EUVD-2026-21899

| CVE-2026-0234 HIGH
2026-04-13 palo_alto GHSA-w48x-mvpf-jfc3
7.2
CVSS 4.0
Share

CVSS Vector

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Red
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

2
Analysis Generated
Apr 13, 2026 - 10:01 vuln.today
CVSS Changed
Apr 13, 2026 - 08:22 NVD
7.2 (HIGH)

Tags

Information Disclosure Microsoft Jwt Attack

Description

An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR and Cortex XSIAM platforms during integration of Microsoft Teams that enables an unauthenticated user to access and modify protected resources.

Analysis

Cryptographic signature bypass in Palo Alto Networks Cortex XSOAR and XSIAM Microsoft Teams integrations (versions 1.5.0 through 1.5.51) allows unauthenticated remote attackers to access and modify protected resources. The vulnerability stems from improper JWT verification (CWE-347), enabling attackers to forge authentication tokens. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Remediation

Within 24 hours: identify all Cortex XSOAR and XSIAM instances running Teams integrations and confirm installed version (1.5.0-1.5.51 are affected). Within 7 days: upgrade to version 1.5.52 or later as released by Palo Alto Networks. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Priority Score

36
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +36
POC: 0

Share

EUVD-2026-21899 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy