Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2026-AVI-0412
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Palo Alto Networks. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Palo Alto Networks | N/A | Cortex XSIAM Microsoft Teams Marketplace versions 1.5.x antérieures à 1.5.52 | ||
| Palo Alto Networks | Cortex XDR Agent | Cortex XDR Agent sans CU-2120 sur Windows versions 8.3-CE sans les derniers correctifs de sécurité | ||
| Palo Alto Networks | N/A | Cortex XSOAR Microsoft Teams Marketplace versions 1.5.x antérieures à 1.5.52 | ||
| Palo Alto Networks | Cortex XDR Agent | Cortex XDR Agent sans CU-2120 sur Windows versions 7.9-CE sans les derniers correctifs de sécurité | ||
| Palo Alto Networks | Cortex XDR Agent | Cortex XDR Agent sans CU-2120 sur Windows versions 8.7-CE antérieures à 8.7.101-CE | ||
| Palo Alto Networks | N/A | Autonomous Digital Experience Manager pour Windows versions 5.10.x antérieures à 5.10.4 | ||
| Palo Alto Networks | Cortex XDR Agent | Cortex XDR Agent sans CU-2120 sur Windows versions 9.0.x antérieures à 9.0.1 | ||
| Palo Alto Networks | Prisma Access Browser | Prisma Browser versions antérieures à 146.3.8.76 | ||
| Palo Alto Networks | Cortex XDR Agent | Cortex XDR Agent versions 8.9.x antérieures à 8.9.1 |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cortex XSIAM Microsoft Teams Marketplace versions 1.5.x ant\u00e9rieures \u00e0 1.5.52",
"product": {
"name": "N/A",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XDR Agent sans CU-2120 sur Windows versions 8.3-CE sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "Cortex XDR Agent",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XSOAR Microsoft Teams Marketplace versions 1.5.x ant\u00e9rieures \u00e0 1.5.52",
"product": {
"name": "N/A",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XDR Agent sans CU-2120 sur Windows versions 7.9-CE sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "Cortex XDR Agent",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XDR Agent sans CU-2120 sur Windows versions 8.7-CE ant\u00e9rieures \u00e0 8.7.101-CE",
"product": {
"name": "Cortex XDR Agent",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Autonomous Digital Experience Manager pour Windows versions 5.10.x ant\u00e9rieures \u00e0 5.10.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XDR Agent sans CU-2120 sur Windows versions 9.0.x ant\u00e9rieures \u00e0 9.0.1",
"product": {
"name": "Cortex XDR Agent",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Prisma Browser versions ant\u00e9rieures \u00e0 146.3.8.76",
"product": {
"name": "Prisma Access Browser",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XDR Agent versions 8.9.x ant\u00e9rieures \u00e0 8.9.1",
"product": {
"name": "Cortex XDR Agent",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-3935",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3935"
},
{
"name": "CVE-2026-0234",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0234"
},
{
"name": "CVE-2026-3543",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3543"
},
{
"name": "CVE-2026-3540",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3540"
},
{
"name": "CVE-2026-4464",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4464"
},
{
"name": "CVE-2026-5291",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5291"
},
{
"name": "CVE-2026-3061",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3061"
},
{
"name": "CVE-2026-3062",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3062"
},
{
"name": "CVE-2026-5284",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5284"
},
{
"name": "CVE-2026-3544",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3544"
},
{
"name": "CVE-2026-2648",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2648"
},
{
"name": "CVE-2026-3537",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3537"
},
{
"name": "CVE-2026-4679",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4679"
},
{
"name": "CVE-2026-3909",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3909"
},
{
"name": "CVE-2026-2650",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2650"
},
{
"name": "CVE-2026-3541",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3541"
},
{
"name": "CVE-2026-3940",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3940"
},
{
"name": "CVE-2026-3539",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3539"
},
{
"name": "CVE-2026-3538",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3538"
},
{
"name": "CVE-2026-4680",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4680"
},
{
"name": "CVE-2026-3927",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3927"
},
{
"name": "CVE-2026-3542",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3542"
},
{
"name": "CVE-2026-3926",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3926"
},
{
"name": "CVE-2026-3536",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3536"
},
{
"name": "CVE-2026-5287",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5287"
},
{
"name": "CVE-2026-3063",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3063"
},
{
"name": "CVE-2026-5292",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5292"
},
{
"name": "CVE-2026-0233",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0233"
},
{
"name": "CVE-2026-5281",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5281"
},
{
"name": "CVE-2026-3545",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3545"
},
{
"name": "CVE-2026-3910",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3910"
},
{
"name": "CVE-2026-2649",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2649"
},
{
"name": "CVE-2026-0232",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0232"
},
{
"name": "CVE-2026-3936",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3936"
}
],
"initial_release_date": "2026-04-09T00:00:00",
"last_revision_date": "2026-04-09T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0412",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-04-09T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Palo Alto Networks. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Palo Alto Networks",
"vendor_advisories": [
{
"published_at": "2026-04-08",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2026-0233",
"url": "https://security.paloaltonetworks.com/CVE-2026-0233"
},
{
"published_at": "2026-04-08",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2026-0234",
"url": "https://security.paloaltonetworks.com/CVE-2026-0234"
},
{
"published_at": "2026-04-08",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2026-0232",
"url": "https://security.paloaltonetworks.com/CVE-2026-0232"
},
{
"published_at": "2026-04-08",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks PAN-SA-2026-0004",
"url": "https://security.paloaltonetworks.com/PAN-SA-2026-0004"
}
]
}
CVE-2026-3541 (GCVE-0-2026-3541)
Vulnerability from cvelistv5
Published
2026-03-04 19:24
Modified
2026-03-05 16:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Inappropriate implementation
Summary
Inappropriate implementation in CSS in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-3541",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-05T16:06:53.517239Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T16:09:38.228Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "145.0.7632.159",
"status": "affected",
"version": "145.0.7632.159",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Inappropriate implementation in CSS in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Inappropriate implementation",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-04T19:24:29.071Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop.html"
},
{
"url": "https://issues.chromium.org/issues/484811719"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-3541",
"datePublished": "2026-03-04T19:24:29.071Z",
"dateReserved": "2026-03-04T18:18:28.806Z",
"dateUpdated": "2026-03-05T16:09:38.228Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-3063 (GCVE-0-2026-3063)
Vulnerability from cvelistv5
Published
2026-02-23 22:17
Modified
2026-02-26 14:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Inappropriate implementation
Summary
Inappropriate implementation in DevTools in Google Chrome prior to 145.0.7632.116 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via DevTools. (Chromium security severity: High)
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-3063",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-25T04:55:34.076430Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T14:44:10.495Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "145.0.7632.116",
"status": "affected",
"version": "145.0.7632.116",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Inappropriate implementation in DevTools in Google Chrome prior to 145.0.7632.116 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via DevTools. (Chromium security severity: High)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Inappropriate implementation",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-23T22:17:19.953Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop_23.html"
},
{
"url": "https://issues.chromium.org/issues/485287859"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-3063",
"datePublished": "2026-02-23T22:17:19.953Z",
"dateReserved": "2026-02-23T18:41:53.917Z",
"dateUpdated": "2026-02-26T14:44:10.495Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-3543 (GCVE-0-2026-3543)
Vulnerability from cvelistv5
Published
2026-03-04 19:24
Modified
2026-03-05 16:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Inappropriate implementation
Summary
Inappropriate implementation in V8 in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-3543",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-05T16:15:32.776785Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T16:16:11.459Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "145.0.7632.159",
"status": "affected",
"version": "145.0.7632.159",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Inappropriate implementation in V8 in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Inappropriate implementation",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-04T19:24:30.158Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop.html"
},
{
"url": "https://issues.chromium.org/issues/485267831"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-3543",
"datePublished": "2026-03-04T19:24:30.158Z",
"dateReserved": "2026-03-04T18:18:29.754Z",
"dateUpdated": "2026-03-05T16:16:11.459Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-2648 (GCVE-0-2026-2648)
Vulnerability from cvelistv5
Published
2026-02-18 21:39
Modified
2026-02-26 14:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-122 - Heap buffer overflow
Summary
Heap buffer overflow in PDFium in Google Chrome prior to 145.0.7632.109 allowed a remote attacker to perform an out of bounds memory write via a crafted PDF file. (Chromium security severity: High)
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-2648",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-19T04:55:54.299314Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T14:44:15.504Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "145.0.7632.109",
"status": "affected",
"version": "145.0.7632.109",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Heap buffer overflow in PDFium in Google Chrome prior to 145.0.7632.109 allowed a remote attacker to perform an out of bounds memory write via a crafted PDF file. (Chromium security severity: High)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap buffer overflow",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-18T21:39:03.100Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop_18.html"
},
{
"url": "https://issues.chromium.org/issues/477033835"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-2648",
"datePublished": "2026-02-18T21:39:03.100Z",
"dateReserved": "2026-02-18T00:23:54.007Z",
"dateUpdated": "2026-02-26T14:44:15.504Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-3540 (GCVE-0-2026-3540)
Vulnerability from cvelistv5
Published
2026-03-04 19:24
Modified
2026-03-05 14:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Inappropriate implementation
Summary
Inappropriate implementation in WebAudio in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-3540",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-05T04:55:57.236918Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T14:04:18.110Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "145.0.7632.159",
"status": "affected",
"version": "145.0.7632.159",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Inappropriate implementation in WebAudio in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Inappropriate implementation",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-04T19:24:28.730Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop.html"
},
{
"url": "https://issues.chromium.org/issues/484088917"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-3540",
"datePublished": "2026-03-04T19:24:28.730Z",
"dateReserved": "2026-03-04T18:18:28.511Z",
"dateUpdated": "2026-03-05T14:04:18.110Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-2649 (GCVE-0-2026-2649)
Vulnerability from cvelistv5
Published
2026-02-18 21:39
Modified
2026-02-26 14:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-472 - Integer overflow
Summary
Integer overflow in V8 in Google Chrome prior to 145.0.7632.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-2649",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-19T04:55:52.799562Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T14:44:15.324Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "145.0.7632.109",
"status": "affected",
"version": "145.0.7632.109",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in V8 in Google Chrome prior to 145.0.7632.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-472",
"description": "Integer overflow",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-18T21:39:03.873Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop_18.html"
},
{
"url": "https://issues.chromium.org/issues/481074858"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-2649",
"datePublished": "2026-02-18T21:39:03.873Z",
"dateReserved": "2026-02-18T00:23:54.421Z",
"dateUpdated": "2026-02-26T14:44:15.324Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-3940 (GCVE-0-2026-3940)
Vulnerability from cvelistv5
Published
2026-03-11 22:04
Modified
2026-03-14 03:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Insufficient policy enforcement
Summary
Insufficient policy enforcement in DevTools in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-3940",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-14T03:20:09.539889Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-14T03:20:39.940Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "146.0.7680.71",
"status": "affected",
"version": "146.0.7680.71",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insufficient policy enforcement in DevTools in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insufficient policy enforcement",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-11T22:04:16.639Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_10.html"
},
{
"url": "https://issues.chromium.org/issues/470574526"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-3940",
"datePublished": "2026-03-11T22:04:16.639Z",
"dateReserved": "2026-03-11T05:54:15.429Z",
"dateUpdated": "2026-03-14T03:20:39.940Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-3935 (GCVE-0-2026-3935)
Vulnerability from cvelistv5
Published
2026-03-11 22:04
Modified
2026-03-14 03:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Incorrect security UI
Summary
Incorrect security UI in WebAppInstalls in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-3935",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-14T03:05:54.980862Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-451",
"description": "CWE-451 User Interface (UI) Misrepresentation of Critical Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-14T03:06:48.604Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "146.0.7680.71",
"status": "affected",
"version": "146.0.7680.71",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Incorrect security UI in WebAppInstalls in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Incorrect security UI",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-11T22:04:13.816Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_10.html"
},
{
"url": "https://issues.chromium.org/issues/479326680"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-3935",
"datePublished": "2026-03-11T22:04:13.816Z",
"dateReserved": "2026-03-11T05:54:14.137Z",
"dateUpdated": "2026-03-14T03:06:48.604Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5281 (GCVE-0-2026-5281)
Vulnerability from cvelistv5
Published
2026-04-01 04:41
Modified
2026-04-02 03:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-416 - Use after free
Summary
Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-5281",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-01T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2026-04-01",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-5281"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T03:55:36.436Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-5281"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-01T00:00:00.000Z",
"value": "CVE-2026-5281 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "146.0.7680.178",
"status": "affected",
"version": "146.0.7680.178",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "Use after free",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T04:41:32.723Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_31.html"
},
{
"url": "https://issues.chromium.org/issues/491518608"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-5281",
"datePublished": "2026-04-01T04:41:32.723Z",
"dateReserved": "2026-03-31T20:07:13.272Z",
"dateUpdated": "2026-04-02T03:55:36.436Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-3910 (GCVE-0-2026-3910)
Vulnerability from cvelistv5
Published
2026-03-12 21:30
Modified
2026-03-14 03:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Inappropriate implementation
Summary
Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-3910",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-13T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2026-03-13",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-3910"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-14T03:55:26.662Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-3910"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-03-13T00:00:00.000Z",
"value": "CVE-2026-3910 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "146.0.7680.75",
"status": "affected",
"version": "146.0.7680.75",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Inappropriate implementation",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-12T21:30:51.861Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_12.html"
},
{
"url": "https://issues.chromium.org/issues/491410818"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-3910",
"datePublished": "2026-03-12T21:30:51.861Z",
"dateReserved": "2026-03-11T00:54:21.991Z",
"dateUpdated": "2026-03-14T03:55:26.662Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4680 (GCVE-0-2026-4680)
Vulnerability from cvelistv5
Published
2026-03-24 00:24
Modified
2026-03-25 03:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-416 - Use after free
Summary
Use after free in FedCM in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-4680",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-24T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-25T03:55:36.575Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "146.0.7680.165",
"status": "affected",
"version": "146.0.7680.165",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use after free in FedCM in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "Use after free",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-24T00:24:43.349Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_23.html"
},
{
"url": "https://issues.chromium.org/issues/491869946"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-4680",
"datePublished": "2026-03-24T00:24:43.349Z",
"dateReserved": "2026-03-23T21:08:18.895Z",
"dateUpdated": "2026-03-25T03:55:36.575Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-3539 (GCVE-0-2026-3539)
Vulnerability from cvelistv5
Published
2026-03-04 19:24
Modified
2026-03-05 04:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Object lifecycle issue
Summary
Object lifecycle issue in DevTools in Google Chrome prior to 145.0.7632.159 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-3539",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-04T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1091",
"description": "CWE-1091 Use of Object without Invoking Destructor Method",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T04:55:58.846Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "145.0.7632.159",
"status": "affected",
"version": "145.0.7632.159",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Object lifecycle issue in DevTools in Google Chrome prior to 145.0.7632.159 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Object lifecycle issue",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-04T19:24:28.417Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop.html"
},
{
"url": "https://issues.chromium.org/issues/483853098"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-3539",
"datePublished": "2026-03-04T19:24:28.417Z",
"dateReserved": "2026-03-04T18:18:28.201Z",
"dateUpdated": "2026-03-05T04:55:58.846Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-3542 (GCVE-0-2026-3542)
Vulnerability from cvelistv5
Published
2026-03-04 19:24
Modified
2026-03-05 16:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Inappropriate implementation
Summary
Inappropriate implementation in WebAssembly in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-3542",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-05T16:11:05.023794Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T16:14:16.008Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "145.0.7632.159",
"status": "affected",
"version": "145.0.7632.159",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Inappropriate implementation in WebAssembly in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Inappropriate implementation",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-04T19:24:29.811Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop.html"
},
{
"url": "https://issues.chromium.org/issues/485152421"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-3542",
"datePublished": "2026-03-04T19:24:29.811Z",
"dateReserved": "2026-03-04T18:18:29.065Z",
"dateUpdated": "2026-03-05T16:14:16.008Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-2650 (GCVE-0-2026-2650)
Vulnerability from cvelistv5
Published
2026-02-18 21:39
Modified
2026-02-26 14:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-122 - Heap buffer overflow
Summary
Heap buffer overflow in Media in Google Chrome prior to 145.0.7632.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-2650",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-19T04:55:53.565978Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T14:44:15.157Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "145.0.7632.109",
"status": "affected",
"version": "145.0.7632.109",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Heap buffer overflow in Media in Google Chrome prior to 145.0.7632.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap buffer overflow",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-18T21:39:04.464Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop_18.html"
},
{
"url": "https://issues.chromium.org/issues/476461867"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-2650",
"datePublished": "2026-02-18T21:39:04.464Z",
"dateReserved": "2026-02-18T00:23:54.800Z",
"dateUpdated": "2026-02-26T14:44:15.157Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4464 (GCVE-0-2026-4464)
Vulnerability from cvelistv5
Published
2026-03-20 01:34
Modified
2026-03-21 04:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-472 - Integer overflow
Summary
Integer overflow in ANGLE in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-4464",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-20T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-21T04:01:05.873Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "146.0.7680.153",
"status": "affected",
"version": "146.0.7680.153",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in ANGLE in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-472",
"description": "Integer overflow",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-20T01:34:58.888Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_18.html"
},
{
"url": "https://issues.chromium.org/issues/487208468"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-4464",
"datePublished": "2026-03-20T01:34:58.888Z",
"dateReserved": "2026-03-19T20:23:56.088Z",
"dateUpdated": "2026-03-21T04:01:05.873Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5284 (GCVE-0-2026-5284)
Vulnerability from cvelistv5
Published
2026-04-01 04:41
Modified
2026-04-02 03:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-416 - Use after free
Summary
Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-5284",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-01T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T03:55:43.158Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "146.0.7680.178",
"status": "affected",
"version": "146.0.7680.178",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "Use after free",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T04:41:34.167Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_31.html"
},
{
"url": "https://issues.chromium.org/issues/492139412"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-5284",
"datePublished": "2026-04-01T04:41:34.167Z",
"dateReserved": "2026-03-31T20:07:14.065Z",
"dateUpdated": "2026-04-02T03:55:43.158Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-0232 (GCVE-0-2026-0232)
Vulnerability from cvelistv5
Published
2026-04-13 07:22
Modified
2026-04-13 13:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-15 - External Control of System or Configuration Setting
Summary
A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows allows a local Windows administrator to disable the agent. This issue may be leveraged by malware to perform malicious activity without detection.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Palo Alto Networks | Cortex XDR Agent |
Patch: 9.1.0 < 5.10.14 Patch: 9.0 Patch: 8.9 Patch: 8.7-CE |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-0232",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-13T13:14:26.660757Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T13:27:43.511Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Cortex XDR Agent",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "5.10.14",
"status": "unaffected"
}
],
"lessThan": "5.10.14",
"status": "unaffected",
"version": "9.1.0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "9.0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "8.9",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "8.7-CE",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:palo_alto_networks:cortex_xdr_agent:9.0.0:*:*:*:*:Windows:*:*",
"cpe:2.3:a:palo_alto_networks:cortex_xdr_agent:8.9.0:*:*:*:*:Windows:*:*",
"cpe:2.3:a:palo_alto_networks:cortex_xdr_agent:8.7-CE:*:*:*:*:Windows:*:*"
],
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Cortex XDR Agent",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "9.0.1",
"status": "unaffected"
}
],
"lessThan": "9.0.1",
"status": "affected",
"version": "9.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "8.9.1",
"status": "unaffected"
}
],
"lessThan": "8.9.1",
"status": "affected",
"version": "8.9",
"versionType": "custom"
},
{
"changes": [
{
"at": "8.7.101-CE",
"status": "unaffected"
}
],
"lessThan": "8.7.101-CE",
"status": "affected",
"version": "8.7-CE",
"versionType": "custom"
},
{
"changes": [
{
"at": "8.3-CE",
"status": "unaffected"
}
],
"lessThan": "8.3-CE-CU-2120",
"status": "affected",
"version": "8.3-CE",
"versionType": "custom"
},
{
"changes": [
{
"at": "7.9-CE",
"status": "unaffected"
}
],
"lessThan": "7.9-CE-CU-2120",
"status": "affected",
"version": "7.9-CE",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:palo_alto_networks:cortex_xdr_agent:*:*:*:*:*:Windows:*:*",
"versionEndExcluding": "9.0.1",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:palo_alto_networks:cortex_xdr_agent:*:*:*:*:*:Windows:*:*",
"versionEndExcluding": "8.9.1",
"versionStartIncluding": "8.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:palo_alto_networks:cortex_xdr_agent:*:*:*:*:*:Windows:*:*",
"versionEndExcluding": "8.7.101-ce",
"versionStartIncluding": "8.7.101",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "WhatThe0xDoin"
}
],
"datePublic": "2026-04-08T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows allows a local Windows administrator to disable the agent.\u0026nbsp;This issue may be leveraged by malware to perform malicious activity without detection."
}
],
"value": "A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows allows a local Windows administrator to disable the agent.\u00a0This issue may be leveraged by malware to perform malicious activity without detection."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"impacts": [
{
"capecId": "CAPEC-578",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-578 Disable Security Software"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"exploitMaturity": "UNREPORTED",
"privilegesRequired": "HIGH",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/AU:Y/R:U/V:D/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-15",
"description": "CWE-15: External Control of System or Configuration Setting",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T07:22:48.325Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2026-0232"
}
],
"solutions": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eTo fully remediate this vulnerability, customers must ensure their Content Update is at version 2120 or higher. This update provides the necessary protection across all supported versions of Cortex XDR.\u003c/p\u003e\u003cp\u003eWhile the Content Update provides the primary fix, the following software releases include complementary architectural enhancements to further harden the environment:\u003c/p\u003e\u003cul\u003e\u003cli\u003eCortex XDR 9.1.0 (or later)\u003c/li\u003e\u003cli\u003eCortex XDR 9.0.1 (or later)\u003c/li\u003e\u003cli\u003eCortex XDR 8.9.1 (or later)\u003c/li\u003e\u003cli\u003eCortex XDR 8.7.101-CE (or later)\u003c/li\u003e\u003c/ul\u003eNote for 8.3-CE and 7.9-CE: These versions are fully protected by applying Content Update 2120. No additional software upgrade is required for these versions to mitigate this specific vulnerability."
}
],
"value": "To fully remediate this vulnerability, customers must ensure their Content Update is at version 2120 or higher. This update provides the necessary protection across all supported versions of Cortex XDR.\n\nWhile the Content Update provides the primary fix, the following software releases include complementary architectural enhancements to further harden the environment:\n\n * Cortex XDR 9.1.0 (or later)\n * Cortex XDR 9.0.1 (or later)\n * Cortex XDR 8.9.1 (or later)\n * Cortex XDR 8.7.101-CE (or later)\n\nNote for 8.3-CE and 7.9-CE: These versions are fully protected by applying Content Update 2120. No additional software upgrade is required for these versions to mitigate this specific vulnerability."
}
],
"source": {
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2026-04-08T16:00:00.000Z",
"value": "Initial publication."
}
],
"title": "Cortex XDR Agent: Local Administrator can disable the agent on Windows",
"workarounds": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "No known workarounds exist for this issue."
}
],
"value": "No known workarounds exist for this issue."
}
],
"x_affectedList": [
"Cortex XDR Agent 9.0.0",
"Cortex XDR Agent 8.9.0",
"Cortex XDR Agent 8.7-CE"
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2026-0232",
"datePublished": "2026-04-13T07:22:48.325Z",
"dateReserved": "2025-11-03T20:43:53.493Z",
"dateUpdated": "2026-04-13T13:27:43.511Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-3936 (GCVE-0-2026-3936)
Vulnerability from cvelistv5
Published
2026-03-11 22:04
Modified
2026-03-13 03:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-416 - Use after free
Summary
Use after free in WebView in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-3936",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-12T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-13T03:55:40.613Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "146.0.7680.71",
"status": "affected",
"version": "146.0.7680.71",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use after free in WebView in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "Use after free",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-11T22:04:14.376Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_10.html"
},
{
"url": "https://issues.chromium.org/issues/481920229"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-3936",
"datePublished": "2026-03-11T22:04:14.376Z",
"dateReserved": "2026-03-11T05:54:14.400Z",
"dateUpdated": "2026-03-13T03:55:40.613Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-3926 (GCVE-0-2026-3926)
Vulnerability from cvelistv5
Published
2026-03-11 22:04
Modified
2026-03-13 03:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-125 - Out of bounds read
Summary
Out of bounds read in V8 in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-3926",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-12T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-13T03:55:50.935Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "146.0.7680.71",
"status": "affected",
"version": "146.0.7680.71",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out of bounds read in V8 in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out of bounds read",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-11T22:04:09.295Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_10.html"
},
{
"url": "https://issues.chromium.org/issues/478659010"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-3926",
"datePublished": "2026-03-11T22:04:09.295Z",
"dateReserved": "2026-03-11T05:54:11.499Z",
"dateUpdated": "2026-03-13T03:55:50.935Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-3061 (GCVE-0-2026-3061)
Vulnerability from cvelistv5
Published
2026-02-23 22:17
Modified
2026-02-26 14:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-125 - Out of bounds read
Summary
Out of bounds read in Media in Google Chrome prior to 145.0.7632.116 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-3061",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-25T04:55:32.928056Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T14:44:10.813Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "145.0.7632.116",
"status": "affected",
"version": "145.0.7632.116",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out of bounds read in Media in Google Chrome prior to 145.0.7632.116 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out of bounds read",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-23T22:17:17.394Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop_23.html"
},
{
"url": "https://issues.chromium.org/issues/482862710"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-3061",
"datePublished": "2026-02-23T22:17:17.394Z",
"dateReserved": "2026-02-23T18:41:53.196Z",
"dateUpdated": "2026-02-26T14:44:10.813Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-3927 (GCVE-0-2026-3927)
Vulnerability from cvelistv5
Published
2026-03-11 22:04
Modified
2026-03-13 12:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Incorrect security UI
Summary
Incorrect security UI in PictureInPicture in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-3927",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-13T12:48:55.659713Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-451",
"description": "CWE-451 User Interface (UI) Misrepresentation of Critical Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-13T12:50:13.977Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "146.0.7680.71",
"status": "affected",
"version": "146.0.7680.71",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Incorrect security UI in PictureInPicture in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Incorrect security UI",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-11T22:04:09.852Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_10.html"
},
{
"url": "https://issues.chromium.org/issues/474948986"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-3927",
"datePublished": "2026-03-11T22:04:09.852Z",
"dateReserved": "2026-03-11T05:54:11.778Z",
"dateUpdated": "2026-03-13T12:50:13.977Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4679 (GCVE-0-2026-4679)
Vulnerability from cvelistv5
Published
2026-03-24 00:24
Modified
2026-03-25 03:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-472 - Integer overflow
Summary
Integer overflow in Fonts in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-4679",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-24T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-25T03:55:40.157Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "146.0.7680.165",
"status": "affected",
"version": "146.0.7680.165",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in Fonts in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-472",
"description": "Integer overflow",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-24T00:24:42.991Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_23.html"
},
{
"url": "https://issues.chromium.org/issues/491516670"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-4679",
"datePublished": "2026-03-24T00:24:42.991Z",
"dateReserved": "2026-03-23T21:08:18.589Z",
"dateUpdated": "2026-03-25T03:55:40.157Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-0234 (GCVE-0-2026-0234)
Vulnerability from cvelistv5
Published
2026-04-13 07:15
Modified
2026-04-14 03:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-347 - Improper Verification of Cryptographic Signature
Summary
An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR and Cortex XSIAM platforms during integration of Microsoft Teams that enables an unauthenticated user to access and modify protected resources.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Palo Alto Networks | Cortex XSOAR Microsoft Teams Marketplace |
Version: 1.5.0 < 1.5.52 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-0234",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-13T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T03:55:44.286Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Cortex XSOAR Microsoft Teams Marketplace",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "1.5.52",
"status": "unaffected"
}
],
"lessThan": "1.5.52",
"status": "affected",
"version": "1.5.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Cortex XSIAM Microsoft Teams Marketplace",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "1.5.52",
"status": "unaffected"
}
],
"lessThan": "1.5.52",
"status": "affected",
"version": "1.5.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:palo_alto_networks:cortex_xsoar_microsoft_teams_marketplace:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.5.52",
"versionStartIncluding": "1.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:palo_alto_networks:cortex_xsiam_microsoft_teams_marketplace:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.5.52",
"versionStartIncluding": "1.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "quinn"
}
],
"datePublic": "2026-04-08T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan\u003eAn improper verification of cryptographic signature vulnerability exists in Cortex XSOAR and Cortex XSIAM platforms during integration of Microsoft Teams that enables an unauthenticated user to access and modify protected resources.\u0026nbsp;\u003c/span\u003e"
}
],
"value": "An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR and Cortex XSIAM platforms during integration of Microsoft Teams that enables an unauthenticated user to access and modify protected resources."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"impacts": [
{
"capecId": "CAPEC-475",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-475 Signature Spoofing by Improper Validation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"exploitMaturity": "UNREPORTED",
"privilegesRequired": "NONE",
"providerUrgency": "RED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Red",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347 Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T07:15:03.667Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2026-0234"
}
],
"solutions": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ctable class=\"tbl\"\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eVersion\u003cbr\u003e\u003c/th\u003e\u003cth\u003eMinor Version\u003cbr\u003e\u003c/th\u003e\u003cth\u003eSuggested Solution\u003cbr\u003e\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\n \u003ctd\u003eCortex XSOAR Microsoft Teams Marketplace 1.5\u003cbr\u003e\u003c/td\u003e\n \u003ctd\u003e1.5.0 through 1.5.51\u003c/td\u003e\n \u003ctd\u003eUpgrade to 1.5.52 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003eCortex XSIAM Microsoft Teams Marketplace 1.5\u003cbr\u003e\u003c/td\u003e\n \u003ctd\u003e1.5.0 through 1.5.51\u003c/td\u003e\n \u003ctd\u003eUpgrade to 1.5.52 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e"
}
],
"value": "Version\nMinor Version\nSuggested Solution\n\n Cortex XSOAR Microsoft Teams Marketplace 1.5\n\n 1.5.0 through 1.5.51\n Upgrade to 1.5.52 or later.\n \n Cortex XSIAM Microsoft Teams Marketplace 1.5\n\n 1.5.0 through 1.5.51\n Upgrade to 1.5.52 or later."
}
],
"source": {
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2026-04-08T16:00:00.000Z",
"value": "Initial Publication"
}
],
"title": "Cortex XSOAR: Improper Verification of Cryptographic Signature in Microsoft Teams integration",
"workarounds": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "No known workarounds exist for this issue."
}
],
"value": "No known workarounds exist for this issue."
}
],
"x_affectedList": [
"Cortex XSOAR Microsoft Teams Marketplace 1.5.0",
"Cortex XSOAR Microsoft Teams Marketplace 1.5.1",
"Cortex XSOAR Microsoft Teams Marketplace 1.5.2",
"Cortex XSOAR Microsoft Teams Marketplace 1.5.3",
"Cortex XSOAR Microsoft Teams Marketplace 1.5.4",
"Cortex XSOAR Microsoft Teams Marketplace 1.5.5",
"Cortex XSOAR Microsoft Teams Marketplace 1.5.6",
"Cortex XSOAR Microsoft Teams Marketplace 1.5.7",
"Cortex XSOAR Microsoft Teams Marketplace 1.5.8",
"Cortex XSOAR Microsoft Teams Marketplace 1.5.9",
"Cortex XSOAR Microsoft Teams Marketplace 1.5.10",
"Cortex XSOAR Microsoft Teams Marketplace 1.5.11",
"Cortex XSOAR Microsoft Teams Marketplace 1.5.12",
"Cortex XSOAR Microsoft Teams Marketplace 1.5.13",
"Cortex XSOAR Microsoft Teams Marketplace 1.5.14",
"Cortex XSOAR Microsoft Teams Marketplace 1.5.15",
"Cortex XSOAR Microsoft Teams Marketplace 1.5.16",
"Cortex XSOAR Microsoft Teams Marketplace 1.5.17",
"Cortex XSOAR Microsoft Teams Marketplace 1.5.18",
"Cortex XSOAR Microsoft Teams Marketplace 1.5.19",
"Cortex XSOAR Microsoft Teams Marketplace 1.5.20",
"Cortex XSOAR Microsoft Teams Marketplace 1.5.21",
"Cortex XSOAR Microsoft Teams Marketplace 1.5.22",
"Cortex XSOAR Microsoft Teams Marketplace 1.5.23",
"Cortex XSOAR Microsoft Teams Marketplace 1.5.24",
"Cortex XSOAR Microsoft Teams Marketplace 1.5.25",
"Cortex XSOAR Microsoft Teams Marketplace 1.5.26",
"Cortex XSOAR Microsoft Teams Marketplace 1.5.27",
"Cortex XSOAR Microsoft Teams Marketplace 1.5.28",
"Cortex XSOAR Microsoft Teams Marketplace 1.5.29",
"Cortex XSOAR Microsoft Teams Marketplace 1.5.30",
"Cortex XSOAR Microsoft Teams Marketplace 1.5.31",
"Cortex XSOAR Microsoft Teams Marketplace 1.5.32",
"Cortex XSOAR Microsoft Teams Marketplace 1.5.33",
"Cortex XSOAR Microsoft Teams Marketplace 1.5.34",
"Cortex XSOAR Microsoft Teams Marketplace 1.5.35",
"Cortex XSOAR Microsoft Teams Marketplace 1.5.36",
"Cortex XSOAR Microsoft Teams Marketplace 1.5.37",
"Cortex XSOAR Microsoft Teams Marketplace 1.5.38",
"Cortex XSOAR Microsoft Teams Marketplace 1.5.39",
"Cortex XSOAR Microsoft Teams Marketplace 1.5.40",
"Cortex XSOAR Microsoft Teams Marketplace 1.5.41",
"Cortex XSOAR Microsoft Teams Marketplace 1.5.42",
"Cortex XSOAR Microsoft Teams Marketplace 1.5.43",
"Cortex XSOAR Microsoft Teams Marketplace 1.5.44",
"Cortex XSOAR Microsoft Teams Marketplace 1.5.45",
"Cortex XSOAR Microsoft Teams Marketplace 1.5.46",
"Cortex XSOAR Microsoft Teams Marketplace 1.5.47",
"Cortex XSOAR Microsoft Teams Marketplace 1.5.48",
"Cortex XSOAR Microsoft Teams Marketplace 1.5.49",
"Cortex XSOAR Microsoft Teams Marketplace 1.5.50",
"Cortex XSOAR Microsoft Teams Marketplace 1.5.51",
"Cortex XSIAM Microsoft Teams Marketplace 1.5.0",
"Cortex XSIAM Microsoft Teams Marketplace 1.5.1",
"Cortex XSIAM Microsoft Teams Marketplace 1.5.2",
"Cortex XSIAM Microsoft Teams Marketplace 1.5.3",
"Cortex XSIAM Microsoft Teams Marketplace 1.5.4",
"Cortex XSIAM Microsoft Teams Marketplace 1.5.5",
"Cortex XSIAM Microsoft Teams Marketplace 1.5.6",
"Cortex XSIAM Microsoft Teams Marketplace 1.5.7",
"Cortex XSIAM Microsoft Teams Marketplace 1.5.8",
"Cortex XSIAM Microsoft Teams Marketplace 1.5.9",
"Cortex XSIAM Microsoft Teams Marketplace 1.5.10",
"Cortex XSIAM Microsoft Teams Marketplace 1.5.11",
"Cortex XSIAM Microsoft Teams Marketplace 1.5.12",
"Cortex XSIAM Microsoft Teams Marketplace 1.5.13",
"Cortex XSIAM Microsoft Teams Marketplace 1.5.14",
"Cortex XSIAM Microsoft Teams Marketplace 1.5.15",
"Cortex XSIAM Microsoft Teams Marketplace 1.5.16",
"Cortex XSIAM Microsoft Teams Marketplace 1.5.17",
"Cortex XSIAM Microsoft Teams Marketplace 1.5.18",
"Cortex XSIAM Microsoft Teams Marketplace 1.5.19",
"Cortex XSIAM Microsoft Teams Marketplace 1.5.20",
"Cortex XSIAM Microsoft Teams Marketplace 1.5.21",
"Cortex XSIAM Microsoft Teams Marketplace 1.5.22",
"Cortex XSIAM Microsoft Teams Marketplace 1.5.23",
"Cortex XSIAM Microsoft Teams Marketplace 1.5.24",
"Cortex XSIAM Microsoft Teams Marketplace 1.5.25",
"Cortex XSIAM Microsoft Teams Marketplace 1.5.26",
"Cortex XSIAM Microsoft Teams Marketplace 1.5.27",
"Cortex XSIAM Microsoft Teams Marketplace 1.5.28",
"Cortex XSIAM Microsoft Teams Marketplace 1.5.29",
"Cortex XSIAM Microsoft Teams Marketplace 1.5.30",
"Cortex XSIAM Microsoft Teams Marketplace 1.5.31",
"Cortex XSIAM Microsoft Teams Marketplace 1.5.32",
"Cortex XSIAM Microsoft Teams Marketplace 1.5.33",
"Cortex XSIAM Microsoft Teams Marketplace 1.5.34",
"Cortex XSIAM Microsoft Teams Marketplace 1.5.35",
"Cortex XSIAM Microsoft Teams Marketplace 1.5.36",
"Cortex XSIAM Microsoft Teams Marketplace 1.5.37",
"Cortex XSIAM Microsoft Teams Marketplace 1.5.38",
"Cortex XSIAM Microsoft Teams Marketplace 1.5.39",
"Cortex XSIAM Microsoft Teams Marketplace 1.5.40",
"Cortex XSIAM Microsoft Teams Marketplace 1.5.41",
"Cortex XSIAM Microsoft Teams Marketplace 1.5.42",
"Cortex XSIAM Microsoft Teams Marketplace 1.5.43",
"Cortex XSIAM Microsoft Teams Marketplace 1.5.44",
"Cortex XSIAM Microsoft Teams Marketplace 1.5.45",
"Cortex XSIAM Microsoft Teams Marketplace 1.5.46",
"Cortex XSIAM Microsoft Teams Marketplace 1.5.47",
"Cortex XSIAM Microsoft Teams Marketplace 1.5.48",
"Cortex XSIAM Microsoft Teams Marketplace 1.5.49",
"Cortex XSIAM Microsoft Teams Marketplace 1.5.50",
"Cortex XSIAM Microsoft Teams Marketplace 1.5.51"
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2026-0234",
"datePublished": "2026-04-13T07:15:03.667Z",
"dateReserved": "2025-11-03T20:43:55.337Z",
"dateUpdated": "2026-04-14T03:55:44.286Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5292 (GCVE-0-2026-5292)
Vulnerability from cvelistv5
Published
2026-04-01 04:41
Modified
2026-04-02 03:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-125 - Out of bounds read
Summary
Out of bounds read in WebCodecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-5292",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-01T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T03:55:37.633Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "146.0.7680.178",
"status": "affected",
"version": "146.0.7680.178",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out of bounds read in WebCodecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out of bounds read",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T04:41:37.538Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_31.html"
},
{
"url": "https://issues.chromium.org/issues/492213293"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-5292",
"datePublished": "2026-04-01T04:41:37.538Z",
"dateReserved": "2026-03-31T20:07:16.395Z",
"dateUpdated": "2026-04-02T03:55:37.633Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-3538 (GCVE-0-2026-3538)
Vulnerability from cvelistv5
Published
2026-03-04 19:24
Modified
2026-03-11 15:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-472 - Integer overflow
Summary
Integer overflow in Skia in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Critical)
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-3538",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-05T04:55:56.175433Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-11T15:13:13.329Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "145.0.7632.159",
"status": "affected",
"version": "145.0.7632.159",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in Skia in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Critical)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-472",
"description": "Integer overflow",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-04T19:24:28.079Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop.html"
},
{
"url": "https://issues.chromium.org/issues/484983991"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-3538",
"datePublished": "2026-03-04T19:24:28.079Z",
"dateReserved": "2026-03-04T18:18:27.867Z",
"dateUpdated": "2026-03-11T15:13:13.329Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-3537 (GCVE-0-2026-3537)
Vulnerability from cvelistv5
Published
2026-03-04 19:24
Modified
2026-03-11 15:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Object lifecycle issue
Summary
Object lifecycle issue in PowerVR in Google Chrome on Android prior to 145.0.7632.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-3537",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-05T04:55:58.492008Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1091",
"description": "CWE-1091 Use of Object without Invoking Destructor Method",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-11T15:13:22.581Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "145.0.7632.159",
"status": "affected",
"version": "145.0.7632.159",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Object lifecycle issue in PowerVR in Google Chrome on Android prior to 145.0.7632.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Object lifecycle issue",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-04T19:24:27.757Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop.html"
},
{
"url": "https://issues.chromium.org/issues/474266014"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-3537",
"datePublished": "2026-03-04T19:24:27.757Z",
"dateReserved": "2026-03-04T18:18:27.478Z",
"dateUpdated": "2026-03-11T15:13:22.581Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-3909 (GCVE-0-2026-3909)
Vulnerability from cvelistv5
Published
2026-03-12 21:30
Modified
2026-03-24 21:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-787 - Out of bounds write
Summary
Out of bounds write in Skia in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-3909",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-13T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2026-03-13",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-3909"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-14T03:55:25.917Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-3909"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-03-13T00:00:00.000Z",
"value": "CVE-2026-3909 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "146.0.7680.75",
"status": "affected",
"version": "146.0.7680.75",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out of bounds write in Skia in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "Out of bounds write",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-24T21:17:08.100Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://issues.chromium.org/issues/491421267"
},
{
"url": "https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_13.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-3909",
"datePublished": "2026-03-12T21:30:51.265Z",
"dateReserved": "2026-03-11T00:54:06.406Z",
"dateUpdated": "2026-03-24T21:17:08.100Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-3545 (GCVE-0-2026-3545)
Vulnerability from cvelistv5
Published
2026-03-04 19:24
Modified
2026-03-05 14:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Insufficient data validation
Summary
Insufficient data validation in Navigation in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-3545",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-05T14:09:31.226480Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T14:09:34.126Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "145.0.7632.159",
"status": "affected",
"version": "145.0.7632.159",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insufficient data validation in Navigation in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insufficient data validation",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-04T19:24:30.797Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop.html"
},
{
"url": "https://issues.chromium.org/issues/487383169"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-3545",
"datePublished": "2026-03-04T19:24:30.797Z",
"dateReserved": "2026-03-04T18:18:30.352Z",
"dateUpdated": "2026-03-05T14:09:34.126Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5287 (GCVE-0-2026-5287)
Vulnerability from cvelistv5
Published
2026-04-01 04:41
Modified
2026-04-02 03:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-416 - Use after free
Summary
Use after free in PDF in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: High)
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-5287",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-01T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T03:55:53.354Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "146.0.7680.178",
"status": "affected",
"version": "146.0.7680.178",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use after free in PDF in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: High)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "Use after free",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T04:41:35.870Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_31.html"
},
{
"url": "https://issues.chromium.org/issues/494644471"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-5287",
"datePublished": "2026-04-01T04:41:35.870Z",
"dateReserved": "2026-03-31T20:07:14.862Z",
"dateUpdated": "2026-04-02T03:55:53.354Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5291 (GCVE-0-2026-5291)
Vulnerability from cvelistv5
Published
2026-04-01 04:41
Modified
2026-04-01 14:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Inappropriate implementation
Summary
Inappropriate implementation in WebGL in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-5291",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-01T13:48:55.707552Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T14:22:29.934Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "146.0.7680.178",
"status": "affected",
"version": "146.0.7680.178",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Inappropriate implementation in WebGL in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Inappropriate implementation",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T04:41:37.210Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_31.html"
},
{
"url": "https://issues.chromium.org/issues/490118036"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-5291",
"datePublished": "2026-04-01T04:41:37.210Z",
"dateReserved": "2026-03-31T20:07:16.085Z",
"dateUpdated": "2026-04-01T14:22:29.934Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-3544 (GCVE-0-2026-3544)
Vulnerability from cvelistv5
Published
2026-03-04 19:24
Modified
2026-03-05 14:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-122 - Heap buffer overflow
Summary
Heap buffer overflow in WebCodecs in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-3544",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-05T04:56:01.091366Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T14:03:27.537Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "145.0.7632.159",
"status": "affected",
"version": "145.0.7632.159",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Heap buffer overflow in WebCodecs in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap buffer overflow",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-04T19:24:30.470Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop.html"
},
{
"url": "https://issues.chromium.org/issues/485683110"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-3544",
"datePublished": "2026-03-04T19:24:30.470Z",
"dateReserved": "2026-03-04T18:18:30.060Z",
"dateUpdated": "2026-03-05T14:03:27.537Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-3536 (GCVE-0-2026-3536)
Vulnerability from cvelistv5
Published
2026-03-04 19:24
Modified
2026-03-11 15:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-472 - Integer overflow
Summary
Integer overflow in ANGLE in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Critical)
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-3536",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-05T04:55:55.102173Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-11T15:13:36.459Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "145.0.7632.159",
"status": "affected",
"version": "145.0.7632.159",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in ANGLE in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Critical)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-472",
"description": "Integer overflow",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-04T19:24:27.351Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop.html"
},
{
"url": "https://issues.chromium.org/issues/485622239"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-3536",
"datePublished": "2026-03-04T19:24:27.351Z",
"dateReserved": "2026-03-04T18:18:27.120Z",
"dateUpdated": "2026-03-11T15:13:36.459Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-0233 (GCVE-0-2026-0233)
Vulnerability from cvelistv5
Published
2026-04-13 07:17
Modified
2026-04-14 13:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-295 - Improper Certificate Validation
Summary
A certificate validation vulnerability in Palo Alto Networks Autonomous Digital Experience Manager on Windows allows an unauthenticated attacker with adjacent network access to execute arbitrary code with NT AUTHORITY\SYSTEM privileges.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palo Alto Networks | Autonomous Digital Experience Manager |
Version: 5.10.0 < 5.10.14 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-0233",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-14T13:49:27.633758Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T13:49:34.873Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Autonomous Digital Experience Manager",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "5.10.14",
"status": "unaffected"
}
],
"lessThan": "5.10.14",
"status": "affected",
"version": "5.10.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "No special configuration is required to be affected by this issue."
}
],
"value": "No special configuration is required to be affected by this issue."
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:palo_alto_networks:autonomous_digital_experience_manager:*:*:*:*:*:Windows:*:*",
"versionEndExcluding": "5.10.14",
"versionStartIncluding": "5.10.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "David Fischer with OBI"
}
],
"datePublic": "2026-04-08T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A certificate validation vulnerability in Palo Alto Networks Autonomous Digital Experience Manager on Windows allows an unauthenticated attacker with adjacent network access to execute arbitrary code with NT AUTHORITY\\SYSTEM privileges."
}
],
"value": "A certificate validation vulnerability in Palo Alto Networks Autonomous Digital Experience Manager on Windows allows an unauthenticated attacker with adjacent network access to execute arbitrary code with NT AUTHORITY\\SYSTEM privileges."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"impacts": [
{
"capecId": "CAPEC-187",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-187 Malicious Automated Software Update"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "PHYSICAL",
"baseScore": 2,
"baseSeverity": "LOW",
"exploitMaturity": "UNREPORTED",
"privilegesRequired": "NONE",
"providerUrgency": "GREEN",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Green",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295: Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T07:17:34.585Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2026-0233"
}
],
"solutions": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ctable\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eVersion\u003cbr\u003e\u003c/th\u003e\u003cth\u003eMinor Version\u003cbr\u003e\u003c/th\u003e\u003cth\u003eSuggested Solution\u003cbr\u003e\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\n \u003ctd\u003eAutonomous Digital Experience Manager 5.10 on Windows\u003cbr\u003e\u003c/td\u003e\n \u003ctd\u003e5.10.0 through 5.10.14\u003c/td\u003e\n \u003ctd\u003eUpgrade to 5.10.14 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e"
}
],
"value": "Version\nMinor Version\nSuggested Solution\n\n Autonomous Digital Experience Manager 5.10 on Windows\n\n 5.10.0 through 5.10.14\n Upgrade to 5.10.14 or later."
}
],
"source": {
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2026-04-08T16:00:00.000Z",
"value": "Initial publication."
},
{
"lang": "en",
"time": "2026-04-08T18:05:00.000Z",
"value": "Corrected the version ranges."
}
],
"title": "Autonomous Digital Experience Manager: Improper validation of ADEM certificate",
"workarounds": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "No known workarounds exist for this issue."
}
],
"value": "No known workarounds exist for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2026-0233",
"datePublished": "2026-04-13T07:17:34.585Z",
"dateReserved": "2025-11-03T20:43:54.324Z",
"dateUpdated": "2026-04-14T13:49:34.873Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-3062 (GCVE-0-2026-3062)
Vulnerability from cvelistv5
Published
2026-02-23 22:17
Modified
2026-02-26 14:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Out of bounds read and write
Summary
Out of bounds read and write in Tint in Google Chrome on Mac prior to 145.0.7632.116 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-3062",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-25T04:55:31.844397Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T14:44:10.668Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "145.0.7632.116",
"status": "affected",
"version": "145.0.7632.116",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out of bounds read and write in Tint in Google Chrome on Mac prior to 145.0.7632.116 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out of bounds read and write",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-23T22:17:18.843Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop_23.html"
},
{
"url": "https://issues.chromium.org/issues/483751167"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-3062",
"datePublished": "2026-02-23T22:17:18.843Z",
"dateReserved": "2026-02-23T18:41:53.536Z",
"dateUpdated": "2026-02-26T14:44:10.668Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…