Vulnerability in Palo Alto Networks Cortex Xsiam Microsoft Teams Marketplace

CVE-2026-0234

An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR and Cortex XSIAM platforms during integration of Microsoft Teams that enables an unauthenticated user to access and modify protected resources.

EPSS: 0.000 (9.2th percentile) — read the EPSS interpretation.

Affected products

Palo Alto Networks Cortex Xsiam Microsoft Teams Marketplace — versions 1.5.0
Palo Alto Networks Cortex Xsoar Microsoft Teams Marketplace — versions 1.5.0

Weakness classification (CWE)

CWE-347 — Improper Verification of Cryptographic Signature

References

security.paloaltonetworks.com/CVE-2026-0234 (vendor-advisory)