Cortex XSOAR: Improper Verification of Cryptographic Signature in Microsoft Teams...

7.2 / 10

HIGH

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Red

Description

An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR and Cortex XSIAM platforms during integration of Microsoft Teams that enables an unauthenticated user to access and modify protected resources.

Basic Information

ID CVE-2026-0234

Source palo_alto

Published Apr 13, 2026 at 07:15

Affected Product

Vendor Palo Alto Networks

Product Cortex XSOAR Microsoft Teams Marketplace

Version 1.5.0

Affected Versions Palo Alto Networks Cortex XSOAR Microsoft Teams Marketplace 1.5.0
Palo Alto Networks Cortex XSIAM Microsoft Teams Marketplace 1.5.0

CWE Classification

CWE-347

References

security.paloaltonetworks.com /CVE-2026-0234

{
    "lastseen": "",
    "description": "An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR and Cortex XSIAM platforms during integration of Microsoft Teams that enables an unauthenticated user to access and modify protected resources.",
    "published": "2026-04-13T07:15:03.667Z",
    "modified": "2026-04-13T07:15:03.667Z",
    "type": "cve",
    "title": "Cortex XSOAR: Improper Verification of Cryptographic Signature in Microsoft Teams integration",
    "source": "palo_alto",
    "references": "https://security.paloaltonetworks.com/CVE-2026-0234",
    "id": "CVE-2026-0234",
    "bulletinFamily": "",
    "cwe": [
        "CWE-347"
    ],
    "cvelist": null,
    "sourceData": "Palo Alto Networks Cortex XSOAR Microsoft Teams Marketplace 1.5.0\nPalo Alto Networks Cortex XSIAM Microsoft Teams Marketplace 1.5.0",
    "sourceHref": "",
    "cvss": {
        "score": 7.2,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Red",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Cortex XSOAR Microsoft Teams Marketplace",
    "version": "1.5.0",
    "vendor": "Palo Alto Networks",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Cortex XSOAR: Improper Verification of Cryptographic Signature in Microsoft Teams integration_CVE-2026-0234