Cortex XSOAR: Improper Validation of Credentials in CommvaultSecurityIQ integration

8.1 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Red

Description

An improper validation of credentials vulnerability in the CommvaultSecurityIQ integration for Cortex XSOAR and Cortex XSIAM allows an unauthenticated attacker to access and modify protected resources.

Basic Information

ID CVE-2026-0274

Source palo_alto

Published Jun 10, 2026 at 21:02

Affected Product

Vendor Palo Alto Networks

Product Cortex XSIAM CommvaultSecurityIQ Marketplace

Version 1.1.0

Affected Versions Palo Alto Networks Cortex XSIAM CommvaultSecurityIQ Marketplace 1.1.0
Palo Alto Networks Cortex XSOAR CommvaultSecurityIQ Marketplace 1.1.0

CWE Classification

CWE-1390

References

security.paloaltonetworks.com /CVE-2026-0274

{
    "lastseen": "",
    "description": "An improper validation of credentials vulnerability in the CommvaultSecurityIQ integration for Cortex XSOAR and Cortex XSIAM allows an unauthenticated attacker to access and modify protected resources.",
    "published": "2026-06-10T21:02:26.497Z",
    "modified": "2026-06-10T21:02:26.497Z",
    "type": "cve",
    "title": "Cortex XSOAR: Improper Validation of Credentials in CommvaultSecurityIQ integration",
    "source": "palo_alto",
    "references": "https://security.paloaltonetworks.com/CVE-2026-0274",
    "id": "CVE-2026-0274",
    "bulletinFamily": "",
    "cwe": [
        "CWE-1390"
    ],
    "cvelist": null,
    "sourceData": "Palo Alto Networks Cortex XSIAM CommvaultSecurityIQ Marketplace 1.1.0\nPalo Alto Networks Cortex XSOAR CommvaultSecurityIQ Marketplace 1.1.0",
    "sourceHref": "",
    "cvss": {
        "score": 8.1,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Red",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Cortex XSIAM CommvaultSecurityIQ Marketplace",
    "version": "1.1.0",
    "vendor": "Palo Alto Networks",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Cortex XSOAR: Improper Validation of Credentials in CommvaultSecurityIQ integration_CVE-2026-0274