Search
Find a vulnerability
Search criteria
2 vulnerabilities found for Cortex XSOAR CommvaultSecurityIQ Marketplace by Palo Alto Networks
CVE-2026-0274 (GCVE-0-2026-0274)
Vulnerability from nvd – Published: 2026-06-10 21:02 – Updated: 2026-06-12 03:55
VLAI
Title
Cortex XSOAR: Improper Validation of Credentials in CommvaultSecurityIQ integration
Summary
An improper validation of credentials vulnerability in the CommvaultSecurityIQ integration for Cortex XSOAR and Cortex XSIAM allows an unauthenticated attacker to access and modify protected resources.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-1390 - Weak Authentication
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://security.paloaltonetworks.com/CVE-2026-0274 | vendor-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Palo Alto Networks | Cortex XSIAM CommvaultSecurityIQ Marketplace |
Affected:
1.1.0 , < 1.2.0
(custom)
|
|
| Palo Alto Networks | Cortex XSOAR CommvaultSecurityIQ Marketplace |
Affected:
1.1.0 , < 1.2.0
(custom)
|
Date Public
2026-06-10 16:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-0274",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-11T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-12T03:55:32.986Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Cortex XSIAM CommvaultSecurityIQ Marketplace",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "1.2.0",
"status": "unaffected"
}
],
"lessThan": "1.2.0",
"status": "affected",
"version": "1.1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Cortex XSOAR CommvaultSecurityIQ Marketplace",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "1.2.0",
"status": "unaffected"
}
],
"lessThan": "1.2.0",
"status": "affected",
"version": "1.1.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "No special configuration is required to be affected by this issue."
}
],
"value": "No special configuration is required to be affected by this issue."
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:palo_alto_networks:cortex_xsiam_commvaultsecurityiq_marketplace:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.2.0",
"versionStartIncluding": "1.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:palo_alto_networks:cortex_xsoar_commvaultsecurityiq_marketplace:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.2.0",
"versionStartIncluding": "1.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "our internal security research teams"
}
],
"datePublic": "2026-06-10T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An improper validation of credentials vulnerability in the CommvaultSecurityIQ integration for Cortex XSOAR and Cortex XSIAM allows an unauthenticated attacker to access and modify protected resources."
}
],
"value": "An improper validation of credentials vulnerability in the CommvaultSecurityIQ integration for Cortex XSOAR and Cortex XSIAM allows an unauthenticated attacker to access and modify protected resources."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"impacts": [
{
"capecId": "CAPEC-475",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-475 Signature Spoofing by Improper Validation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"exploitMaturity": "UNREPORTED",
"privilegesRequired": "NONE",
"providerUrgency": "RED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Red",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1390",
"description": "CWE-1390 Weak Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-10T21:02:26.497Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2026-0274"
}
],
"solutions": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ctable class=\"tbl\"\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eVersion\u003cbr\u003e\u003c/th\u003e\u003cth\u003eMinor Version\u003cbr\u003e\u003c/th\u003e\u003cth\u003eSuggested Solution\u003cbr\u003e\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\n \u003ctd\u003eCortex XSIAM CommvaultSecurityIQ Marketplace 1.1\u003cbr\u003e\u003c/td\u003e\n \u003ctd\u003e1.1.0 through 1.1.9\u003c/td\u003e\n \u003ctd\u003eUpgrade to 1.2.0 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003eCortex XSOAR CommvaultSecurityIQ Marketplace 1.1\u003cbr\u003e\u003c/td\u003e\n \u003ctd\u003e1.1.0 through 1.1.9\u003c/td\u003e\n \u003ctd\u003eUpgrade to 1.2.0 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e"
}
],
"value": "VERSION MINOR VERSION SUGGESTED SOLUTION\nCortex XSIAM CommvaultSecurityIQ Marketplace 1.1 1.1.0 through 1.1.9 Upgrade to 1.2.0 or later.\nCortex XSOAR CommvaultSecurityIQ Marketplace 1.1 1.1.0 through 1.1.9 Upgrade to 1.2.0 or later."
}
],
"source": {
"discovery": "INTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2026-06-10T16:00:00.000Z",
"value": "Initial Publication."
}
],
"title": "Cortex XSOAR: Improper Validation of Credentials in CommvaultSecurityIQ integration",
"workarounds": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "No known workarounds exist for this issue."
}
],
"value": "No known workarounds exist for this issue."
}
],
"x_affectedList": [
"Cortex XSIAM CommvaultSecurityIQ Marketplace 1.1.0",
"Cortex XSIAM CommvaultSecurityIQ Marketplace 1.1.1",
"Cortex XSIAM CommvaultSecurityIQ Marketplace 1.1.2",
"Cortex XSIAM CommvaultSecurityIQ Marketplace 1.1.3",
"Cortex XSIAM CommvaultSecurityIQ Marketplace 1.1.4",
"Cortex XSIAM CommvaultSecurityIQ Marketplace 1.1.5",
"Cortex XSIAM CommvaultSecurityIQ Marketplace 1.1.6",
"Cortex XSIAM CommvaultSecurityIQ Marketplace 1.1.7",
"Cortex XSOAR CommvaultSecurityIQ Marketplace 1.1.0",
"Cortex XSOAR CommvaultSecurityIQ Marketplace 1.1.1",
"Cortex XSOAR CommvaultSecurityIQ Marketplace 1.1.2",
"Cortex XSOAR CommvaultSecurityIQ Marketplace 1.1.3",
"Cortex XSOAR CommvaultSecurityIQ Marketplace 1.1.4",
"Cortex XSOAR CommvaultSecurityIQ Marketplace 1.1.5",
"Cortex XSOAR CommvaultSecurityIQ Marketplace 1.1.6",
"Cortex XSOAR CommvaultSecurityIQ Marketplace 1.1.7",
"Cortex XSOAR CommvaultSecurityIQ Marketplace 1.1.8",
"Cortex XSOAR CommvaultSecurityIQ Marketplace 1.1.9"
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2026-0274",
"datePublished": "2026-06-10T21:02:26.497Z",
"dateReserved": "2025-11-03T20:44:33.634Z",
"dateUpdated": "2026-06-12T03:55:32.986Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-0274 (GCVE-0-2026-0274)
Vulnerability from cvelistv5 – Published: 2026-06-10 21:02 – Updated: 2026-06-12 03:55
VLAI
Title
Cortex XSOAR: Improper Validation of Credentials in CommvaultSecurityIQ integration
Summary
An improper validation of credentials vulnerability in the CommvaultSecurityIQ integration for Cortex XSOAR and Cortex XSIAM allows an unauthenticated attacker to access and modify protected resources.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-1390 - Weak Authentication
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://security.paloaltonetworks.com/CVE-2026-0274 | vendor-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Palo Alto Networks | Cortex XSIAM CommvaultSecurityIQ Marketplace |
Affected:
1.1.0 , < 1.2.0
(custom)
|
|
| Palo Alto Networks | Cortex XSOAR CommvaultSecurityIQ Marketplace |
Affected:
1.1.0 , < 1.2.0
(custom)
|
Date Public
2026-06-10 16:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-0274",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-11T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-12T03:55:32.986Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Cortex XSIAM CommvaultSecurityIQ Marketplace",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "1.2.0",
"status": "unaffected"
}
],
"lessThan": "1.2.0",
"status": "affected",
"version": "1.1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Cortex XSOAR CommvaultSecurityIQ Marketplace",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "1.2.0",
"status": "unaffected"
}
],
"lessThan": "1.2.0",
"status": "affected",
"version": "1.1.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "No special configuration is required to be affected by this issue."
}
],
"value": "No special configuration is required to be affected by this issue."
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:palo_alto_networks:cortex_xsiam_commvaultsecurityiq_marketplace:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.2.0",
"versionStartIncluding": "1.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:palo_alto_networks:cortex_xsoar_commvaultsecurityiq_marketplace:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.2.0",
"versionStartIncluding": "1.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "our internal security research teams"
}
],
"datePublic": "2026-06-10T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An improper validation of credentials vulnerability in the CommvaultSecurityIQ integration for Cortex XSOAR and Cortex XSIAM allows an unauthenticated attacker to access and modify protected resources."
}
],
"value": "An improper validation of credentials vulnerability in the CommvaultSecurityIQ integration for Cortex XSOAR and Cortex XSIAM allows an unauthenticated attacker to access and modify protected resources."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"impacts": [
{
"capecId": "CAPEC-475",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-475 Signature Spoofing by Improper Validation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"exploitMaturity": "UNREPORTED",
"privilegesRequired": "NONE",
"providerUrgency": "RED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Red",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1390",
"description": "CWE-1390 Weak Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-10T21:02:26.497Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2026-0274"
}
],
"solutions": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ctable class=\"tbl\"\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eVersion\u003cbr\u003e\u003c/th\u003e\u003cth\u003eMinor Version\u003cbr\u003e\u003c/th\u003e\u003cth\u003eSuggested Solution\u003cbr\u003e\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\n \u003ctd\u003eCortex XSIAM CommvaultSecurityIQ Marketplace 1.1\u003cbr\u003e\u003c/td\u003e\n \u003ctd\u003e1.1.0 through 1.1.9\u003c/td\u003e\n \u003ctd\u003eUpgrade to 1.2.0 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003eCortex XSOAR CommvaultSecurityIQ Marketplace 1.1\u003cbr\u003e\u003c/td\u003e\n \u003ctd\u003e1.1.0 through 1.1.9\u003c/td\u003e\n \u003ctd\u003eUpgrade to 1.2.0 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e"
}
],
"value": "VERSION MINOR VERSION SUGGESTED SOLUTION\nCortex XSIAM CommvaultSecurityIQ Marketplace 1.1 1.1.0 through 1.1.9 Upgrade to 1.2.0 or later.\nCortex XSOAR CommvaultSecurityIQ Marketplace 1.1 1.1.0 through 1.1.9 Upgrade to 1.2.0 or later."
}
],
"source": {
"discovery": "INTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2026-06-10T16:00:00.000Z",
"value": "Initial Publication."
}
],
"title": "Cortex XSOAR: Improper Validation of Credentials in CommvaultSecurityIQ integration",
"workarounds": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "No known workarounds exist for this issue."
}
],
"value": "No known workarounds exist for this issue."
}
],
"x_affectedList": [
"Cortex XSIAM CommvaultSecurityIQ Marketplace 1.1.0",
"Cortex XSIAM CommvaultSecurityIQ Marketplace 1.1.1",
"Cortex XSIAM CommvaultSecurityIQ Marketplace 1.1.2",
"Cortex XSIAM CommvaultSecurityIQ Marketplace 1.1.3",
"Cortex XSIAM CommvaultSecurityIQ Marketplace 1.1.4",
"Cortex XSIAM CommvaultSecurityIQ Marketplace 1.1.5",
"Cortex XSIAM CommvaultSecurityIQ Marketplace 1.1.6",
"Cortex XSIAM CommvaultSecurityIQ Marketplace 1.1.7",
"Cortex XSOAR CommvaultSecurityIQ Marketplace 1.1.0",
"Cortex XSOAR CommvaultSecurityIQ Marketplace 1.1.1",
"Cortex XSOAR CommvaultSecurityIQ Marketplace 1.1.2",
"Cortex XSOAR CommvaultSecurityIQ Marketplace 1.1.3",
"Cortex XSOAR CommvaultSecurityIQ Marketplace 1.1.4",
"Cortex XSOAR CommvaultSecurityIQ Marketplace 1.1.5",
"Cortex XSOAR CommvaultSecurityIQ Marketplace 1.1.6",
"Cortex XSOAR CommvaultSecurityIQ Marketplace 1.1.7",
"Cortex XSOAR CommvaultSecurityIQ Marketplace 1.1.8",
"Cortex XSOAR CommvaultSecurityIQ Marketplace 1.1.9"
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2026-0274",
"datePublished": "2026-06-10T21:02:26.497Z",
"dateReserved": "2025-11-03T20:44:33.634Z",
"dateUpdated": "2026-06-12T03:55:32.986Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}