Severity by source
CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Green
Primary rating from Vendor (palo_alto) · only source for this CVE.
CVSS VectorVendor: palo_alto
CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Green
Lifecycle Timeline
7DescriptionCVE.org
A certificate validation vulnerability in Palo Alto Networks Autonomous Digital Experience Manager on Windows allows an unauthenticated attacker with adjacent network access to execute arbitrary code with NT AUTHORITY\SYSTEM privileges.
Articles & Coverage 1
AnalysisAI
Remote code execution in Palo Alto Networks Autonomous Digital Experience Manager on Windows via certificate validation bypass allows unauthenticated attackers with adjacent network access to execute arbitrary code with NT AUTHORITY\SYSTEM privileges. CVSS score is 2.0 but reflects a physical adjacency attack vector (AV:P); real-world risk depends on network topology and whether the manager is exposed on trusted adjacent networks. No public exploit code or active exploitation has been confirmed at time of analysis.
Technical ContextAI
Autonomous Digital Experience Manager implements TLS/SSL certificate validation to authenticate connections from clients and endpoints. The vulnerability (CWE-295: Improper Certificate Validation) stems from insufficient validation logic that allows an attacker on an adjacent network segment to bypass certificate checks and establish a malicious connection. The manager runs on Windows with elevated system privileges (NT AUTHORITY\SYSTEM), making successful exploitation result in full system compromise. The attack surface is limited by the physical adjacency requirement (AV:P in CVSS v4.0), meaning the attacker must be on the same network link or have routed access to the management interface.
RemediationAI
Upgrade Autonomous Digital Experience Manager to version 5.10.14 or later immediately. This patched version corrects the certificate validation logic and eliminates the code execution path. For organizations unable to patch immediately, implement network segmentation to restrict adjacent-network access to the manager: isolate the management interface to a dedicated administrative VLAN, enforce firewall rules to limit inbound connections to known administrative systems, and disable direct routing between untrusted network segments and the manager. Verify certificate validation is enabled in all client and endpoint configurations connecting to the manager. Refer to the official Palo Alto Networks security advisory at https://security.paloaltonetworks.com/CVE-2026-0233 for detailed patching instructions and deployment guidance.
Same weakness CWE-295 – Improper Certificate Validation
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-21898