Vulnerability in Palo Alto Networks Autonomous Digital Experience Manager

CVE-2026-0233

A certificate validation vulnerability in Palo Alto Networks Autonomous Digital Experience Manager on Windows allows an unauthenticated attacker with adjacent network access to execute arbitrary code with NT AUTHORITY\SYSTEM privileges.

Vulnerability class: Improper Certificate Validation

EPSS: 0.000 (5.5th percentile) — read the EPSS interpretation.

Affected products

Palo Alto Networks Autonomous Digital Experience Manager — versions 5.10.0

Weakness classification (CWE)

CWE-295 — Improper Certificate Validation

References

security.paloaltonetworks.com/CVE-2026-0233 (vendor-advisory)