Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Red
Description states unauthenticated network access to read and modify protected resources, so AV:N/AC:L/PR:N/UI:N with C:H and I:H; availability impact is not described, so A:N.
Primary rating from Vendor (palo_alto).
CVSS VectorVendor: palo_alto
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Red
Lifecycle Timeline
2DescriptionCVE.org
An improper validation of credentials vulnerability in the CommvaultSecurityIQ integration for Cortex XSOAR and Cortex XSIAM allows an unauthenticated attacker to access and modify protected resources.
AnalysisAI
Improper credential validation in the CommvaultSecurityIQ integration for Palo Alto Networks Cortex XSOAR and Cortex XSIAM allows remote attackers to read and modify protected resources without authentication. The CVSS 4.0 base score of 8.1 reflects high impact to confidentiality, integrity, and availability across a network-reachable attack surface, though no public exploit identified at time of analysis and the issue is not listed in CISA KEV.
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires that the target Cortex XSOAR or Cortex XSIAM tenant has the CommvaultSecurityIQ marketplace integration installed and enabled, and that the attacker has network reachability to the tenant endpoint serving the integration. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H) indicates a network-reachable, low-complexity, unauthenticated path with high impact to the vulnerable system, which on paper is a high-priority issue; however, the threat-intelligence sub-vector E:U (exploit maturity Unproven), the absence from CISA KEV, the lack of a public PoC, and the limited deployment surface (only environments that have installed and configured the CommvaultSecurityIQ integration) substantially lower realistic risk. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A remote attacker who can reach the Cortex XSOAR or XSIAM tenant endpoints hosting the CommvaultSecurityIQ integration sends crafted requests that bypass credential validation, then queries or modifies Commvault-managed resources such as backup job metadata, retention policies, or stored secrets. Because the issue requires no authentication and no user interaction, exploitation could be scripted, but no public exploit identified at time of analysis limits opportunistic abuse to actors with their own research. |
| Remediation | Patch available per vendor advisory: review https://security.paloaltonetworks.com/CVE-2026-0274 and update the CommvaultSecurityIQ marketplace content pack in both Cortex XSOAR and Cortex XSIAM tenants to the fixed version listed by Palo Alto Networks. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: identify all XSOAR and XSIAM deployments using CommvaultSecurityIQ integration and assess external network exposure. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-1390 – Weak Authentication
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-36150
GHSA-fx9p-pvqh-vrhg