

CVSS v4.0: 7.2
Severity: HIGH
Fixed in: 1.5.52
Affected Products: 2

Fix available

1.5.52

Affected packages

Palo Alto Networks / Cortex XSOAR Microsoft Teams Marketplace
< 1.5.52 (from 1.5.0)
Palo Alto Networks / Cortex XSIAM Microsoft Teams Marketplace
< 1.5.52 (from 1.5.0)

CVSS Vector

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Red

References

security.paloaltonetworks.com

Metrics

Fix available