{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-0234", "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "state": "PUBLISHED", "assignerShortName": "palo_alto", "dateReserved": "2025-11-03T20:43:55.337Z", "datePublished": "2026-04-13T07:15:03.667Z", "dateUpdated": "2026-04-13T07:15:03.667Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "shortName": "palo_alto", "dateUpdated": "2026-04-13T07:15:03.667Z"}, "title": "Cortex XSOAR: Improper Verification of Cryptographic Signature in Microsoft Teams integration", "datePublic": "2026-04-08T16:00:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-347", "description": "CWE-347 Improper Verification of Cryptographic Signature", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-475", "descriptions": [{"lang": "en", "value": "CAPEC-475 Signature Spoofing by Improper Validation"}]}], "affected": [{"vendor": "Palo Alto Networks", "product": "Cortex XSOAR Microsoft Teams Marketplace", "versions": [{"status": "affected", "version": "1.5.0", "lessThan": "1.5.52", "changes": [{"at": "1.5.52", "status": "unaffected"}], "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Palo Alto Networks", "product": "Cortex XSIAM Microsoft Teams Marketplace", "versions": [{"status": "affected", "version": "1.5.0", "lessThan": "1.5.52", "changes": [{"at": "1.5.52", "status": "unaffected"}], "versionType": "custom"}], "defaultStatus": "unaffected"}], "cpeApplicability": [{"operator": "OR", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:palo_alto_networks:cortex_xsoar_microsoft_teams_marketplace:*:*:*:*:*:*:*:*", "versionStartIncluding": "1.5.0", "versionEndExcluding": "1.5.52"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:palo_alto_networks:cortex_xsiam_microsoft_teams_marketplace:*:*:*:*:*:*:*:*", "versionStartIncluding": "1.5.0", "versionEndExcluding": "1.5.52"}]}]}], "descriptions": [{"lang": "en", "value": "An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR and Cortex XSIAM platforms during integration of Microsoft Teams that enables an unauthenticated user to access and modify protected resources.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<span>An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR and Cortex XSIAM platforms during integration of Microsoft Teams that enables an unauthenticated user to access and modify protected resources.&nbsp;</span>"}]}], "references": [{"url": "https://security.paloaltonetworks.com/CVE-2026-0234", "tags": ["vendor-advisory"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subAvailabilityImpact": "NONE", "exploitMaturity": "UNREPORTED", "Safety": "NOT_DEFINED", "Automatable": "NO", "Recovery": "USER", "valueDensity": "DIFFUSE", "vulnerabilityResponseEffort": "MODERATE", "providerUrgency": "RED", "version": "4.0", "baseSeverity": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Red"}}], "workarounds": [{"lang": "eng", "value": "No known workarounds exist for this issue.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "No known workarounds exist for this issue."}]}], "solutions": [{"lang": "eng", "value": "Version\nMinor Version\nSuggested Solution\n\n Cortex XSOAR Microsoft Teams Marketplace 1.5\n\n 1.5.0 through 1.5.51\n Upgrade to 1.5.52 or later.\n \n Cortex XSIAM Microsoft Teams Marketplace 1.5\n\n 1.5.0 through 1.5.51\n Upgrade to 1.5.52 or later.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<table class=\"tbl\"><thead><tr><th>Version<br></th><th>Minor Version<br></th><th>Suggested Solution<br></th></tr></thead><tbody><tr>\n <td>Cortex XSOAR Microsoft Teams Marketplace 1.5<br></td>\n <td>1.5.0 through 1.5.51</td>\n <td>Upgrade to 1.5.52 or later.</td>\n </tr><tr>\n <td>Cortex XSIAM Microsoft Teams Marketplace 1.5<br></td>\n <td>1.5.0 through 1.5.51</td>\n <td>Upgrade to 1.5.52 or later.</td>\n </tr></tbody></table>"}]}], "exploits": [{"lang": "en", "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."}]}], "timeline": [{"time": "2026-04-08T16:00:00.000Z", "lang": "en", "value": "Initial Publication"}], "credits": [{"lang": "en", "value": "quinn", "type": "finder"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "x_affectedList": ["Cortex XSOAR Microsoft Teams Marketplace 1.5.0", "Cortex XSOAR Microsoft Teams Marketplace 1.5.1", "Cortex XSOAR Microsoft Teams Marketplace 1.5.2", "Cortex XSOAR Microsoft Teams Marketplace 1.5.3", "Cortex XSOAR Microsoft Teams Marketplace 1.5.4", "Cortex XSOAR Microsoft Teams Marketplace 1.5.5", "Cortex XSOAR Microsoft Teams Marketplace 1.5.6", "Cortex XSOAR Microsoft Teams Marketplace 1.5.7", "Cortex XSOAR Microsoft Teams Marketplace 1.5.8", "Cortex XSOAR Microsoft Teams Marketplace 1.5.9", "Cortex XSOAR Microsoft Teams Marketplace 1.5.10", "Cortex XSOAR Microsoft Teams Marketplace 1.5.11", "Cortex XSOAR Microsoft Teams Marketplace 1.5.12", "Cortex XSOAR Microsoft Teams Marketplace 1.5.13", "Cortex XSOAR Microsoft Teams Marketplace 1.5.14", "Cortex XSOAR Microsoft Teams Marketplace 1.5.15", "Cortex XSOAR Microsoft Teams Marketplace 1.5.16", "Cortex XSOAR Microsoft Teams Marketplace 1.5.17", "Cortex XSOAR Microsoft Teams Marketplace 1.5.18", "Cortex XSOAR Microsoft Teams Marketplace 1.5.19", "Cortex XSOAR Microsoft Teams Marketplace 1.5.20", "Cortex XSOAR Microsoft Teams Marketplace 1.5.21", "Cortex XSOAR Microsoft Teams Marketplace 1.5.22", "Cortex XSOAR Microsoft Teams Marketplace 1.5.23", "Cortex XSOAR Microsoft Teams Marketplace 1.5.24", "Cortex XSOAR Microsoft Teams Marketplace 1.5.25", "Cortex XSOAR Microsoft Teams Marketplace 1.5.26", "Cortex XSOAR Microsoft Teams Marketplace 1.5.27", "Cortex XSOAR Microsoft Teams Marketplace 1.5.28", "Cortex XSOAR Microsoft Teams Marketplace 1.5.29", "Cortex XSOAR Microsoft Teams Marketplace 1.5.30", "Cortex XSOAR Microsoft Teams Marketplace 1.5.31", "Cortex XSOAR Microsoft Teams Marketplace 1.5.32", "Cortex XSOAR Microsoft Teams Marketplace 1.5.33", "Cortex XSOAR Microsoft Teams Marketplace 1.5.34", "Cortex XSOAR Microsoft Teams Marketplace 1.5.35", "Cortex XSOAR Microsoft Teams Marketplace 1.5.36", "Cortex XSOAR Microsoft Teams Marketplace 1.5.37", "Cortex XSOAR Microsoft Teams Marketplace 1.5.38", "Cortex XSOAR Microsoft Teams Marketplace 1.5.39", "Cortex XSOAR Microsoft Teams Marketplace 1.5.40", "Cortex XSOAR Microsoft Teams Marketplace 1.5.41", "Cortex XSOAR Microsoft Teams Marketplace 1.5.42", "Cortex XSOAR Microsoft Teams Marketplace 1.5.43", "Cortex XSOAR Microsoft Teams Marketplace 1.5.44", "Cortex XSOAR Microsoft Teams Marketplace 1.5.45", "Cortex XSOAR Microsoft Teams Marketplace 1.5.46", "Cortex XSOAR Microsoft Teams Marketplace 1.5.47", "Cortex XSOAR Microsoft Teams Marketplace 1.5.48", "Cortex XSOAR Microsoft Teams Marketplace 1.5.49", "Cortex XSOAR Microsoft Teams Marketplace 1.5.50", "Cortex XSOAR Microsoft Teams Marketplace 1.5.51", "Cortex XSIAM Microsoft Teams Marketplace 1.5.0", "Cortex XSIAM Microsoft Teams Marketplace 1.5.1", "Cortex XSIAM Microsoft Teams Marketplace 1.5.2", "Cortex XSIAM Microsoft Teams Marketplace 1.5.3", "Cortex XSIAM Microsoft Teams Marketplace 1.5.4", "Cortex XSIAM Microsoft Teams Marketplace 1.5.5", "Cortex XSIAM Microsoft Teams Marketplace 1.5.6", "Cortex XSIAM Microsoft Teams Marketplace 1.5.7", "Cortex XSIAM Microsoft Teams Marketplace 1.5.8", "Cortex XSIAM Microsoft Teams Marketplace 1.5.9", "Cortex XSIAM Microsoft Teams Marketplace 1.5.10", "Cortex XSIAM Microsoft Teams Marketplace 1.5.11", "Cortex XSIAM Microsoft Teams Marketplace 1.5.12", "Cortex XSIAM Microsoft Teams Marketplace 1.5.13", "Cortex XSIAM Microsoft Teams Marketplace 1.5.14", "Cortex XSIAM Microsoft Teams Marketplace 1.5.15", "Cortex XSIAM Microsoft Teams Marketplace 1.5.16", "Cortex XSIAM Microsoft Teams Marketplace 1.5.17", "Cortex XSIAM Microsoft Teams Marketplace 1.5.18", "Cortex XSIAM Microsoft Teams Marketplace 1.5.19", "Cortex XSIAM Microsoft Teams Marketplace 1.5.20", "Cortex XSIAM Microsoft Teams Marketplace 1.5.21", "Cortex XSIAM Microsoft Teams Marketplace 1.5.22", "Cortex XSIAM Microsoft Teams Marketplace 1.5.23", "Cortex XSIAM Microsoft Teams Marketplace 1.5.24", "Cortex XSIAM Microsoft Teams Marketplace 1.5.25", "Cortex XSIAM Microsoft Teams Marketplace 1.5.26", "Cortex XSIAM Microsoft Teams Marketplace 1.5.27", "Cortex XSIAM Microsoft Teams Marketplace 1.5.28", "Cortex XSIAM Microsoft Teams Marketplace 1.5.29", "Cortex XSIAM Microsoft Teams Marketplace 1.5.30", "Cortex XSIAM Microsoft Teams Marketplace 1.5.31", "Cortex XSIAM Microsoft Teams Marketplace 1.5.32", "Cortex XSIAM Microsoft Teams Marketplace 1.5.33", "Cortex XSIAM Microsoft Teams Marketplace 1.5.34", "Cortex XSIAM Microsoft Teams Marketplace 1.5.35", "Cortex XSIAM Microsoft Teams Marketplace 1.5.36", "Cortex XSIAM Microsoft Teams Marketplace 1.5.37", "Cortex XSIAM Microsoft Teams Marketplace 1.5.38", "Cortex XSIAM Microsoft Teams Marketplace 1.5.39", "Cortex XSIAM Microsoft Teams Marketplace 1.5.40", "Cortex XSIAM Microsoft Teams Marketplace 1.5.41", "Cortex XSIAM Microsoft Teams Marketplace 1.5.42", "Cortex XSIAM Microsoft Teams Marketplace 1.5.43", "Cortex XSIAM Microsoft Teams Marketplace 1.5.44", "Cortex XSIAM Microsoft Teams Marketplace 1.5.45", "Cortex XSIAM Microsoft Teams Marketplace 1.5.46", "Cortex XSIAM Microsoft Teams Marketplace 1.5.47", "Cortex XSIAM Microsoft Teams Marketplace 1.5.48", "Cortex XSIAM Microsoft Teams Marketplace 1.5.49", "Cortex XSIAM Microsoft Teams Marketplace 1.5.50", "Cortex XSIAM Microsoft Teams Marketplace 1.5.51"]}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR and Cortex XSIAM platforms during integration of Microsoft Teams that enables an unauthenticated user to access and modify protected resources."}], "id": "CVE-2026-0234", "lastModified": "2026-04-13T08:16:22.367", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NO", "Recovery": "USER", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "UNREPORTED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "RED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Red", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "MODERATE"}, "source": "psirt@paloaltonetworks.com", "type": "Secondary"}]}, "published": "2026-04-13T08:16:22.367", "references": [{"source": "psirt@paloaltonetworks.com", "url": "https://security.paloaltonetworks.com/CVE-2026-0234"}], "sourceIdentifier": "psirt@paloaltonetworks.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-347"}], "source": "psirt@paloaltonetworks.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[1.5.0,1.5.52)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "1.5.52"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Cortex XSIAM Microsoft Teams Marketplace", "source": "cna", "vendor": "Palo Alto Networks"}, "product": "cortex_xsiam_microsoft_teams_marketplace", "vendor": "palo_alto_networks"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[1.5.0,1.5.52)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "1.5.52"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Cortex XSOAR Microsoft Teams Marketplace", "source": "cna", "vendor": "Palo Alto Networks"}, "product": "cortex_xsoar_microsoft_teams_marketplace", "vendor": "palo_alto_networks"}], "created": "2026-04-13T12:36:49.455592+00:00", "updated": "2026-04-13T12:36:49.455706+00:00", "vendors": ["palo_alto_networks", "palo_alto_networks$PRODUCT$cortex_xsiam_microsoft_teams_marketplace", "palo_alto_networks$PRODUCT$cortex_xsoar_microsoft_teams_marketplace"]}