CVE-2026-0234 PUBLISHED

Cortex XSOAR: Improper Verification of Cryptographic Signature in Microsoft Teams integration

Assigner: palo_alto
Reserved: 03.11.2025 Published: 13.04.2026 Updated: 13.04.2026

An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR and Cortex XSIAM platforms during integration of Microsoft Teams that enables an unauthenticated user to access and modify protected resources.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Red
CVSS Score: 7.2

Product Status

Vendor Palo Alto Networks
Product Cortex XSOAR Microsoft Teams Marketplace
Versions Default: unaffected
  • affected from 1.5.0 to 1.5.52 (excl.)
Vendor Palo Alto Networks
Product Cortex XSIAM Microsoft Teams Marketplace
Versions Default: unaffected
  • affected from 1.5.0 to 1.5.52 (excl.)

Exploits

Palo Alto Networks is not aware of any malicious exploitation of this issue.

Credits

  • quinn finder

References

Problem Types

  • CWE-347 Improper Verification of Cryptographic Signature CWE

Impacts

  • CAPEC-475 Signature Spoofing by Improper Validation