Trust Protection Foundation: Sensitive Information Disclosure Vulnerability_CVE-2026-0240

4.5 / 10

MEDIUM

CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber

Description

An information disclosure vulnerability in Trust Protection Foundation enables an authenticated attacker to obtain sensitive information from the server's vault. Successful exploitation of this issue allows the attacker to impersonate any user within the environment and arbitrarily modify configuration settings.

Basic Information

ID CVE-2026-0240

Source palo_alto

Published May 13, 2026 at 18:54

Modified May 13, 2026 at 19:30

Affected Product

Vendor Palo Alto Networks

Product Trust Protection Foundation

Version 25.3.0

Affected Versions Palo Alto Networks Trust Protection Foundation 25.3.0
Palo Alto Networks Trust Protection Foundation 25.1.0
Palo Alto Networks Trust Protection Foundation 24.3.0
Palo Alto Networks Trust Protection Foundation 24.1.0

CWE Classification

CWE-497

References

security.paloaltonetworks.com /CVE-2026-0240

{
    "lastseen": "",
    "description": "An information disclosure vulnerability in Trust Protection Foundation enables an authenticated attacker to obtain sensitive information from the server's vault. Successful exploitation of this issue allows the attacker to impersonate any user within the environment and arbitrarily modify configuration settings.",
    "published": "2026-05-13T18:54:07.294Z",
    "modified": "2026-05-13T19:30:36.864Z",
    "type": "cve",
    "title": "Trust Protection Foundation: Sensitive Information Disclosure Vulnerability",
    "source": "palo_alto",
    "references": "https://security.paloaltonetworks.com/CVE-2026-0240",
    "id": "CVE-2026-0240",
    "bulletinFamily": "",
    "cwe": [
        "CWE-497"
    ],
    "cvelist": null,
    "sourceData": "Palo Alto Networks Trust Protection Foundation 25.3.0\nPalo Alto Networks Trust Protection Foundation 25.1.0\nPalo Alto Networks Trust Protection Foundation 24.3.0\nPalo Alto Networks Trust Protection Foundation 24.1.0",
    "sourceHref": "",
    "cvss": {
        "score": 4.5,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Trust Protection Foundation",
    "version": "25.3.0",
    "vendor": "Palo Alto Networks",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}