Refine your search
1 vulnerability found for Cortex XSOAR Microsoft Teams Marketplace by Palo Alto Networks
CVE-2026-0234 (GCVE-0-2026-0234)
Vulnerability from cvelistv5
Published
2026-04-13 07:15
Modified
2026-04-14 03:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-347 - Improper Verification of Cryptographic Signature
Summary
An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR and Cortex XSIAM platforms during integration of Microsoft Teams that enables an unauthenticated user to access and modify protected resources.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Palo Alto Networks | Cortex XSOAR Microsoft Teams Marketplace |
Version: 1.5.0 < 1.5.52 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-0234",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-13T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T03:55:44.286Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Cortex XSOAR Microsoft Teams Marketplace",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "1.5.52",
"status": "unaffected"
}
],
"lessThan": "1.5.52",
"status": "affected",
"version": "1.5.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Cortex XSIAM Microsoft Teams Marketplace",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "1.5.52",
"status": "unaffected"
}
],
"lessThan": "1.5.52",
"status": "affected",
"version": "1.5.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:palo_alto_networks:cortex_xsoar_microsoft_teams_marketplace:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.5.52",
"versionStartIncluding": "1.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:palo_alto_networks:cortex_xsiam_microsoft_teams_marketplace:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.5.52",
"versionStartIncluding": "1.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "quinn"
}
],
"datePublic": "2026-04-08T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan\u003eAn improper verification of cryptographic signature vulnerability exists in Cortex XSOAR and Cortex XSIAM platforms during integration of Microsoft Teams that enables an unauthenticated user to access and modify protected resources.\u0026nbsp;\u003c/span\u003e"
}
],
"value": "An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR and Cortex XSIAM platforms during integration of Microsoft Teams that enables an unauthenticated user to access and modify protected resources."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"impacts": [
{
"capecId": "CAPEC-475",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-475 Signature Spoofing by Improper Validation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"exploitMaturity": "UNREPORTED",
"privilegesRequired": "NONE",
"providerUrgency": "RED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Red",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347 Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T07:15:03.667Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2026-0234"
}
],
"solutions": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ctable class=\"tbl\"\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eVersion\u003cbr\u003e\u003c/th\u003e\u003cth\u003eMinor Version\u003cbr\u003e\u003c/th\u003e\u003cth\u003eSuggested Solution\u003cbr\u003e\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\n \u003ctd\u003eCortex XSOAR Microsoft Teams Marketplace 1.5\u003cbr\u003e\u003c/td\u003e\n \u003ctd\u003e1.5.0 through 1.5.51\u003c/td\u003e\n \u003ctd\u003eUpgrade to 1.5.52 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003eCortex XSIAM Microsoft Teams Marketplace 1.5\u003cbr\u003e\u003c/td\u003e\n \u003ctd\u003e1.5.0 through 1.5.51\u003c/td\u003e\n \u003ctd\u003eUpgrade to 1.5.52 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e"
}
],
"value": "Version\nMinor Version\nSuggested Solution\n\n Cortex XSOAR Microsoft Teams Marketplace 1.5\n\n 1.5.0 through 1.5.51\n Upgrade to 1.5.52 or later.\n \n Cortex XSIAM Microsoft Teams Marketplace 1.5\n\n 1.5.0 through 1.5.51\n Upgrade to 1.5.52 or later."
}
],
"source": {
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2026-04-08T16:00:00.000Z",
"value": "Initial Publication"
}
],
"title": "Cortex XSOAR: Improper Verification of Cryptographic Signature in Microsoft Teams integration",
"workarounds": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "No known workarounds exist for this issue."
}
],
"value": "No known workarounds exist for this issue."
}
],
"x_affectedList": [
"Cortex XSOAR Microsoft Teams Marketplace 1.5.0",
"Cortex XSOAR Microsoft Teams Marketplace 1.5.1",
"Cortex XSOAR Microsoft Teams Marketplace 1.5.2",
"Cortex XSOAR Microsoft Teams Marketplace 1.5.3",
"Cortex XSOAR Microsoft Teams Marketplace 1.5.4",
"Cortex XSOAR Microsoft Teams Marketplace 1.5.5",
"Cortex XSOAR Microsoft Teams Marketplace 1.5.6",
"Cortex XSOAR Microsoft Teams Marketplace 1.5.7",
"Cortex XSOAR Microsoft Teams Marketplace 1.5.8",
"Cortex XSOAR Microsoft Teams Marketplace 1.5.9",
"Cortex XSOAR Microsoft Teams Marketplace 1.5.10",
"Cortex XSOAR Microsoft Teams Marketplace 1.5.11",
"Cortex XSOAR Microsoft Teams Marketplace 1.5.12",
"Cortex XSOAR Microsoft Teams Marketplace 1.5.13",
"Cortex XSOAR Microsoft Teams Marketplace 1.5.14",
"Cortex XSOAR Microsoft Teams Marketplace 1.5.15",
"Cortex XSOAR Microsoft Teams Marketplace 1.5.16",
"Cortex XSOAR Microsoft Teams Marketplace 1.5.17",
"Cortex XSOAR Microsoft Teams Marketplace 1.5.18",
"Cortex XSOAR Microsoft Teams Marketplace 1.5.19",
"Cortex XSOAR Microsoft Teams Marketplace 1.5.20",
"Cortex XSOAR Microsoft Teams Marketplace 1.5.21",
"Cortex XSOAR Microsoft Teams Marketplace 1.5.22",
"Cortex XSOAR Microsoft Teams Marketplace 1.5.23",
"Cortex XSOAR Microsoft Teams Marketplace 1.5.24",
"Cortex XSOAR Microsoft Teams Marketplace 1.5.25",
"Cortex XSOAR Microsoft Teams Marketplace 1.5.26",
"Cortex XSOAR Microsoft Teams Marketplace 1.5.27",
"Cortex XSOAR Microsoft Teams Marketplace 1.5.28",
"Cortex XSOAR Microsoft Teams Marketplace 1.5.29",
"Cortex XSOAR Microsoft Teams Marketplace 1.5.30",
"Cortex XSOAR Microsoft Teams Marketplace 1.5.31",
"Cortex XSOAR Microsoft Teams Marketplace 1.5.32",
"Cortex XSOAR Microsoft Teams Marketplace 1.5.33",
"Cortex XSOAR Microsoft Teams Marketplace 1.5.34",
"Cortex XSOAR Microsoft Teams Marketplace 1.5.35",
"Cortex XSOAR Microsoft Teams Marketplace 1.5.36",
"Cortex XSOAR Microsoft Teams Marketplace 1.5.37",
"Cortex XSOAR Microsoft Teams Marketplace 1.5.38",
"Cortex XSOAR Microsoft Teams Marketplace 1.5.39",
"Cortex XSOAR Microsoft Teams Marketplace 1.5.40",
"Cortex XSOAR Microsoft Teams Marketplace 1.5.41",
"Cortex XSOAR Microsoft Teams Marketplace 1.5.42",
"Cortex XSOAR Microsoft Teams Marketplace 1.5.43",
"Cortex XSOAR Microsoft Teams Marketplace 1.5.44",
"Cortex XSOAR Microsoft Teams Marketplace 1.5.45",
"Cortex XSOAR Microsoft Teams Marketplace 1.5.46",
"Cortex XSOAR Microsoft Teams Marketplace 1.5.47",
"Cortex XSOAR Microsoft Teams Marketplace 1.5.48",
"Cortex XSOAR Microsoft Teams Marketplace 1.5.49",
"Cortex XSOAR Microsoft Teams Marketplace 1.5.50",
"Cortex XSOAR Microsoft Teams Marketplace 1.5.51",
"Cortex XSIAM Microsoft Teams Marketplace 1.5.0",
"Cortex XSIAM Microsoft Teams Marketplace 1.5.1",
"Cortex XSIAM Microsoft Teams Marketplace 1.5.2",
"Cortex XSIAM Microsoft Teams Marketplace 1.5.3",
"Cortex XSIAM Microsoft Teams Marketplace 1.5.4",
"Cortex XSIAM Microsoft Teams Marketplace 1.5.5",
"Cortex XSIAM Microsoft Teams Marketplace 1.5.6",
"Cortex XSIAM Microsoft Teams Marketplace 1.5.7",
"Cortex XSIAM Microsoft Teams Marketplace 1.5.8",
"Cortex XSIAM Microsoft Teams Marketplace 1.5.9",
"Cortex XSIAM Microsoft Teams Marketplace 1.5.10",
"Cortex XSIAM Microsoft Teams Marketplace 1.5.11",
"Cortex XSIAM Microsoft Teams Marketplace 1.5.12",
"Cortex XSIAM Microsoft Teams Marketplace 1.5.13",
"Cortex XSIAM Microsoft Teams Marketplace 1.5.14",
"Cortex XSIAM Microsoft Teams Marketplace 1.5.15",
"Cortex XSIAM Microsoft Teams Marketplace 1.5.16",
"Cortex XSIAM Microsoft Teams Marketplace 1.5.17",
"Cortex XSIAM Microsoft Teams Marketplace 1.5.18",
"Cortex XSIAM Microsoft Teams Marketplace 1.5.19",
"Cortex XSIAM Microsoft Teams Marketplace 1.5.20",
"Cortex XSIAM Microsoft Teams Marketplace 1.5.21",
"Cortex XSIAM Microsoft Teams Marketplace 1.5.22",
"Cortex XSIAM Microsoft Teams Marketplace 1.5.23",
"Cortex XSIAM Microsoft Teams Marketplace 1.5.24",
"Cortex XSIAM Microsoft Teams Marketplace 1.5.25",
"Cortex XSIAM Microsoft Teams Marketplace 1.5.26",
"Cortex XSIAM Microsoft Teams Marketplace 1.5.27",
"Cortex XSIAM Microsoft Teams Marketplace 1.5.28",
"Cortex XSIAM Microsoft Teams Marketplace 1.5.29",
"Cortex XSIAM Microsoft Teams Marketplace 1.5.30",
"Cortex XSIAM Microsoft Teams Marketplace 1.5.31",
"Cortex XSIAM Microsoft Teams Marketplace 1.5.32",
"Cortex XSIAM Microsoft Teams Marketplace 1.5.33",
"Cortex XSIAM Microsoft Teams Marketplace 1.5.34",
"Cortex XSIAM Microsoft Teams Marketplace 1.5.35",
"Cortex XSIAM Microsoft Teams Marketplace 1.5.36",
"Cortex XSIAM Microsoft Teams Marketplace 1.5.37",
"Cortex XSIAM Microsoft Teams Marketplace 1.5.38",
"Cortex XSIAM Microsoft Teams Marketplace 1.5.39",
"Cortex XSIAM Microsoft Teams Marketplace 1.5.40",
"Cortex XSIAM Microsoft Teams Marketplace 1.5.41",
"Cortex XSIAM Microsoft Teams Marketplace 1.5.42",
"Cortex XSIAM Microsoft Teams Marketplace 1.5.43",
"Cortex XSIAM Microsoft Teams Marketplace 1.5.44",
"Cortex XSIAM Microsoft Teams Marketplace 1.5.45",
"Cortex XSIAM Microsoft Teams Marketplace 1.5.46",
"Cortex XSIAM Microsoft Teams Marketplace 1.5.47",
"Cortex XSIAM Microsoft Teams Marketplace 1.5.48",
"Cortex XSIAM Microsoft Teams Marketplace 1.5.49",
"Cortex XSIAM Microsoft Teams Marketplace 1.5.50",
"Cortex XSIAM Microsoft Teams Marketplace 1.5.51"
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2026-0234",
"datePublished": "2026-04-13T07:15:03.667Z",
"dateReserved": "2025-11-03T20:43:55.337Z",
"dateUpdated": "2026-04-14T03:55:44.286Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}