Information Disclosure Vulnerability in Trust Protection Foundation by Trust Protection Foundation
CVE-2026-0240

4.5MEDIUM

Key Information:

Vendor: Palo Alto Networks
Status: Trust Protection Foundation
Vendor: CVE Published:; 13 May 2026

🔔 Create Palo Alto Networks Vulnerability Alert

Badges

👾 Exploit Exists

What is CVE-2026-0240?

An information disclosure vulnerability in Trust Protection Foundation allows authenticated attackers to gain access to sensitive information stored in the server's vault. By exploiting this vulnerability, attackers can impersonate any user within the environment and make arbitrary modifications to configuration settings, posing a significant risk to data integrity and security.

Affected Version(s)

Trust Protection Foundation 25.3.0 < 25.3.3

Trust Protection Foundation 25.1.0 < 25.1.8

Trust Protection Foundation 24.3.0 < 24.3.6

References

https://security.paloaltonetworks.com/CVE-2026-0240

vendor-advisory

CVSS V4

Score:

4.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
May 13, 2026
Vulnerability published
May 13, 2026
Vulnerability Reserved
Nov 3, 2025

Credit

Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue.

CVE-2026-0240 Data

JSON