Vulnerability in Palo Alto Networks Cortex Xdr Agent

CVE-2026-0230

A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on macOS allows a local administrator to disable the agent. This issue could be leveraged by malware to perform malicious activity without detection.

EPSS: 0.000 (5.6th percentile) — read the EPSS interpretation.

Affected products

Palo Alto Networks Cortex Xdr Agent — versions 9.1.0, 9.0.0, 8.9.0

Weakness classification (CWE)

CWE-754 — Improper Check for Unusual or Exceptional Conditions

References

security.paloaltonetworks.com/CVE-2026-0230 (vendor-advisory)