Skip to main content

Trust Protection Foundation EUVDEUVD-2026-30094

| CVE-2026-0242 MEDIUM
SQL Injection (CWE-89)
2026-05-13 palo_alto GHSA-q9w8-2xxh-ccfm
6.1
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
6.1 MEDIUM
CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:C/RE:M/U:Amber

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:C/RE:M/U:Amber
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

3
Analysis Generated
Jun 08, 2026 - 10:41 vuln.today
Patch available
May 13, 2026 - 20:02 EUVD
CVSS changed
May 13, 2026 - 19:22 NVD
6.1 (MEDIUM)

DescriptionCVE.org

A SQL injection vulnerability in Trust Protection Foundation allows an authenticated attacker to execute arbitrary SQL commands against the product database. Successful exploitation could allow an attacker to read sensitive data, modify database contents, and escalate privileges to gain full administrative control of the platform.

AnalysisAI

SQL injection in Palo Alto Networks Trust Protection Foundation exposes the platform database to arbitrary command execution by authenticated attackers on an adjacent network. Affected versions span four active release trains (24.1.x, 24.3.x, 25.1.x, 25.3.x), with successful exploitation enabling full database read/write access and privilege escalation to administrative control. No public exploit code exists and no active exploitation has been identified; EPSS sits at 0.01% and SSVC exploitation status is 'none', but the SSVC technical impact rating of 'total' underscores the severity of a successful attack.

Technical ContextAI

CWE-89 (Improper Neutralization of Special Elements used in SQL Command) describes a failure to sanitize or parameterize user-controlled input before it is passed to a SQL query engine. In Trust Protection Foundation - Palo Alto Networks' PKI and certificate lifecycle management platform (CPE: cpe:2.3:a:palo_alto_networks:trust_protection_foundation:*:*:*:*:*:*:*:*) - at least one authenticated endpoint constructs SQL queries incorporating unsanitized user input, permitting injection of arbitrary SQL syntax. The CVSS 4.0 attack vector of Adjacent (AV:A) indicates exploitation requires the attacker to share a local network, Bluetooth, or similar adjacent segment with the target, which is architecturally consistent with an enterprise certificate management platform typically deployed inside a protected network zone rather than directly internet-facing.

RemediationAI

Upgrade to the nearest fixed release for your branch: Trust Protection Foundation 24.1.13, 24.3.6, 25.1.8, or 25.3.3, per the vendor advisory at https://security.paloaltonetworks.com/CVE-2026-0242. If immediate patching is not feasible, the adjacency requirement (AV:A) provides a structural compensating control - restricting network access to the Trust Protection Foundation management interface to only authorized administrator subnets via firewall ACLs or network segmentation will prevent adjacent-but-unauthorized users from reaching the vulnerable endpoint. Additionally, enforcing the principle of least privilege by auditing which users hold even low-level authenticated access to the platform reduces the pool of potential attackers. Note that network restriction does not eliminate risk for users who legitimately require adjacent access; the side effect of tightening ACLs may impact legitimate PKI operator workflows. Removing low-privilege accounts that have no operational need to access the platform is a zero-side-effect hardening measure.

Share

EUVD-2026-30094 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy