PT-2026-31611 · Palo Alto Networks+1 · Cortex Xsoar+2
Quinn
·
Published
2026-04-08
·
Updated
2026-04-25
·
CVE-2026-0234
CVSS v2.0
7.6
High
| Vector | AV:N/AC:H/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Palo Alto Cortex XSOAR and Cortex XSIAM versions prior to 1.5.52
Description
A flaw in the Microsoft Teams integration for Cortex XSOAR and Cortex XSIAM allows attackers to access and modify sensitive data without authentication. The integration improperly inspects digital passports, enabling attackers to forge signatures and bypass security checks. This does not require a valid username, password, or network privileges.
Recommendations
Update to version 1.5.52 or later.
Fix
Improper Verification of Cryptographic Signature
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cortex Xsiam
Cortex Xsoar
Teams