【Vulnerability Alert】Critical Security Vulnerability in Palo Alto Cortex XSIAM / XSOAR (CVE-2026-0234)

• Subject: 【Vulnerability Alert】Critical Security Vulnerability in Palo Alto Cortex XSIAM / XSOAR (CVE-2026-0234)

• Description:
  • Forwarded from TWCERT/CC Security Advisory TWCERTCC-200-202604-00000010.
  • Palo Alto Networks recently released a critical security advisory (CVE-2026-0234, CVSS: 8.8). An improper cryptographic signature vulnerability exists when the Cortex XSOAR and Cortex XSIAM platforms integrate with Microsoft Teams. This allows unauthenticated attackers to access or tamper with protected resources.
• Affected Platforms:
  • Cortex XSIAM Microsoft Teams Marketplace versions prior to 1.5.52
  • Cortex XSOAR Microsoft Teams Marketplace versions prior to 1.5.52
• Recommended Actions:
  • Please update to the following versions:
  • Cortex XSIAM Microsoft Teams Marketplace version 1.5.52 and later
  • Cortex XSOAR Microsoft Teams Marketplace version 1.5.52 and later

* References:

1. https://www.twcert.org.tw/tw/cp-169-10830-9aaae-1.html

Computer and Communication Center
Network Systems Division