Improper Credential Validation in Commvault SecurityIQ for Cortex XSOAR and Cortex XSIAM
CVE-2026-0274

8.1HIGH

What is CVE-2026-0274?

A vulnerability exists in the Commvault SecurityIQ integration for Cortex XSOAR and Cortex XSIAM that allows an unauthenticated attacker to bypass credential validation controls. This flaw could enable unauthorized access and modification of sensitive resources, leading to potential data breaches and security incidents. Organizations using these integrations should evaluate their security posture and apply necessary mitigations to protect against unauthorized access.

Affected Version(s)

Cortex XSIAM CommvaultSecurityIQ Marketplace 1.1.0 < 1.2.0

Cortex XSOAR CommvaultSecurityIQ Marketplace 1.1.0 < 1.2.0

References

CVSS V4

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

our internal security research teams
.