Cortex XSOAR: Improper Validation of Credentials in CommvaultSecurityIQ integration
CVE-2026-0274

8.1HIGH

Key Information:

Vendor: Palo Alto Networks
Status: Cortex Xsiam Commvaultsecurityiq Marketplace; Cortex Xsoar Commvaultsecurityiq Marketplace
Vendor: CVE Published:; 10 June 2026

🔔 Create Palo Alto Networks Vulnerability Alert

Badges

👾 Exploit Exists

What is CVE-2026-0274?

An improper validation of credentials vulnerability in the CommvaultSecurityIQ integration for Cortex XSOAR and Cortex XSIAM allows an unauthenticated attacker to access and modify protected resources.

Affected Version(s)

Cortex XSIAM CommvaultSecurityIQ Marketplace 1.1.0 < 1.2.0

Cortex XSOAR CommvaultSecurityIQ Marketplace 1.1.0 < 1.2.0

References

https://security.paloaltonetworks.com/CVE-2026-0274

vendor-advisory

CVSS V4

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Jun 10, 2026
Vulnerability published
Jun 10, 2026
Vulnerability Reserved
Nov 3, 2025

Credit

our internal security research teams

CVE-2026-0274 Data

JSON