{"api_version":"1","generated_at":"2026-04-21T10:24:18+00:00","cve":"CVE-2026-0234","urls":{"html":"https://cve.report/CVE-2026-0234","api":"https://cve.report/api/cve/CVE-2026-0234.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-0234","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-0234"},"summary":{"title":"Cortex XSOAR: Improper Verification of Cryptographic Signature in Microsoft Teams integration","description":"An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR and Cortex XSIAM platforms during integration of Microsoft Teams that enables an unauthenticated user to access and modify protected resources.","state":"PUBLISHED","assigner":"palo_alto","published_at":"2026-04-13 08:16:22","updated_at":"2026-04-13 15:01:43"},"problem_types":["CWE-347","CWE-347 CWE-347 Improper Verification of Cryptographic Signature"],"metrics":[{"version":"4.0","source":"psirt@paloaltonetworks.com","type":"Secondary","score":"7.2","severity":"HIGH","vector":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Red","data":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Red","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"UNREPORTED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NO","Recovery":"USER","valueDensity":"DIFFUSE","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"RED"}},{"version":"4.0","source":"CNA","type":"CVSS","score":"7.2","severity":"HIGH","vector":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Red","data":{"Automatable":"NO","Recovery":"USER","Safety":"NOT_DEFINED","attackComplexity":"HIGH","attackRequirements":"PRESENT","attackVector":"NETWORK","baseScore":7.2,"baseSeverity":"HIGH","exploitMaturity":"UNREPORTED","privilegesRequired":"NONE","providerUrgency":"RED","subAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","userInteraction":"NONE","valueDensity":"DIFFUSE","vectorString":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Red","version":"4.0","vulnAvailabilityImpact":"HIGH","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnerabilityResponseEffort":"MODERATE"}}],"references":[{"url":"https://security.paloaltonetworks.com/CVE-2026-0234","name":"https://security.paloaltonetworks.com/CVE-2026-0234","refsource":"psirt@paloaltonetworks.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-0234","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-0234","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Palo Alto Networks","product":"Cortex XSOAR Microsoft Teams Marketplace","version":"affected 1.5.0 1.5.52 custom","platforms":[]},{"source":"CNA","vendor":"Palo Alto Networks","product":"Cortex XSIAM Microsoft Teams Marketplace","version":"affected 1.5.0 1.5.52 custom","platforms":[]}],"timeline":[{"source":"CNA","time":"2026-04-08T16:00:00.000Z","lang":"en","value":"Initial Publication"}],"solutions":[{"source":"CNA","title":"","value":"Version\nMinor Version\nSuggested Solution\n\n Cortex XSOAR Microsoft Teams Marketplace 1.5\n\n 1.5.0 through 1.5.51\n Upgrade to 1.5.52 or later.\n \n Cortex XSIAM Microsoft Teams Marketplace 1.5\n\n 1.5.0 through 1.5.51\n Upgrade to 1.5.52 or later.","time":"","lang":"eng"}],"workarounds":[{"source":"CNA","title":"","value":"No known workarounds exist for this issue.","time":"","lang":"eng"}],"exploits":[{"source":"CNA","title":"","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","time":"","lang":"en"}],"credits":[{"source":"CNA","value":"quinn","lang":"en"}],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2026","cve_id":"234","cve":"CVE-2026-0234","epss":"0.000270000","percentile":"0.073670000","score_date":"2026-04-15","updated_at":"2026-04-16 00:13:56"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2026-0234","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","timestamp":"2026-04-13T13:41:42.790884Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2026-04-13T13:42:44.499Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"defaultStatus":"unaffected","product":"Cortex XSOAR Microsoft Teams Marketplace","vendor":"Palo Alto Networks","versions":[{"changes":[{"at":"1.5.52","status":"unaffected"}],"lessThan":"1.5.52","status":"affected","version":"1.5.0","versionType":"custom"}]},{"defaultStatus":"unaffected","product":"Cortex XSIAM Microsoft Teams Marketplace","vendor":"Palo Alto Networks","versions":[{"changes":[{"at":"1.5.52","status":"unaffected"}],"lessThan":"1.5.52","status":"affected","version":"1.5.0","versionType":"custom"}]}],"cpeApplicability":[{"nodes":[{"cpeMatch":[{"criteria":"cpe:2.3:a:palo_alto_networks:cortex_xsoar_microsoft_teams_marketplace:*:*:*:*:*:*:*:*","versionEndExcluding":"1.5.52","versionStartIncluding":"1.5.0","vulnerable":true}],"negate":false,"operator":"OR"},{"cpeMatch":[{"criteria":"cpe:2.3:a:palo_alto_networks:cortex_xsiam_microsoft_teams_marketplace:*:*:*:*:*:*:*:*","versionEndExcluding":"1.5.52","versionStartIncluding":"1.5.0","vulnerable":true}],"negate":false,"operator":"OR"}],"operator":"OR"}],"credits":[{"lang":"en","type":"finder","value":"quinn"}],"datePublic":"2026-04-08T16:00:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR and Cortex XSIAM platforms during integration of Microsoft Teams that enables an unauthenticated user to access and modify protected resources. "}],"value":"An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR and Cortex XSIAM platforms during integration of Microsoft Teams that enables an unauthenticated user to access and modify protected resources."}],"exploits":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue."}],"value":"Palo Alto Networks is not aware of any malicious exploitation of this issue."}],"impacts":[{"capecId":"CAPEC-475","descriptions":[{"lang":"en","value":"CAPEC-475 Signature Spoofing by Improper Validation"}]}],"metrics":[{"cvssV4_0":{"Automatable":"NO","Recovery":"USER","Safety":"NOT_DEFINED","attackComplexity":"HIGH","attackRequirements":"PRESENT","attackVector":"NETWORK","baseScore":7.2,"baseSeverity":"HIGH","exploitMaturity":"UNREPORTED","privilegesRequired":"NONE","providerUrgency":"RED","subAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","userInteraction":"NONE","valueDensity":"DIFFUSE","vectorString":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Red","version":"4.0","vulnAvailabilityImpact":"HIGH","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnerabilityResponseEffort":"MODERATE"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-347","description":"CWE-347 Improper Verification of Cryptographic Signature","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-04-13T07:15:03.667Z","orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto"},"references":[{"tags":["vendor-advisory"],"url":"https://security.paloaltonetworks.com/CVE-2026-0234"}],"solutions":[{"lang":"eng","supportingMedia":[{"base64":false,"type":"text/html","value":"\n \n \n \n \n \n \n \n
Version
Minor Version
Suggested Solution
Cortex XSOAR Microsoft Teams Marketplace 1.5
1.5.0 through 1.5.51Upgrade to 1.5.52 or later.
Cortex XSIAM Microsoft Teams Marketplace 1.5
1.5.0 through 1.5.51Upgrade to 1.5.52 or later.
"}],"value":"Version\nMinor Version\nSuggested Solution\n\n Cortex XSOAR Microsoft Teams Marketplace 1.5\n\n 1.5.0 through 1.5.51\n Upgrade to 1.5.52 or later.\n \n Cortex XSIAM Microsoft Teams Marketplace 1.5\n\n 1.5.0 through 1.5.51\n Upgrade to 1.5.52 or later."}],"source":{"discovery":"EXTERNAL"},"timeline":[{"lang":"en","time":"2026-04-08T16:00:00.000Z","value":"Initial Publication"}],"title":"Cortex XSOAR: Improper Verification of Cryptographic Signature in Microsoft Teams integration","workarounds":[{"lang":"eng","supportingMedia":[{"base64":false,"type":"text/html","value":"No known workarounds exist for this issue."}],"value":"No known workarounds exist for this issue."}],"x_affectedList":["Cortex XSOAR Microsoft Teams Marketplace 1.5.0","Cortex XSOAR Microsoft Teams Marketplace 1.5.1","Cortex XSOAR Microsoft Teams Marketplace 1.5.2","Cortex XSOAR Microsoft Teams Marketplace 1.5.3","Cortex XSOAR Microsoft Teams Marketplace 1.5.4","Cortex XSOAR Microsoft Teams Marketplace 1.5.5","Cortex XSOAR Microsoft Teams Marketplace 1.5.6","Cortex XSOAR Microsoft Teams Marketplace 1.5.7","Cortex XSOAR Microsoft Teams Marketplace 1.5.8","Cortex XSOAR Microsoft Teams Marketplace 1.5.9","Cortex XSOAR Microsoft Teams Marketplace 1.5.10","Cortex XSOAR Microsoft Teams Marketplace 1.5.11","Cortex XSOAR Microsoft Teams Marketplace 1.5.12","Cortex XSOAR Microsoft Teams Marketplace 1.5.13","Cortex XSOAR Microsoft Teams Marketplace 1.5.14","Cortex XSOAR Microsoft Teams Marketplace 1.5.15","Cortex XSOAR Microsoft Teams Marketplace 1.5.16","Cortex XSOAR Microsoft Teams Marketplace 1.5.17","Cortex XSOAR Microsoft Teams Marketplace 1.5.18","Cortex XSOAR Microsoft Teams Marketplace 1.5.19","Cortex XSOAR Microsoft Teams Marketplace 1.5.20","Cortex XSOAR Microsoft Teams Marketplace 1.5.21","Cortex XSOAR Microsoft Teams Marketplace 1.5.22","Cortex XSOAR Microsoft Teams Marketplace 1.5.23","Cortex XSOAR Microsoft Teams Marketplace 1.5.24","Cortex XSOAR Microsoft Teams Marketplace 1.5.25","Cortex XSOAR Microsoft Teams Marketplace 1.5.26","Cortex XSOAR Microsoft Teams Marketplace 1.5.27","Cortex XSOAR Microsoft Teams Marketplace 1.5.28","Cortex XSOAR Microsoft Teams Marketplace 1.5.29","Cortex XSOAR Microsoft Teams Marketplace 1.5.30","Cortex XSOAR Microsoft Teams Marketplace 1.5.31","Cortex XSOAR Microsoft Teams Marketplace 1.5.32","Cortex XSOAR Microsoft Teams Marketplace 1.5.33","Cortex XSOAR Microsoft Teams Marketplace 1.5.34","Cortex XSOAR Microsoft Teams Marketplace 1.5.35","Cortex XSOAR Microsoft Teams Marketplace 1.5.36","Cortex XSOAR Microsoft Teams Marketplace 1.5.37","Cortex XSOAR Microsoft Teams Marketplace 1.5.38","Cortex XSOAR Microsoft Teams Marketplace 1.5.39","Cortex XSOAR Microsoft Teams Marketplace 1.5.40","Cortex XSOAR Microsoft Teams Marketplace 1.5.41","Cortex XSOAR Microsoft Teams Marketplace 1.5.42","Cortex XSOAR Microsoft Teams Marketplace 1.5.43","Cortex XSOAR Microsoft Teams Marketplace 1.5.44","Cortex XSOAR Microsoft Teams Marketplace 1.5.45","Cortex XSOAR Microsoft Teams Marketplace 1.5.46","Cortex XSOAR Microsoft Teams Marketplace 1.5.47","Cortex XSOAR Microsoft Teams Marketplace 1.5.48","Cortex XSOAR Microsoft Teams Marketplace 1.5.49","Cortex XSOAR Microsoft Teams Marketplace 1.5.50","Cortex XSOAR Microsoft Teams Marketplace 1.5.51","Cortex XSIAM Microsoft Teams Marketplace 1.5.0","Cortex XSIAM Microsoft Teams Marketplace 1.5.1","Cortex XSIAM Microsoft Teams Marketplace 1.5.2","Cortex XSIAM Microsoft Teams Marketplace 1.5.3","Cortex XSIAM Microsoft Teams Marketplace 1.5.4","Cortex XSIAM Microsoft Teams Marketplace 1.5.5","Cortex XSIAM Microsoft Teams Marketplace 1.5.6","Cortex XSIAM Microsoft Teams Marketplace 1.5.7","Cortex XSIAM Microsoft Teams Marketplace 1.5.8","Cortex XSIAM Microsoft Teams Marketplace 1.5.9","Cortex XSIAM Microsoft Teams Marketplace 1.5.10","Cortex XSIAM Microsoft Teams Marketplace 1.5.11","Cortex XSIAM Microsoft Teams Marketplace 1.5.12","Cortex XSIAM Microsoft Teams Marketplace 1.5.13","Cortex XSIAM Microsoft Teams Marketplace 1.5.14","Cortex XSIAM Microsoft Teams Marketplace 1.5.15","Cortex XSIAM Microsoft Teams Marketplace 1.5.16","Cortex XSIAM Microsoft Teams Marketplace 1.5.17","Cortex XSIAM Microsoft Teams Marketplace 1.5.18","Cortex XSIAM Microsoft Teams Marketplace 1.5.19","Cortex XSIAM Microsoft Teams Marketplace 1.5.20","Cortex XSIAM Microsoft Teams Marketplace 1.5.21","Cortex XSIAM Microsoft Teams Marketplace 1.5.22","Cortex XSIAM Microsoft Teams Marketplace 1.5.23","Cortex XSIAM Microsoft Teams Marketplace 1.5.24","Cortex XSIAM Microsoft Teams Marketplace 1.5.25","Cortex XSIAM Microsoft Teams Marketplace 1.5.26","Cortex XSIAM Microsoft Teams Marketplace 1.5.27","Cortex XSIAM Microsoft Teams Marketplace 1.5.28","Cortex XSIAM Microsoft Teams Marketplace 1.5.29","Cortex XSIAM Microsoft Teams Marketplace 1.5.30","Cortex XSIAM Microsoft Teams Marketplace 1.5.31","Cortex XSIAM Microsoft Teams Marketplace 1.5.32","Cortex XSIAM Microsoft Teams Marketplace 1.5.33","Cortex XSIAM Microsoft Teams Marketplace 1.5.34","Cortex XSIAM Microsoft Teams Marketplace 1.5.35","Cortex XSIAM Microsoft Teams Marketplace 1.5.36","Cortex XSIAM Microsoft Teams Marketplace 1.5.37","Cortex XSIAM Microsoft Teams Marketplace 1.5.38","Cortex XSIAM Microsoft Teams Marketplace 1.5.39","Cortex XSIAM Microsoft Teams Marketplace 1.5.40","Cortex XSIAM Microsoft Teams Marketplace 1.5.41","Cortex XSIAM Microsoft Teams Marketplace 1.5.42","Cortex XSIAM Microsoft Teams Marketplace 1.5.43","Cortex XSIAM Microsoft Teams Marketplace 1.5.44","Cortex XSIAM Microsoft Teams Marketplace 1.5.45","Cortex XSIAM Microsoft Teams Marketplace 1.5.46","Cortex XSIAM Microsoft Teams Marketplace 1.5.47","Cortex XSIAM Microsoft Teams Marketplace 1.5.48","Cortex XSIAM Microsoft Teams Marketplace 1.5.49","Cortex XSIAM Microsoft Teams Marketplace 1.5.50","Cortex XSIAM Microsoft Teams Marketplace 1.5.51"],"x_generator":{"engine":"Vulnogram 0.1.0-dev"}}},"cveMetadata":{"assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","cveId":"CVE-2026-0234","datePublished":"2026-04-13T07:15:03.667Z","dateReserved":"2025-11-03T20:43:55.337Z","dateUpdated":"2026-04-13T13:42:44.499Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-04-13 08:16:22","lastModifiedDate":"2026-04-13 15:01:43","problem_types":["CWE-347","CWE-347 CWE-347 Improper Verification of Cryptographic Signature"],"metrics":{"cvssMetricV40":[{"source":"psirt@paloaltonetworks.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Red","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"UNREPORTED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NO","Recovery":"USER","valueDensity":"DIFFUSE","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"RED"}}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"234","Ordinal":"1","Title":"Cortex XSOAR: Improper Verification of Cryptographic Signature i","CVE":"CVE-2026-0234","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"234","Ordinal":"1","NoteData":"An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR and Cortex XSIAM platforms during integration of Microsoft Teams that enables an unauthenticated user to access and modify protected resources.","Type":"Description","Title":"Cortex XSOAR: Improper Verification of Cryptographic Signature i"}]}}}