Date: 2026/04/28
Post Date: 2026/04/28

【Vulnerability Alert】Critical Security Vulnerability in Palo Alto Cortex XSIAM / XSOAR (CVE-2026-0234)

  • Subject: 【Vulnerability Alert】Critical Security Vulnerability in Palo Alto Cortex XSIAM / XSOAR (CVE-2026-0234)


  • Description:
    • Forwarded from TWCERT/CC Security Advisory TWCERTCC-200-202604-00000010.
    • Palo Alto Networks recently released a critical security advisory (CVE-2026-0234, CVSS: 8.8). An improper cryptographic signature vulnerability exists when the Cortex XSOAR and Cortex XSIAM platforms integrate with Microsoft Teams. This allows unauthenticated attackers to access or tamper with protected resources.
  • Affected Platforms:
    • Cortex XSIAM Microsoft Teams Marketplace versions prior to 1.5.52
    • Cortex XSOAR Microsoft Teams Marketplace versions prior to 1.5.52
  • Recommended Actions:
    • Please update to the following versions:
    • Cortex XSIAM Microsoft Teams Marketplace version 1.5.52 and later
    • Cortex XSOAR Microsoft Teams Marketplace version 1.5.52 and later

* References:

  1. https://www.twcert.org.tw/tw/cp-169-10830-9aaae-1.html

Computer and Communication Center
Network Systems Division