CVE-2026-0276 PUBLISHED

Cortex XDR Broker VM: Privilege Escalation (PE) Vulnerability

Assigner: palo_alto
Reserved: 03.11.2025 Published: 09.07.2026 Updated: 10.07.2026

A privilege escalation vulnerability in Palo Alto Networks Cortex® XDR Broker VM enables a locally authenticated user to perform actions as the root user.

Metrics

CVSS Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber
CVSS Score: 1.1

Product Status

Vendor Palo Alto Networks
Product Cortex XDR Broker VM
Versions Default: unaffected
  • affected from 20.0.96 to 31.0.58 (excl.)

Exploits

Palo Alto Networks is not aware of any malicious exploitation of this issue.

Credits

  • Palo Alto Networks thanks Martin Rougeron for discovering and reporting this issue finder

References

Problem Types

  • CWE-269 — Improper Privilege Management CWE

Impacts

  • CAPEC-233 Privilege Escalation