Vulnerability in Palo Alto Networks Cortex Xdr Broker Vm

CVE-2026-0231

An information disclosure vulnerability in Palo Alto Networks Cortex XDR® Broker VM allows an authenticated user to obtain and modify sensitive information by triggering live terminal session via Cortex UI and modifying any configuration s…

EPSS: 0.000 (5.6th percentile) — read the EPSS interpretation.

Affected products

Palo Alto Networks Cortex Xdr Broker Vm — versions 30.0.0

Weakness classification (CWE)

CWE-497 — Exposure of Sensitive System Information to an Unauthorized Control Sphere

References

security.paloaltonetworks.com/CVE-2026-0231 (vendor-advisory)