Cortex XSOAR: Path Traversal Vulnerability
CVE-2026-0270

4.8MEDIUM

Key Information:

Vendor: Palo Alto Networks
Status: Cortex Xsoar
Vendor: CVE Published:; 10 June 2026

🔔 Create Palo Alto Networks Vulnerability Alert

Badges

👾 Exploit Exists

What is CVE-2026-0270?

A path traversal vulnerability in Palo Alto Networks Cortex XSOAR engine software running on Linux allows an unauthenticated attacker on an adjacent network, with the ability to intercept and manipulate network response traffic via a man-in-the-middle (MITM) attack, to write arbitrary files to the host.

Affected Version(s)

Cortex XSOAR 8.12.0

Cortex XSOAR 8.11.0

Cortex XSOAR 8.10.0

References

https://security.paloaltonetworks.com/CVE-2026-0270

vendor-advisory

https://nvd.nist.gov/vuln/detail/CVE-2007-4559

relatedthird-party-advisory

CVSS V4

Score:

4.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Jun 10, 2026
Vulnerability published
Jun 10, 2026
Vulnerability Reserved
Nov 3, 2025

Credit

Palo Alto Networks thanks the internal security team for discovering and reporting this issue.

CVE-2026-0270 Data

JSON