Skip to main content

Jwt Attack CVE-2026-0234

| EUVDEUVD-2026-21899 HIGH
Improper Verification of Cryptographic Signature (CWE-347)
2026-04-13 palo_alto GHSA-w48x-mvpf-jfc3
7.2
CVSS 4.0 · Vendor: palo_alto
Share

Severity by source

Vendor (palo_alto) PRIMARY
7.2 HIGH
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Red

Primary rating from Vendor (palo_alto) · only source for this CVE.

CVSS VectorVendor: palo_alto

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Red
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

9
Analysis Updated
Apr 16, 2026 - 05:57 EUVD-patch-fix
executive_summary
Re-analysis Queued
Apr 16, 2026 - 05:29 backfill_euvd_patch
patch_released
Patch available
Apr 16, 2026 - 05:29 EUVD
1.5.52
Patch released
Apr 13, 2026 - 15:01 nvd
Patch available
Analysis Generated
Apr 13, 2026 - 10:01 vuln.today
CVSS changed
Apr 13, 2026 - 08:22 NVD
7.2 (HIGH)
EUVD ID Assigned
Apr 13, 2026 - 07:45 euvd
EUVD-2026-21899
Analysis Generated
Apr 13, 2026 - 07:45 vuln.today
CVE Published
Apr 13, 2026 - 07:15 nvd
HIGH 7.2

DescriptionCVE.org

An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR and Cortex XSIAM platforms during integration of Microsoft Teams that enables an unauthenticated user to access and modify protected resources.

AnalysisAI

Cryptographic signature bypass in Palo Alto Networks Cortex XSOAR and XSIAM Microsoft Teams integrations (versions 1.5.0 through 1.5.51) allows unauthenticated remote attackers to access and modify protected resources. The vulnerability stems from improper JWT verification (CWE-347), enabling attackers to forge authentication tokens. With CVSS 7.2 (High complexity, network-accessible, no privileges required) and tags indicating JWT attack vectors and information disclosure potential, this represents a critical integration security flaw requiring immediate patching to version 1.5.52 or later.

Technical ContextAI

This vulnerability affects the Microsoft Teams marketplace integrations for both Cortex XSOAR (Security Orchestration, Automation and Response) and Cortex XSIAM (Extended Security Intelligence and Automation Management) platforms. The root cause is CWE-347 (Improper Verification of Cryptographic Signature), specifically related to JSON Web Token (JWT) validation failures. JWTs are cryptographic tokens used to authenticate API requests between integrated services. When signature verification is improperly implemented, attackers can forge valid-looking tokens by manipulating the JWT header or payload without possessing the legitimate signing key. In Microsoft Teams integrations, these tokens typically authenticate webhook callbacks and API interactions. The affected CPE strings indicate this is specific to the Microsoft Teams Marketplace component versions 1.5.0 through 1.5.51 in both XSOAR and XSIAM platforms, not the core platforms themselves.

RemediationAI

Upgrade the Microsoft Teams Marketplace integration to version 1.5.52 or later for both Cortex XSOAR and Cortex XSIAM platforms, as this version contains fixes for the cryptographic signature verification flaw. Access the Palo Alto Networks security advisory at https://security.paloaltonetworks.com/CVE-2026-0234 for official update guidance and distribution channels. Until patching is complete, consider temporarily disabling the Microsoft Teams integration if it is not critical to operations, or implement additional network-level access controls to restrict integration endpoint exposure. Review authentication logs for the Teams integration during the vulnerable period for any suspicious access patterns or unauthorized resource modifications that may indicate exploitation attempts.

CVE-2013-3900 MEDIUM
5.5 Dec 11

Why is Microsoft republishing a CVE from 2013? We are republishing CVE-2013-3900 in the Security Update Guide to update

CVE-2026-48558 CRITICAL POC
9.5 Jun 12

Authentication bypass in SimpleHelp 5.5.15 and prior (plus 6.0 pre-release builds) allows remote unauthenticated attacke

CVE-2025-59718 CRITICAL
9.8 Dec 09

Authentication bypass in Fortinet FortiOS, FortiProxy, and FortiSwitchManager allows unauthenticated remote attackers to

CVE-2025-25291 CRITICAL POC
9.3 Mar 12

ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. Rated critical severity (CVS

CVE-2025-25292 CRITICAL POC
9.3 Mar 12

ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. Rated critical severity (CVS

CVE-2022-25898 CRITICAL POC
9.8 Jul 01

The package jsrsasign before 10.5.25 are vulnerable to Improper Verification of Cryptographic Signature when JWS or JWT

CVE-2024-42004 CRITICAL POC
9.8 Dec 18

A library injection vulnerability exists in Microsoft Teams (work or school) 24046.2813.2770.1094 for macOS. Rated criti

CVE-2024-41145 CRITICAL POC
9.8 Dec 18

A library injection vulnerability exists in the WebView.app helper app of Microsoft Teams (work or school) 24046.2813.27

CVE-2024-41138 CRITICAL POC
9.8 Dec 18

A library injection vulnerability exists in the com.microsoft.teams2.modulehost.app helper app of Microsoft Teams (work

CVE-2024-45409 CRITICAL POC
9.8 Sep 10

The Ruby SAML library is for implementing the client side of a SAML authorization. Rated critical severity (CVSS 9.8), t

CVE-2022-35929 CRITICAL POC
9.8 Aug 04

cosign is a container signing and verification utility. Rated critical severity (CVSS 9.8), this vulnerability is remote

CVE-2022-31053 CRITICAL POC
9.8 Jun 13

Biscuit is an authentication and authorization token for microservices architectures. Rated critical severity (CVSS 9.8)

Share

CVE-2026-0234 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy