Arbitrary Content Injection in Palo Alto Networks Broker VM
CVE-2026-0238

1.1LOW

Key Information:

Vendor: Palo Alto Networks
Status: Broker Vm
Vendor: CVE Published:; 13 May 2026

🔔 Create Palo Alto Networks Vulnerability Alert

Badges

👾 Exploit Exists

What is CVE-2026-0238?

A vulnerability in the Palo Alto Networks Broker VM permits authenticated administrators to inject arbitrary content into specific fields of the Broker VM. This flaw poses a significant risk as it can lead to unauthorized data manipulation and potential exploitation in the system's environment. It is crucial for users of the affected version to apply security patches to safeguard against possible attacks.

Affected Version(s)

Broker VM 30.0 < 30.0.24

References

https://security.paloaltonetworks.com/CVE-2026-0238

vendor-advisory

CVSS V4

Score:

1.1

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
May 13, 2026
Vulnerability published
May 13, 2026
Vulnerability Reserved
Nov 3, 2025

Credit

This issue was discovered during an internal penetration test.

CVE-2026-0238 Data

JSON