Cortex XDR Agent: Local Administrator can disable the agent on...

4 / 10

MEDIUM

CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/AU:Y/R:U/V:D/RE:M/U:Amber

Description

A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows allows a local Windows administrator to disable the agent. This issue may be leveraged by malware to perform malicious activity without detection.

Basic Information

ID CVE-2026-0232

Source palo_alto

Published Apr 13, 2026 at 07:22

Affected Product

Vendor Palo Alto Networks

Product Cortex XDR Agent

Version 9.1.0

Affected Versions Palo Alto Networks Cortex XDR Agent 9.0
Palo Alto Networks Cortex XDR Agent 8.9
Palo Alto Networks Cortex XDR Agent 8.7-CE
Palo Alto Networks Cortex XDR Agent 8.3-CE
Palo Alto Networks Cortex XDR Agent 7.9-CE

CWE Classification

CWE-15

References

security.paloaltonetworks.com /CVE-2026-0232

{
    "lastseen": "",
    "description": "A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows allows a local Windows administrator to disable the agent.\u00a0This issue may be leveraged by malware to perform malicious activity without detection.",
    "published": "2026-04-13T07:22:48.325Z",
    "modified": "2026-04-13T07:22:48.325Z",
    "type": "cve",
    "title": "Cortex XDR Agent: Local Administrator can disable the agent on Windows",
    "source": "palo_alto",
    "references": "https://security.paloaltonetworks.com/CVE-2026-0232",
    "id": "CVE-2026-0232",
    "bulletinFamily": "",
    "cwe": [
        "CWE-15"
    ],
    "cvelist": null,
    "sourceData": "Palo Alto Networks Cortex XDR Agent 9.0\nPalo Alto Networks Cortex XDR Agent 8.9\nPalo Alto Networks Cortex XDR Agent 8.7-CE\nPalo Alto Networks Cortex XDR Agent 8.3-CE\nPalo Alto Networks Cortex XDR Agent 7.9-CE",
    "sourceHref": "",
    "cvss": {
        "score": 4,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/AU:Y/R:U/V:D/RE:M/U:Amber",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Cortex XDR Agent",
    "version": "9.1.0",
    "vendor": "Palo Alto Networks",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Cortex XDR Agent: Local Administrator can disable the agent on Windows_CVE-2026-0232