Search criteria
6 vulnerabilities found for Trust Protection Foundation by Palo Alto Networks
CVE-2026-0242 (GCVE-0-2026-0242)
Vulnerability from nvd – Published: 2026-05-13 19:04 – Updated: 2026-05-15 03:56
VLAI?
Title
Trust Protection Foundation: SQL Injection Vulnerability
Summary
A SQL injection vulnerability in Trust Protection Foundation allows an authenticated attacker to execute arbitrary SQL commands against the product database. Successful exploitation could allow an attacker to read sensitive data, modify database contents, and escalate privileges to gain full administrative control of the platform.
Severity ?
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://security.paloaltonetworks.com/CVE-2026-0242 | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Palo Alto Networks | Trust Protection Foundation |
Affected:
25.3.0 , < 25.3.3
(custom)
Affected: 25.1.0 , < 25.1.8 (custom) Affected: 24.3.0 , < 24.3.6 (custom) Affected: 24.1.0 , < 24.1.13 (custom) |
Date Public ?
2026-05-13 16:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-0242",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-14T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T03:56:11.733Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Trust Protection Foundation",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "25.3.3",
"status": "unaffected"
}
],
"lessThan": "25.3.3",
"status": "affected",
"version": "25.3.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "25.1.8",
"status": "unaffected"
}
],
"lessThan": "25.1.8",
"status": "affected",
"version": "25.1.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "24.3.6",
"status": "unaffected"
}
],
"lessThan": "24.3.6",
"status": "affected",
"version": "24.3.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "24.1.13",
"status": "unaffected"
}
],
"lessThan": "24.1.13",
"status": "affected",
"version": "24.1.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eNo special configuration is required to be affected by this vulnerability.\u003c/p\u003e"
}
],
"value": "No special configuration is required to be affected by this vulnerability."
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:palo_alto_networks:trust_protection_foundation:*:*:*:*:*:*:*:*",
"versionEndExcluding": "25.3.3",
"versionStartIncluding": "25.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:palo_alto_networks:trust_protection_foundation:*:*:*:*:*:*:*:*",
"versionEndExcluding": "25.1.8",
"versionStartIncluding": "25.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:palo_alto_networks:trust_protection_foundation:*:*:*:*:*:*:*:*",
"versionEndExcluding": "24.3.6",
"versionStartIncluding": "24.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:palo_alto_networks:trust_protection_foundation:*:*:*:*:*:*:*:*",
"versionEndExcluding": "24.1.13",
"versionStartIncluding": "24.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "other",
"value": "Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue."
}
],
"datePublic": "2026-05-13T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA SQL injection vulnerability in Trust Protection Foundation allows an authenticated attacker to execute arbitrary SQL commands against the product database. Successful exploitation could allow an attacker to read sensitive data, modify database contents, and escalate privileges to gain full administrative control of the platform.\u003c/p\u003e"
}
],
"value": "A SQL injection vulnerability in Trust Protection Foundation allows an authenticated attacker to execute arbitrary SQL commands against the product database. Successful exploitation could allow an attacker to read sensitive data, modify database contents, and escalate privileges to gain full administrative control of the platform."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePalo Alto Networks is not aware of any malicious exploitation of this issue.\u003c/p\u003e"
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"impacts": [
{
"capecId": "CAPEC-66",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-66 SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"exploitMaturity": "UNREPORTED",
"privilegesRequired": "LOW",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N/E:U/AU:Y/R:U/V:C/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-13T19:04:52.841Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2026-0242"
}
],
"solutions": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ctable class=\"tbl\"\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eVersion\u003c/th\u003e\u003cth\u003e\u0026nbsp;Minor Version\u003c/th\u003e\u003cth\u003eSuggested Solution\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eTrust Protection Foundation 25.3\u003c/td\u003e\u003ctd\u003e\u0026nbsp;\u003cspan\u003e25.3.0 through 25.3.2\u003c/span\u003e\u003c/td\u003e\u003ctd\u003eUpgrade to 25.3.3 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eTrust Protection Foundation 25.1\u003c/td\u003e\u003ctd\u003e\u0026nbsp;\u003cspan\u003e25.1.0 through 25.1.7\u003c/span\u003e\u003c/td\u003e\u003ctd\u003eUpgrade to 25.1.8 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eTrust Protection Foundation 24.3\u003c/td\u003e\u003ctd\u003e\u0026nbsp;\u003cspan\u003e24.3.0 through 24.3.5\u003c/span\u003e\u003c/td\u003e\u003ctd\u003eUpgrade to 24.3.6 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eTrust Protection Foundation 24.1\u003c/td\u003e\u003ctd\u003e\u0026nbsp;\u003cspan\u003e24.1.0 through 24.1.12\u003c/span\u003e\u003c/td\u003e\u003ctd\u003eUpgrade to 24.1.13 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eAll older versions\u003c/td\u003e\u003ctd\u003e\u0026nbsp;\u003c/td\u003e\u003ctd\u003eUpgrade to a supported fixed version.\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e"
}
],
"value": "Version Minor Version Suggested Solution\nTrust Protection Foundation 25.3 25.3.0 through 25.3.2 Upgrade to 25.3.3 or later.\nTrust Protection Foundation 25.1 25.1.0 through 25.1.7 Upgrade to 25.1.8 or later.\nTrust Protection Foundation 24.3 24.3.0 through 24.3.5 Upgrade to 24.3.6 or later.\nTrust Protection Foundation 24.1 24.1.0 through 24.1.12 Upgrade to 24.1.13 or later.\nAll older versions Upgrade to a supported fixed version."
}
],
"source": {
"discovery": "INTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2026-05-13T16:00:00.000Z",
"value": "Initial publication."
}
],
"title": "Trust Protection Foundation: SQL Injection Vulnerability",
"x_affectedList": [
"Trust Protection Foundation 25.3.0",
"Trust Protection Foundation 25.3.1",
"Trust Protection Foundation 25.3.2",
"Trust Protection Foundation 25.1.0",
"Trust Protection Foundation 25.1.1",
"Trust Protection Foundation 25.1.2",
"Trust Protection Foundation 25.1.3",
"Trust Protection Foundation 25.1.4",
"Trust Protection Foundation 25.1.5",
"Trust Protection Foundation 25.1.6",
"Trust Protection Foundation 25.1.7",
"Trust Protection Foundation 24.3.0",
"Trust Protection Foundation 24.3.1",
"Trust Protection Foundation 24.3.2",
"Trust Protection Foundation 24.3.3",
"Trust Protection Foundation 24.3.4",
"Trust Protection Foundation 24.3.5",
"Trust Protection Foundation 24.1.0",
"Trust Protection Foundation 24.1.1",
"Trust Protection Foundation 24.1.2",
"Trust Protection Foundation 24.1.3",
"Trust Protection Foundation 24.1.4",
"Trust Protection Foundation 24.1.5",
"Trust Protection Foundation 24.1.6",
"Trust Protection Foundation 24.1.7",
"Trust Protection Foundation 24.1.8",
"Trust Protection Foundation 24.1.9",
"Trust Protection Foundation 24.1.10",
"Trust Protection Foundation 24.1.11",
"Trust Protection Foundation 24.1.12"
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2026-0242",
"datePublished": "2026-05-13T19:04:52.841Z",
"dateReserved": "2025-11-03T20:44:03.175Z",
"dateUpdated": "2026-05-15T03:56:11.733Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-0241 (GCVE-0-2026-0241)
Vulnerability from nvd – Published: 2026-05-13 19:01 – Updated: 2026-05-13 19:30
VLAI?
Title
Trust Protection Foundation: Multiple Authorization Bypass Vulnerabilities
Summary
Incorrect Authorization vulnerabilities in Trust Protection Foundation allow attackers to bypass access controls and perform unauthorized actions on restricted resources.
Severity ?
CWE
- CWE-754 - Improper Check for Unusual or Exceptional Conditions
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://security.paloaltonetworks.com/CVE-2026-0241 | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Palo Alto Networks | Trust Protection Foundation |
Affected:
25.3.0 , < 25.3.3
(custom)
Affected: 25.1.0 , < 25.1.8 (custom) Affected: 24.3.0 , < 24.3.6 (custom) Affected: 24.1.0 , < 24.1.13 (custom) |
Date Public ?
2026-05-13 16:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-0241",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-13T19:16:03.842883Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-13T19:30:09.308Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Trust Protection Foundation",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "25.3.3",
"status": "unaffected"
}
],
"lessThan": "25.3.3",
"status": "affected",
"version": "25.3.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "25.1.8",
"status": "unaffected"
}
],
"lessThan": "25.1.8",
"status": "affected",
"version": "25.1.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "24.3.6",
"status": "unaffected"
}
],
"lessThan": "24.3.6",
"status": "affected",
"version": "24.3.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "24.1.13",
"status": "unaffected"
}
],
"lessThan": "24.1.13",
"status": "affected",
"version": "24.1.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eNo specific configuration is required for exposure to this vulnerability.\u003c/p\u003e"
}
],
"value": "No specific configuration is required for exposure to this vulnerability."
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:palo_alto_networks:trust_protection_foundation:*:*:*:*:*:*:*:*",
"versionEndExcluding": "25.3.3",
"versionStartIncluding": "25.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:palo_alto_networks:trust_protection_foundation:*:*:*:*:*:*:*:*",
"versionEndExcluding": "25.1.8",
"versionStartIncluding": "25.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:palo_alto_networks:trust_protection_foundation:*:*:*:*:*:*:*:*",
"versionEndExcluding": "24.3.6",
"versionStartIncluding": "24.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:palo_alto_networks:trust_protection_foundation:*:*:*:*:*:*:*:*",
"versionEndExcluding": "24.1.13",
"versionStartIncluding": "24.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "other",
"value": "Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue."
}
],
"datePublic": "2026-05-13T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIncorrect Authorization vulnerabilities in Trust Protection Foundation allow attackers to bypass access controls and perform unauthorized actions on restricted resources.\u003c/p\u003e"
}
],
"value": "Incorrect Authorization vulnerabilities in Trust Protection Foundation allow attackers to bypass access controls and perform unauthorized actions on restricted resources."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePalo Alto Networks is not aware of any malicious exploitation of this issue.\u003c/p\u003e"
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"impacts": [
{
"capecId": "CAPEC-122",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-122 Privilege Abuse"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"exploitMaturity": "UNREPORTED",
"privilegesRequired": "NONE",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:L/SI:L/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-13T19:01:24.094Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2026-0241"
}
],
"solutions": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ctable class=\"tbl\"\u003e\u003ctr\u003e\u003ctd\u003eVersion\u003c/td\u003e\u003ctd\u003eMinor Version\u003c/td\u003e\u003ctd\u003eSuggested Solution\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eTrust Protection Foundation 25.3\u003c/td\u003e\u003ctd\u003e25.3.0 through 25.3.2\u003c/td\u003e\u003ctd\u003eUpgrade to 25.3.3 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eTrust Protection Foundation 25.1\u003c/td\u003e\u003ctd\u003e25.1.0 through 25.1.7\u003c/td\u003e\u003ctd\u003eUpgrade to 25.1.8 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eTrust Protection Foundation 24.3\u003c/td\u003e\u003ctd\u003e24.3.0 through 24.3.5\u003c/td\u003e\u003ctd\u003eUpgrade to 24.3.6 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eTrust Protection Foundation 24.1\u003c/td\u003e\u003ctd\u003e24.1.0 through 24.1.12\u003c/td\u003e\u003ctd\u003eUpgrade to 24.1.13 or later.\u003c/td\u003e\u003c/tr\u003e\u003c/table\u003e"
}
],
"value": "Version Minor Version Suggested Solution\nTrust Protection Foundation 25.3 25.3.0 through 25.3.2 Upgrade to 25.3.3 or later.\nTrust Protection Foundation 25.1 25.1.0 through 25.1.7 Upgrade to 25.1.8 or later.\nTrust Protection Foundation 24.3 24.3.0 through 24.3.5 Upgrade to 24.3.6 or later.\nTrust Protection Foundation 24.1 24.1.0 through 24.1.12 Upgrade to 24.1.13 or later."
}
],
"source": {
"discovery": "INTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2026-05-13T16:00:00.000Z",
"value": "Initial publication."
}
],
"title": "Trust Protection Foundation: Multiple Authorization Bypass Vulnerabilities",
"workarounds": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eNo known workarounds exist for this issue.\u003c/p\u003e"
}
],
"value": "No known workarounds exist for this issue."
}
],
"x_affectedList": [
"Trust Protection Foundation 25.3.0",
"Trust Protection Foundation 25.3.1",
"Trust Protection Foundation 25.3.2",
"Trust Protection Foundation 25.1.0",
"Trust Protection Foundation 25.1.1",
"Trust Protection Foundation 25.1.2",
"Trust Protection Foundation 25.1.3",
"Trust Protection Foundation 25.1.4",
"Trust Protection Foundation 25.1.5",
"Trust Protection Foundation 25.1.6",
"Trust Protection Foundation 25.1.7",
"Trust Protection Foundation 24.3.0",
"Trust Protection Foundation 24.3.1",
"Trust Protection Foundation 24.3.2",
"Trust Protection Foundation 24.3.3",
"Trust Protection Foundation 24.3.4",
"Trust Protection Foundation 24.3.5",
"Trust Protection Foundation 24.1.0",
"Trust Protection Foundation 24.1.1",
"Trust Protection Foundation 24.1.2",
"Trust Protection Foundation 24.1.3",
"Trust Protection Foundation 24.1.4",
"Trust Protection Foundation 24.1.5",
"Trust Protection Foundation 24.1.6",
"Trust Protection Foundation 24.1.7",
"Trust Protection Foundation 24.1.8",
"Trust Protection Foundation 24.1.9",
"Trust Protection Foundation 24.1.10",
"Trust Protection Foundation 24.1.11",
"Trust Protection Foundation 24.1.12"
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2026-0241",
"datePublished": "2026-05-13T19:01:24.094Z",
"dateReserved": "2025-11-03T20:44:02.327Z",
"dateUpdated": "2026-05-13T19:30:09.308Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-0240 (GCVE-0-2026-0240)
Vulnerability from nvd – Published: 2026-05-13 18:54 – Updated: 2026-05-15 09:56
VLAI?
Title
Trust Protection Foundation: Sensitive Information Disclosure Vulnerability
Summary
An information disclosure vulnerability in Trust Protection Foundation enables an authenticated attacker to obtain sensitive information from the server's vault. Successful exploitation of this issue allows the attacker to impersonate any user within the environment and arbitrarily modify configuration settings.
Severity ?
CWE
- CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://security.paloaltonetworks.com/CVE-2026-0240 | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Palo Alto Networks | Trust Protection Foundation |
Affected:
25.3.0 , < 25.3.3
(custom)
Affected: 25.1.0 , < 25.1.8 (custom) Affected: 24.3.0 , < 24.3.6 (custom) Affected: 24.1.0 , < 24.1.13 (custom) |
Date Public ?
2026-05-13 16:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-0240",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-15T03:56:11.417596Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T09:56:36.574Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Trust Protection Foundation",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "25.3.3",
"status": "unaffected"
}
],
"lessThan": "25.3.3",
"status": "affected",
"version": "25.3.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "25.1.8",
"status": "unaffected"
}
],
"lessThan": "25.1.8",
"status": "affected",
"version": "25.1.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "24.3.6",
"status": "unaffected"
}
],
"lessThan": "24.3.6",
"status": "affected",
"version": "24.3.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "24.1.13",
"status": "unaffected"
}
],
"lessThan": "24.1.13",
"status": "affected",
"version": "24.1.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eNo specific configuration is required for exposure to this vulnerability.\u003c/p\u003e"
}
],
"value": "No specific configuration is required for exposure to this vulnerability."
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:palo_alto_networks:trust_protection_foundation:*:*:*:*:*:*:*:*",
"versionEndExcluding": "25.3.3",
"versionStartIncluding": "25.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:palo_alto_networks:trust_protection_foundation:*:*:*:*:*:*:*:*",
"versionEndExcluding": "25.1.8",
"versionStartIncluding": "25.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:palo_alto_networks:trust_protection_foundation:*:*:*:*:*:*:*:*",
"versionEndExcluding": "24.3.6",
"versionStartIncluding": "24.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:palo_alto_networks:trust_protection_foundation:*:*:*:*:*:*:*:*",
"versionEndExcluding": "24.1.13",
"versionStartIncluding": "24.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "other",
"value": "Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue."
}
],
"datePublic": "2026-05-13T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn information disclosure vulnerability in Trust Protection Foundation enables an authenticated attacker to obtain sensitive information from the server\u0027s vault. Successful exploitation of this issue allows the attacker to impersonate any user within the environment and arbitrarily modify configuration settings.\u003c/p\u003e"
}
],
"value": "An information disclosure vulnerability in Trust Protection Foundation enables an authenticated attacker to obtain sensitive information from the server\u0027s vault. Successful exploitation of this issue allows the attacker to impersonate any user within the environment and arbitrarily modify configuration settings."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePalo Alto Networks is not aware of any malicious exploitation of this issue.\u003c/p\u003e"
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"impacts": [
{
"capecId": "CAPEC-37",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-37 Retrieve Embedded Sensitive Data"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "ADJACENT",
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"exploitMaturity": "UNREPORTED",
"privilegesRequired": "LOW",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-497",
"description": "CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-13T18:54:07.294Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2026-0240"
}
],
"solutions": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ctable class=\"tbl\"\u003e\u003ctr\u003e\u003ctd\u003eVersion\u003c/td\u003e\u003ctd\u003eMinor Version\u003c/td\u003e\u003ctd\u003eSuggested Solution\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eTrust Protection Foundation 25.3\u003c/td\u003e\u003ctd\u003e25.3.0 through 25.3.2\u003c/td\u003e\u003ctd\u003eUpgrade to 25.3.3 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eTrust Protection Foundation 25.1\u003c/td\u003e\u003ctd\u003e25.1.0 through 25.1.7\u003c/td\u003e\u003ctd\u003eUpgrade to 25.1.8 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eTrust Protection Foundation 24.3\u003c/td\u003e\u003ctd\u003e24.3.0 through 24.3.5\u003c/td\u003e\u003ctd\u003eUpgrade to 24.3.6 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eTrust Protection Foundation 24.1\u003c/td\u003e\u003ctd\u003e24.1.0 through 24.1.12\u003c/td\u003e\u003ctd\u003eUpgrade to 24.1.13 or later.\u003c/td\u003e\u003c/tr\u003e\u003c/table\u003e"
}
],
"value": "Version Minor Version Suggested Solution\nTrust Protection Foundation 25.3 25.3.0 through 25.3.2 Upgrade to 25.3.3 or later.\nTrust Protection Foundation 25.1 25.1.0 through 25.1.7 Upgrade to 25.1.8 or later.\nTrust Protection Foundation 24.3 24.3.0 through 24.3.5 Upgrade to 24.3.6 or later.\nTrust Protection Foundation 24.1 24.1.0 through 24.1.12 Upgrade to 24.1.13 or later."
}
],
"source": {
"discovery": "INTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2026-05-13T16:00:00.000Z",
"value": "Initial publication."
}
],
"title": "Trust Protection Foundation: Sensitive Information Disclosure Vulnerability",
"workarounds": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eNo known workarounds exist for this issue.\u003c/p\u003e"
}
],
"value": "No known workarounds exist for this issue."
}
],
"x_affectedList": [
"Trust Protection Foundation 25.3.0",
"Trust Protection Foundation 25.3.1",
"Trust Protection Foundation 25.3.2",
"Trust Protection Foundation 25.1.0",
"Trust Protection Foundation 25.1.1",
"Trust Protection Foundation 25.1.2",
"Trust Protection Foundation 25.1.3",
"Trust Protection Foundation 25.1.4",
"Trust Protection Foundation 25.1.5",
"Trust Protection Foundation 25.1.6",
"Trust Protection Foundation 25.1.7",
"Trust Protection Foundation 24.3.0",
"Trust Protection Foundation 24.3.1",
"Trust Protection Foundation 24.3.2",
"Trust Protection Foundation 24.3.3",
"Trust Protection Foundation 24.3.4",
"Trust Protection Foundation 24.3.5",
"Trust Protection Foundation 24.1.0",
"Trust Protection Foundation 24.1.1",
"Trust Protection Foundation 24.1.2",
"Trust Protection Foundation 24.1.3",
"Trust Protection Foundation 24.1.4",
"Trust Protection Foundation 24.1.5",
"Trust Protection Foundation 24.1.6",
"Trust Protection Foundation 24.1.7",
"Trust Protection Foundation 24.1.8",
"Trust Protection Foundation 24.1.9",
"Trust Protection Foundation 24.1.10",
"Trust Protection Foundation 24.1.11",
"Trust Protection Foundation 24.1.12"
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2026-0240",
"datePublished": "2026-05-13T18:54:07.294Z",
"dateReserved": "2025-11-03T20:44:01.023Z",
"dateUpdated": "2026-05-15T09:56:36.574Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-0242 (GCVE-0-2026-0242)
Vulnerability from cvelistv5 – Published: 2026-05-13 19:04 – Updated: 2026-05-15 03:56
VLAI?
Title
Trust Protection Foundation: SQL Injection Vulnerability
Summary
A SQL injection vulnerability in Trust Protection Foundation allows an authenticated attacker to execute arbitrary SQL commands against the product database. Successful exploitation could allow an attacker to read sensitive data, modify database contents, and escalate privileges to gain full administrative control of the platform.
Severity ?
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://security.paloaltonetworks.com/CVE-2026-0242 | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Palo Alto Networks | Trust Protection Foundation |
Affected:
25.3.0 , < 25.3.3
(custom)
Affected: 25.1.0 , < 25.1.8 (custom) Affected: 24.3.0 , < 24.3.6 (custom) Affected: 24.1.0 , < 24.1.13 (custom) |
Date Public ?
2026-05-13 16:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-0242",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-14T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T03:56:11.733Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Trust Protection Foundation",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "25.3.3",
"status": "unaffected"
}
],
"lessThan": "25.3.3",
"status": "affected",
"version": "25.3.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "25.1.8",
"status": "unaffected"
}
],
"lessThan": "25.1.8",
"status": "affected",
"version": "25.1.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "24.3.6",
"status": "unaffected"
}
],
"lessThan": "24.3.6",
"status": "affected",
"version": "24.3.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "24.1.13",
"status": "unaffected"
}
],
"lessThan": "24.1.13",
"status": "affected",
"version": "24.1.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eNo special configuration is required to be affected by this vulnerability.\u003c/p\u003e"
}
],
"value": "No special configuration is required to be affected by this vulnerability."
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:palo_alto_networks:trust_protection_foundation:*:*:*:*:*:*:*:*",
"versionEndExcluding": "25.3.3",
"versionStartIncluding": "25.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:palo_alto_networks:trust_protection_foundation:*:*:*:*:*:*:*:*",
"versionEndExcluding": "25.1.8",
"versionStartIncluding": "25.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:palo_alto_networks:trust_protection_foundation:*:*:*:*:*:*:*:*",
"versionEndExcluding": "24.3.6",
"versionStartIncluding": "24.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:palo_alto_networks:trust_protection_foundation:*:*:*:*:*:*:*:*",
"versionEndExcluding": "24.1.13",
"versionStartIncluding": "24.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "other",
"value": "Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue."
}
],
"datePublic": "2026-05-13T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA SQL injection vulnerability in Trust Protection Foundation allows an authenticated attacker to execute arbitrary SQL commands against the product database. Successful exploitation could allow an attacker to read sensitive data, modify database contents, and escalate privileges to gain full administrative control of the platform.\u003c/p\u003e"
}
],
"value": "A SQL injection vulnerability in Trust Protection Foundation allows an authenticated attacker to execute arbitrary SQL commands against the product database. Successful exploitation could allow an attacker to read sensitive data, modify database contents, and escalate privileges to gain full administrative control of the platform."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePalo Alto Networks is not aware of any malicious exploitation of this issue.\u003c/p\u003e"
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"impacts": [
{
"capecId": "CAPEC-66",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-66 SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"exploitMaturity": "UNREPORTED",
"privilegesRequired": "LOW",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N/E:U/AU:Y/R:U/V:C/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-13T19:04:52.841Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2026-0242"
}
],
"solutions": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ctable class=\"tbl\"\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eVersion\u003c/th\u003e\u003cth\u003e\u0026nbsp;Minor Version\u003c/th\u003e\u003cth\u003eSuggested Solution\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eTrust Protection Foundation 25.3\u003c/td\u003e\u003ctd\u003e\u0026nbsp;\u003cspan\u003e25.3.0 through 25.3.2\u003c/span\u003e\u003c/td\u003e\u003ctd\u003eUpgrade to 25.3.3 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eTrust Protection Foundation 25.1\u003c/td\u003e\u003ctd\u003e\u0026nbsp;\u003cspan\u003e25.1.0 through 25.1.7\u003c/span\u003e\u003c/td\u003e\u003ctd\u003eUpgrade to 25.1.8 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eTrust Protection Foundation 24.3\u003c/td\u003e\u003ctd\u003e\u0026nbsp;\u003cspan\u003e24.3.0 through 24.3.5\u003c/span\u003e\u003c/td\u003e\u003ctd\u003eUpgrade to 24.3.6 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eTrust Protection Foundation 24.1\u003c/td\u003e\u003ctd\u003e\u0026nbsp;\u003cspan\u003e24.1.0 through 24.1.12\u003c/span\u003e\u003c/td\u003e\u003ctd\u003eUpgrade to 24.1.13 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eAll older versions\u003c/td\u003e\u003ctd\u003e\u0026nbsp;\u003c/td\u003e\u003ctd\u003eUpgrade to a supported fixed version.\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e"
}
],
"value": "Version Minor Version Suggested Solution\nTrust Protection Foundation 25.3 25.3.0 through 25.3.2 Upgrade to 25.3.3 or later.\nTrust Protection Foundation 25.1 25.1.0 through 25.1.7 Upgrade to 25.1.8 or later.\nTrust Protection Foundation 24.3 24.3.0 through 24.3.5 Upgrade to 24.3.6 or later.\nTrust Protection Foundation 24.1 24.1.0 through 24.1.12 Upgrade to 24.1.13 or later.\nAll older versions Upgrade to a supported fixed version."
}
],
"source": {
"discovery": "INTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2026-05-13T16:00:00.000Z",
"value": "Initial publication."
}
],
"title": "Trust Protection Foundation: SQL Injection Vulnerability",
"x_affectedList": [
"Trust Protection Foundation 25.3.0",
"Trust Protection Foundation 25.3.1",
"Trust Protection Foundation 25.3.2",
"Trust Protection Foundation 25.1.0",
"Trust Protection Foundation 25.1.1",
"Trust Protection Foundation 25.1.2",
"Trust Protection Foundation 25.1.3",
"Trust Protection Foundation 25.1.4",
"Trust Protection Foundation 25.1.5",
"Trust Protection Foundation 25.1.6",
"Trust Protection Foundation 25.1.7",
"Trust Protection Foundation 24.3.0",
"Trust Protection Foundation 24.3.1",
"Trust Protection Foundation 24.3.2",
"Trust Protection Foundation 24.3.3",
"Trust Protection Foundation 24.3.4",
"Trust Protection Foundation 24.3.5",
"Trust Protection Foundation 24.1.0",
"Trust Protection Foundation 24.1.1",
"Trust Protection Foundation 24.1.2",
"Trust Protection Foundation 24.1.3",
"Trust Protection Foundation 24.1.4",
"Trust Protection Foundation 24.1.5",
"Trust Protection Foundation 24.1.6",
"Trust Protection Foundation 24.1.7",
"Trust Protection Foundation 24.1.8",
"Trust Protection Foundation 24.1.9",
"Trust Protection Foundation 24.1.10",
"Trust Protection Foundation 24.1.11",
"Trust Protection Foundation 24.1.12"
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2026-0242",
"datePublished": "2026-05-13T19:04:52.841Z",
"dateReserved": "2025-11-03T20:44:03.175Z",
"dateUpdated": "2026-05-15T03:56:11.733Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-0241 (GCVE-0-2026-0241)
Vulnerability from cvelistv5 – Published: 2026-05-13 19:01 – Updated: 2026-05-13 19:30
VLAI?
Title
Trust Protection Foundation: Multiple Authorization Bypass Vulnerabilities
Summary
Incorrect Authorization vulnerabilities in Trust Protection Foundation allow attackers to bypass access controls and perform unauthorized actions on restricted resources.
Severity ?
CWE
- CWE-754 - Improper Check for Unusual or Exceptional Conditions
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://security.paloaltonetworks.com/CVE-2026-0241 | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Palo Alto Networks | Trust Protection Foundation |
Affected:
25.3.0 , < 25.3.3
(custom)
Affected: 25.1.0 , < 25.1.8 (custom) Affected: 24.3.0 , < 24.3.6 (custom) Affected: 24.1.0 , < 24.1.13 (custom) |
Date Public ?
2026-05-13 16:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-0241",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-13T19:16:03.842883Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-13T19:30:09.308Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Trust Protection Foundation",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "25.3.3",
"status": "unaffected"
}
],
"lessThan": "25.3.3",
"status": "affected",
"version": "25.3.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "25.1.8",
"status": "unaffected"
}
],
"lessThan": "25.1.8",
"status": "affected",
"version": "25.1.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "24.3.6",
"status": "unaffected"
}
],
"lessThan": "24.3.6",
"status": "affected",
"version": "24.3.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "24.1.13",
"status": "unaffected"
}
],
"lessThan": "24.1.13",
"status": "affected",
"version": "24.1.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eNo specific configuration is required for exposure to this vulnerability.\u003c/p\u003e"
}
],
"value": "No specific configuration is required for exposure to this vulnerability."
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:palo_alto_networks:trust_protection_foundation:*:*:*:*:*:*:*:*",
"versionEndExcluding": "25.3.3",
"versionStartIncluding": "25.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:palo_alto_networks:trust_protection_foundation:*:*:*:*:*:*:*:*",
"versionEndExcluding": "25.1.8",
"versionStartIncluding": "25.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:palo_alto_networks:trust_protection_foundation:*:*:*:*:*:*:*:*",
"versionEndExcluding": "24.3.6",
"versionStartIncluding": "24.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:palo_alto_networks:trust_protection_foundation:*:*:*:*:*:*:*:*",
"versionEndExcluding": "24.1.13",
"versionStartIncluding": "24.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "other",
"value": "Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue."
}
],
"datePublic": "2026-05-13T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIncorrect Authorization vulnerabilities in Trust Protection Foundation allow attackers to bypass access controls and perform unauthorized actions on restricted resources.\u003c/p\u003e"
}
],
"value": "Incorrect Authorization vulnerabilities in Trust Protection Foundation allow attackers to bypass access controls and perform unauthorized actions on restricted resources."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePalo Alto Networks is not aware of any malicious exploitation of this issue.\u003c/p\u003e"
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"impacts": [
{
"capecId": "CAPEC-122",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-122 Privilege Abuse"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"exploitMaturity": "UNREPORTED",
"privilegesRequired": "NONE",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:L/SI:L/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-13T19:01:24.094Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2026-0241"
}
],
"solutions": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ctable class=\"tbl\"\u003e\u003ctr\u003e\u003ctd\u003eVersion\u003c/td\u003e\u003ctd\u003eMinor Version\u003c/td\u003e\u003ctd\u003eSuggested Solution\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eTrust Protection Foundation 25.3\u003c/td\u003e\u003ctd\u003e25.3.0 through 25.3.2\u003c/td\u003e\u003ctd\u003eUpgrade to 25.3.3 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eTrust Protection Foundation 25.1\u003c/td\u003e\u003ctd\u003e25.1.0 through 25.1.7\u003c/td\u003e\u003ctd\u003eUpgrade to 25.1.8 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eTrust Protection Foundation 24.3\u003c/td\u003e\u003ctd\u003e24.3.0 through 24.3.5\u003c/td\u003e\u003ctd\u003eUpgrade to 24.3.6 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eTrust Protection Foundation 24.1\u003c/td\u003e\u003ctd\u003e24.1.0 through 24.1.12\u003c/td\u003e\u003ctd\u003eUpgrade to 24.1.13 or later.\u003c/td\u003e\u003c/tr\u003e\u003c/table\u003e"
}
],
"value": "Version Minor Version Suggested Solution\nTrust Protection Foundation 25.3 25.3.0 through 25.3.2 Upgrade to 25.3.3 or later.\nTrust Protection Foundation 25.1 25.1.0 through 25.1.7 Upgrade to 25.1.8 or later.\nTrust Protection Foundation 24.3 24.3.0 through 24.3.5 Upgrade to 24.3.6 or later.\nTrust Protection Foundation 24.1 24.1.0 through 24.1.12 Upgrade to 24.1.13 or later."
}
],
"source": {
"discovery": "INTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2026-05-13T16:00:00.000Z",
"value": "Initial publication."
}
],
"title": "Trust Protection Foundation: Multiple Authorization Bypass Vulnerabilities",
"workarounds": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eNo known workarounds exist for this issue.\u003c/p\u003e"
}
],
"value": "No known workarounds exist for this issue."
}
],
"x_affectedList": [
"Trust Protection Foundation 25.3.0",
"Trust Protection Foundation 25.3.1",
"Trust Protection Foundation 25.3.2",
"Trust Protection Foundation 25.1.0",
"Trust Protection Foundation 25.1.1",
"Trust Protection Foundation 25.1.2",
"Trust Protection Foundation 25.1.3",
"Trust Protection Foundation 25.1.4",
"Trust Protection Foundation 25.1.5",
"Trust Protection Foundation 25.1.6",
"Trust Protection Foundation 25.1.7",
"Trust Protection Foundation 24.3.0",
"Trust Protection Foundation 24.3.1",
"Trust Protection Foundation 24.3.2",
"Trust Protection Foundation 24.3.3",
"Trust Protection Foundation 24.3.4",
"Trust Protection Foundation 24.3.5",
"Trust Protection Foundation 24.1.0",
"Trust Protection Foundation 24.1.1",
"Trust Protection Foundation 24.1.2",
"Trust Protection Foundation 24.1.3",
"Trust Protection Foundation 24.1.4",
"Trust Protection Foundation 24.1.5",
"Trust Protection Foundation 24.1.6",
"Trust Protection Foundation 24.1.7",
"Trust Protection Foundation 24.1.8",
"Trust Protection Foundation 24.1.9",
"Trust Protection Foundation 24.1.10",
"Trust Protection Foundation 24.1.11",
"Trust Protection Foundation 24.1.12"
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2026-0241",
"datePublished": "2026-05-13T19:01:24.094Z",
"dateReserved": "2025-11-03T20:44:02.327Z",
"dateUpdated": "2026-05-13T19:30:09.308Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-0240 (GCVE-0-2026-0240)
Vulnerability from cvelistv5 – Published: 2026-05-13 18:54 – Updated: 2026-05-15 09:56
VLAI?
Title
Trust Protection Foundation: Sensitive Information Disclosure Vulnerability
Summary
An information disclosure vulnerability in Trust Protection Foundation enables an authenticated attacker to obtain sensitive information from the server's vault. Successful exploitation of this issue allows the attacker to impersonate any user within the environment and arbitrarily modify configuration settings.
Severity ?
CWE
- CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://security.paloaltonetworks.com/CVE-2026-0240 | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Palo Alto Networks | Trust Protection Foundation |
Affected:
25.3.0 , < 25.3.3
(custom)
Affected: 25.1.0 , < 25.1.8 (custom) Affected: 24.3.0 , < 24.3.6 (custom) Affected: 24.1.0 , < 24.1.13 (custom) |
Date Public ?
2026-05-13 16:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-0240",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-15T03:56:11.417596Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T09:56:36.574Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Trust Protection Foundation",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "25.3.3",
"status": "unaffected"
}
],
"lessThan": "25.3.3",
"status": "affected",
"version": "25.3.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "25.1.8",
"status": "unaffected"
}
],
"lessThan": "25.1.8",
"status": "affected",
"version": "25.1.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "24.3.6",
"status": "unaffected"
}
],
"lessThan": "24.3.6",
"status": "affected",
"version": "24.3.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "24.1.13",
"status": "unaffected"
}
],
"lessThan": "24.1.13",
"status": "affected",
"version": "24.1.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eNo specific configuration is required for exposure to this vulnerability.\u003c/p\u003e"
}
],
"value": "No specific configuration is required for exposure to this vulnerability."
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:palo_alto_networks:trust_protection_foundation:*:*:*:*:*:*:*:*",
"versionEndExcluding": "25.3.3",
"versionStartIncluding": "25.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:palo_alto_networks:trust_protection_foundation:*:*:*:*:*:*:*:*",
"versionEndExcluding": "25.1.8",
"versionStartIncluding": "25.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:palo_alto_networks:trust_protection_foundation:*:*:*:*:*:*:*:*",
"versionEndExcluding": "24.3.6",
"versionStartIncluding": "24.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:palo_alto_networks:trust_protection_foundation:*:*:*:*:*:*:*:*",
"versionEndExcluding": "24.1.13",
"versionStartIncluding": "24.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "other",
"value": "Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue."
}
],
"datePublic": "2026-05-13T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn information disclosure vulnerability in Trust Protection Foundation enables an authenticated attacker to obtain sensitive information from the server\u0027s vault. Successful exploitation of this issue allows the attacker to impersonate any user within the environment and arbitrarily modify configuration settings.\u003c/p\u003e"
}
],
"value": "An information disclosure vulnerability in Trust Protection Foundation enables an authenticated attacker to obtain sensitive information from the server\u0027s vault. Successful exploitation of this issue allows the attacker to impersonate any user within the environment and arbitrarily modify configuration settings."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePalo Alto Networks is not aware of any malicious exploitation of this issue.\u003c/p\u003e"
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"impacts": [
{
"capecId": "CAPEC-37",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-37 Retrieve Embedded Sensitive Data"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "ADJACENT",
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"exploitMaturity": "UNREPORTED",
"privilegesRequired": "LOW",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-497",
"description": "CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-13T18:54:07.294Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2026-0240"
}
],
"solutions": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ctable class=\"tbl\"\u003e\u003ctr\u003e\u003ctd\u003eVersion\u003c/td\u003e\u003ctd\u003eMinor Version\u003c/td\u003e\u003ctd\u003eSuggested Solution\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eTrust Protection Foundation 25.3\u003c/td\u003e\u003ctd\u003e25.3.0 through 25.3.2\u003c/td\u003e\u003ctd\u003eUpgrade to 25.3.3 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eTrust Protection Foundation 25.1\u003c/td\u003e\u003ctd\u003e25.1.0 through 25.1.7\u003c/td\u003e\u003ctd\u003eUpgrade to 25.1.8 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eTrust Protection Foundation 24.3\u003c/td\u003e\u003ctd\u003e24.3.0 through 24.3.5\u003c/td\u003e\u003ctd\u003eUpgrade to 24.3.6 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eTrust Protection Foundation 24.1\u003c/td\u003e\u003ctd\u003e24.1.0 through 24.1.12\u003c/td\u003e\u003ctd\u003eUpgrade to 24.1.13 or later.\u003c/td\u003e\u003c/tr\u003e\u003c/table\u003e"
}
],
"value": "Version Minor Version Suggested Solution\nTrust Protection Foundation 25.3 25.3.0 through 25.3.2 Upgrade to 25.3.3 or later.\nTrust Protection Foundation 25.1 25.1.0 through 25.1.7 Upgrade to 25.1.8 or later.\nTrust Protection Foundation 24.3 24.3.0 through 24.3.5 Upgrade to 24.3.6 or later.\nTrust Protection Foundation 24.1 24.1.0 through 24.1.12 Upgrade to 24.1.13 or later."
}
],
"source": {
"discovery": "INTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2026-05-13T16:00:00.000Z",
"value": "Initial publication."
}
],
"title": "Trust Protection Foundation: Sensitive Information Disclosure Vulnerability",
"workarounds": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eNo known workarounds exist for this issue.\u003c/p\u003e"
}
],
"value": "No known workarounds exist for this issue."
}
],
"x_affectedList": [
"Trust Protection Foundation 25.3.0",
"Trust Protection Foundation 25.3.1",
"Trust Protection Foundation 25.3.2",
"Trust Protection Foundation 25.1.0",
"Trust Protection Foundation 25.1.1",
"Trust Protection Foundation 25.1.2",
"Trust Protection Foundation 25.1.3",
"Trust Protection Foundation 25.1.4",
"Trust Protection Foundation 25.1.5",
"Trust Protection Foundation 25.1.6",
"Trust Protection Foundation 25.1.7",
"Trust Protection Foundation 24.3.0",
"Trust Protection Foundation 24.3.1",
"Trust Protection Foundation 24.3.2",
"Trust Protection Foundation 24.3.3",
"Trust Protection Foundation 24.3.4",
"Trust Protection Foundation 24.3.5",
"Trust Protection Foundation 24.1.0",
"Trust Protection Foundation 24.1.1",
"Trust Protection Foundation 24.1.2",
"Trust Protection Foundation 24.1.3",
"Trust Protection Foundation 24.1.4",
"Trust Protection Foundation 24.1.5",
"Trust Protection Foundation 24.1.6",
"Trust Protection Foundation 24.1.7",
"Trust Protection Foundation 24.1.8",
"Trust Protection Foundation 24.1.9",
"Trust Protection Foundation 24.1.10",
"Trust Protection Foundation 24.1.11",
"Trust Protection Foundation 24.1.12"
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2026-0240",
"datePublished": "2026-05-13T18:54:07.294Z",
"dateReserved": "2025-11-03T20:44:01.023Z",
"dateUpdated": "2026-05-15T09:56:36.574Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}