Path Traversal Vulnerability in Palo Alto Networks Cortex XSOAR Engine Software
CVE-2026-0270

4.8MEDIUM

Key Information:

Vendor
CVE Published:
10 June 2026

Badges

👾 Exploit Exists

What is CVE-2026-0270?

A path traversal vulnerability exists in the Palo Alto Networks Cortex XSOAR engine software operating on Linux systems. This flaw enables unauthenticated attackers on an adjacent network, with capabilities to intercept and alter network response traffic through a man-in-the-middle (MITM) attack. The vulnerability allows these attackers to write arbitrary files to the host, potentially compromising the system's integrity and data security.

Affected Version(s)

Cortex XSOAR 8.12.0

Cortex XSOAR 8.11.0

Cortex XSOAR 8.10.0

References

CVSS V4

Score:
4.8
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
High
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Palo Alto Networks thanks the internal security team for discovering and reporting this issue.
.