Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for Trust Protection Foundation by Palo Alto Networks

    CVE-2026-0242 (GCVE-0-2026-0242)

    Vulnerability from nvd – Published: 2026-05-13 19:04 – Updated: 2026-05-15 03:56
    VLAI
    Title
    Trust Protection Foundation: SQL Injection Vulnerability
    Summary
    A SQL injection vulnerability in Trust Protection Foundation allows an authenticated attacker to execute arbitrary SQL commands against the product database. Successful exploitation could allow an attacker to read sensitive data, modify database contents, and escalate privileges to gain full administrative control of the platform.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Palo Alto Networks Trust Protection Foundation Affected: 25.3.0 , < 25.3.3 (custom)
    Affected: 25.1.0 , < 25.1.8 (custom)
    Affected: 24.3.0 , < 24.3.6 (custom)
    Affected: 24.1.0 , < 24.1.13 (custom)
    Create a notification for this product.
    Date Public
    2026-05-13 16:00
    Credits
    Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0242",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-14T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-15T03:56:11.733Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Trust Protection Foundation",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "25.3.3",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "25.3.3",
                  "status": "affected",
                  "version": "25.3.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "25.1.8",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "25.1.8",
                  "status": "affected",
                  "version": "25.1.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "24.3.6",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "24.3.6",
                  "status": "affected",
                  "version": "24.3.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "24.1.13",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "24.1.13",
                  "status": "affected",
                  "version": "24.1.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "configurations": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eNo special configuration is required to be affected by this vulnerability.\u003c/p\u003e"
                }
              ],
              "value": "No special configuration is required to be affected by this vulnerability."
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:palo_alto_networks:trust_protection_foundation:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "25.3.3",
                      "versionStartIncluding": "25.3.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:palo_alto_networks:trust_protection_foundation:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "25.1.8",
                      "versionStartIncluding": "25.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:palo_alto_networks:trust_protection_foundation:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "24.3.6",
                      "versionStartIncluding": "24.3.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:palo_alto_networks:trust_protection_foundation:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "24.1.13",
                      "versionStartIncluding": "24.1.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "other",
              "value": "Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue."
            }
          ],
          "datePublic": "2026-05-13T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eA SQL injection vulnerability in Trust Protection Foundation allows an authenticated attacker to execute arbitrary SQL commands against the product database. Successful exploitation could allow an attacker to read sensitive data, modify database contents, and escalate privileges to gain full administrative control of the platform.\u003c/p\u003e"
                }
              ],
              "value": "A SQL injection vulnerability in Trust Protection Foundation allows an authenticated attacker to execute arbitrary SQL commands against the product database. Successful exploitation could allow an attacker to read sensitive data, modify database contents, and escalate privileges to gain full administrative control of the platform."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003ePalo Alto Networks is not aware of any malicious exploitation of this issue.\u003c/p\u003e"
                }
              ],
              "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-66",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-66 SQL Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "USER",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "ADJACENT",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "UNREPORTED",
                "privilegesRequired": "LOW",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "LOW",
                "userInteraction": "NONE",
                "valueDensity": "CONCENTRATED",
                "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N/E:U/AU:Y/R:U/V:C/RE:M/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-13T19:04:52.841Z",
            "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
            "shortName": "palo_alto"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.paloaltonetworks.com/CVE-2026-0242"
            }
          ],
          "solutions": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003ctable class=\"tbl\"\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eVersion\u003c/th\u003e\u003cth\u003e\u0026nbsp;Minor Version\u003c/th\u003e\u003cth\u003eSuggested Solution\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eTrust Protection Foundation 25.3\u003c/td\u003e\u003ctd\u003e\u0026nbsp;\u003cspan\u003e25.3.0 through 25.3.2\u003c/span\u003e\u003c/td\u003e\u003ctd\u003eUpgrade to 25.3.3 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eTrust Protection Foundation 25.1\u003c/td\u003e\u003ctd\u003e\u0026nbsp;\u003cspan\u003e25.1.0 through 25.1.7\u003c/span\u003e\u003c/td\u003e\u003ctd\u003eUpgrade to 25.1.8 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eTrust Protection Foundation 24.3\u003c/td\u003e\u003ctd\u003e\u0026nbsp;\u003cspan\u003e24.3.0 through 24.3.5\u003c/span\u003e\u003c/td\u003e\u003ctd\u003eUpgrade to 24.3.6 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eTrust Protection Foundation 24.1\u003c/td\u003e\u003ctd\u003e\u0026nbsp;\u003cspan\u003e24.1.0 through 24.1.12\u003c/span\u003e\u003c/td\u003e\u003ctd\u003eUpgrade to 24.1.13 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eAll older versions\u003c/td\u003e\u003ctd\u003e\u0026nbsp;\u003c/td\u003e\u003ctd\u003eUpgrade to a supported fixed version.\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e"
                }
              ],
              "value": "Version                             Minor Version            Suggested Solution\nTrust Protection Foundation 25.3    25.3.0 through 25.3.2    Upgrade to 25.3.3 or later.\nTrust Protection Foundation 25.1    25.1.0 through 25.1.7    Upgrade to 25.1.8 or later.\nTrust Protection Foundation 24.3    24.3.0 through 24.3.5    Upgrade to 24.3.6 or later.\nTrust Protection Foundation 24.1    24.1.0 through 24.1.12   Upgrade to 24.1.13 or later.\nAll older versions                                           Upgrade to a supported fixed version."
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2026-05-13T16:00:00.000Z",
              "value": "Initial publication."
            }
          ],
          "title": "Trust Protection Foundation: SQL Injection Vulnerability",
          "x_affectedList": [
            "Trust Protection Foundation 25.3.0",
            "Trust Protection Foundation 25.3.1",
            "Trust Protection Foundation 25.3.2",
            "Trust Protection Foundation 25.1.0",
            "Trust Protection Foundation 25.1.1",
            "Trust Protection Foundation 25.1.2",
            "Trust Protection Foundation 25.1.3",
            "Trust Protection Foundation 25.1.4",
            "Trust Protection Foundation 25.1.5",
            "Trust Protection Foundation 25.1.6",
            "Trust Protection Foundation 25.1.7",
            "Trust Protection Foundation 24.3.0",
            "Trust Protection Foundation 24.3.1",
            "Trust Protection Foundation 24.3.2",
            "Trust Protection Foundation 24.3.3",
            "Trust Protection Foundation 24.3.4",
            "Trust Protection Foundation 24.3.5",
            "Trust Protection Foundation 24.1.0",
            "Trust Protection Foundation 24.1.1",
            "Trust Protection Foundation 24.1.2",
            "Trust Protection Foundation 24.1.3",
            "Trust Protection Foundation 24.1.4",
            "Trust Protection Foundation 24.1.5",
            "Trust Protection Foundation 24.1.6",
            "Trust Protection Foundation 24.1.7",
            "Trust Protection Foundation 24.1.8",
            "Trust Protection Foundation 24.1.9",
            "Trust Protection Foundation 24.1.10",
            "Trust Protection Foundation 24.1.11",
            "Trust Protection Foundation 24.1.12"
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "assignerShortName": "palo_alto",
        "cveId": "CVE-2026-0242",
        "datePublished": "2026-05-13T19:04:52.841Z",
        "dateReserved": "2025-11-03T20:44:03.175Z",
        "dateUpdated": "2026-05-15T03:56:11.733Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0241 (GCVE-0-2026-0241)

    Vulnerability from nvd – Published: 2026-05-13 19:01 – Updated: 2026-05-13 19:30
    VLAI
    Title
    Trust Protection Foundation: Multiple Authorization Bypass Vulnerabilities
    Summary
    Incorrect Authorization vulnerabilities in Trust Protection Foundation allow attackers to bypass access controls and perform unauthorized actions on restricted resources.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-754 - Improper Check for Unusual or Exceptional Conditions
    Assigner
    References
    Impacted products
    Vendor Product Version
    Palo Alto Networks Trust Protection Foundation Affected: 25.3.0 , < 25.3.3 (custom)
    Affected: 25.1.0 , < 25.1.8 (custom)
    Affected: 24.3.0 , < 24.3.6 (custom)
    Affected: 24.1.0 , < 24.1.13 (custom)
    Create a notification for this product.
    Date Public
    2026-05-13 16:00
    Credits
    Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0241",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-13T19:16:03.842883Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-13T19:30:09.308Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Trust Protection Foundation",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "25.3.3",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "25.3.3",
                  "status": "affected",
                  "version": "25.3.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "25.1.8",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "25.1.8",
                  "status": "affected",
                  "version": "25.1.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "24.3.6",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "24.3.6",
                  "status": "affected",
                  "version": "24.3.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "24.1.13",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "24.1.13",
                  "status": "affected",
                  "version": "24.1.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "configurations": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eNo specific configuration is required for exposure to this vulnerability.\u003c/p\u003e"
                }
              ],
              "value": "No specific configuration is required for exposure to this vulnerability."
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:palo_alto_networks:trust_protection_foundation:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "25.3.3",
                      "versionStartIncluding": "25.3.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:palo_alto_networks:trust_protection_foundation:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "25.1.8",
                      "versionStartIncluding": "25.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:palo_alto_networks:trust_protection_foundation:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "24.3.6",
                      "versionStartIncluding": "24.3.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:palo_alto_networks:trust_protection_foundation:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "24.1.13",
                      "versionStartIncluding": "24.1.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "other",
              "value": "Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue."
            }
          ],
          "datePublic": "2026-05-13T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIncorrect Authorization vulnerabilities in Trust Protection Foundation allow attackers to bypass access controls and perform unauthorized actions on restricted resources.\u003c/p\u003e"
                }
              ],
              "value": "Incorrect Authorization vulnerabilities in Trust Protection Foundation allow attackers to bypass access controls and perform unauthorized actions on restricted resources."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003ePalo Alto Networks is not aware of any malicious exploitation of this issue.\u003c/p\u003e"
                }
              ],
              "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-122",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-122 Privilege Abuse"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NO",
                "Recovery": "USER",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "ADJACENT",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "UNREPORTED",
                "privilegesRequired": "NONE",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "LOW",
                "userInteraction": "NONE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:L/SI:L/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-754",
                  "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-13T19:01:24.094Z",
            "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
            "shortName": "palo_alto"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.paloaltonetworks.com/CVE-2026-0241"
            }
          ],
          "solutions": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003ctable class=\"tbl\"\u003e\u003ctr\u003e\u003ctd\u003eVersion\u003c/td\u003e\u003ctd\u003eMinor Version\u003c/td\u003e\u003ctd\u003eSuggested Solution\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eTrust Protection Foundation 25.3\u003c/td\u003e\u003ctd\u003e25.3.0 through 25.3.2\u003c/td\u003e\u003ctd\u003eUpgrade to 25.3.3 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eTrust Protection Foundation 25.1\u003c/td\u003e\u003ctd\u003e25.1.0 through 25.1.7\u003c/td\u003e\u003ctd\u003eUpgrade to 25.1.8 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eTrust Protection Foundation 24.3\u003c/td\u003e\u003ctd\u003e24.3.0 through 24.3.5\u003c/td\u003e\u003ctd\u003eUpgrade to 24.3.6 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eTrust Protection Foundation 24.1\u003c/td\u003e\u003ctd\u003e24.1.0 through 24.1.12\u003c/td\u003e\u003ctd\u003eUpgrade to 24.1.13 or later.\u003c/td\u003e\u003c/tr\u003e\u003c/table\u003e"
                }
              ],
              "value": "Version  Minor Version  Suggested Solution\nTrust Protection Foundation 25.3  25.3.0 through 25.3.2  Upgrade to 25.3.3 or later.\nTrust Protection Foundation 25.1  25.1.0 through 25.1.7  Upgrade to 25.1.8 or later.\nTrust Protection Foundation 24.3  24.3.0 through 24.3.5  Upgrade to 24.3.6 or later.\nTrust Protection Foundation 24.1  24.1.0 through 24.1.12  Upgrade to 24.1.13 or later."
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2026-05-13T16:00:00.000Z",
              "value": "Initial publication."
            }
          ],
          "title": "Trust Protection Foundation: Multiple Authorization Bypass Vulnerabilities",
          "workarounds": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eNo known workarounds exist for this issue.\u003c/p\u003e"
                }
              ],
              "value": "No known workarounds exist for this issue."
            }
          ],
          "x_affectedList": [
            "Trust Protection Foundation 25.3.0",
            "Trust Protection Foundation 25.3.1",
            "Trust Protection Foundation 25.3.2",
            "Trust Protection Foundation 25.1.0",
            "Trust Protection Foundation 25.1.1",
            "Trust Protection Foundation 25.1.2",
            "Trust Protection Foundation 25.1.3",
            "Trust Protection Foundation 25.1.4",
            "Trust Protection Foundation 25.1.5",
            "Trust Protection Foundation 25.1.6",
            "Trust Protection Foundation 25.1.7",
            "Trust Protection Foundation 24.3.0",
            "Trust Protection Foundation 24.3.1",
            "Trust Protection Foundation 24.3.2",
            "Trust Protection Foundation 24.3.3",
            "Trust Protection Foundation 24.3.4",
            "Trust Protection Foundation 24.3.5",
            "Trust Protection Foundation 24.1.0",
            "Trust Protection Foundation 24.1.1",
            "Trust Protection Foundation 24.1.2",
            "Trust Protection Foundation 24.1.3",
            "Trust Protection Foundation 24.1.4",
            "Trust Protection Foundation 24.1.5",
            "Trust Protection Foundation 24.1.6",
            "Trust Protection Foundation 24.1.7",
            "Trust Protection Foundation 24.1.8",
            "Trust Protection Foundation 24.1.9",
            "Trust Protection Foundation 24.1.10",
            "Trust Protection Foundation 24.1.11",
            "Trust Protection Foundation 24.1.12"
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "assignerShortName": "palo_alto",
        "cveId": "CVE-2026-0241",
        "datePublished": "2026-05-13T19:01:24.094Z",
        "dateReserved": "2025-11-03T20:44:02.327Z",
        "dateUpdated": "2026-05-13T19:30:09.308Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0240 (GCVE-0-2026-0240)

    Vulnerability from nvd – Published: 2026-05-13 18:54 – Updated: 2026-05-15 09:56
    VLAI
    Title
    Trust Protection Foundation: Sensitive Information Disclosure Vulnerability
    Summary
    An information disclosure vulnerability in Trust Protection Foundation enables an authenticated attacker to obtain sensitive information from the server's vault. Successful exploitation of this issue allows the attacker to impersonate any user within the environment and arbitrarily modify configuration settings.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere
    Assigner
    References
    Impacted products
    Vendor Product Version
    Palo Alto Networks Trust Protection Foundation Affected: 25.3.0 , < 25.3.3 (custom)
    Affected: 25.1.0 , < 25.1.8 (custom)
    Affected: 24.3.0 , < 24.3.6 (custom)
    Affected: 24.1.0 , < 24.1.13 (custom)
    Create a notification for this product.
    Date Public
    2026-05-13 16:00
    Credits
    Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0240",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-15T03:56:11.417596Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-15T09:56:36.574Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Trust Protection Foundation",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "25.3.3",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "25.3.3",
                  "status": "affected",
                  "version": "25.3.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "25.1.8",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "25.1.8",
                  "status": "affected",
                  "version": "25.1.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "24.3.6",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "24.3.6",
                  "status": "affected",
                  "version": "24.3.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "24.1.13",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "24.1.13",
                  "status": "affected",
                  "version": "24.1.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "configurations": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eNo specific configuration is required for exposure to this vulnerability.\u003c/p\u003e"
                }
              ],
              "value": "No specific configuration is required for exposure to this vulnerability."
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:palo_alto_networks:trust_protection_foundation:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "25.3.3",
                      "versionStartIncluding": "25.3.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:palo_alto_networks:trust_protection_foundation:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "25.1.8",
                      "versionStartIncluding": "25.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:palo_alto_networks:trust_protection_foundation:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "24.3.6",
                      "versionStartIncluding": "24.3.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:palo_alto_networks:trust_protection_foundation:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "24.1.13",
                      "versionStartIncluding": "24.1.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "other",
              "value": "Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue."
            }
          ],
          "datePublic": "2026-05-13T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eAn information disclosure vulnerability in Trust Protection Foundation enables an authenticated attacker to obtain sensitive information from the server\u0027s vault. Successful exploitation of this issue allows the attacker to impersonate any user within the environment and arbitrarily modify configuration settings.\u003c/p\u003e"
                }
              ],
              "value": "An information disclosure vulnerability in Trust Protection Foundation enables an authenticated attacker to obtain sensitive information from the server\u0027s vault. Successful exploitation of this issue allows the attacker to impersonate any user within the environment and arbitrarily modify configuration settings."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003ePalo Alto Networks is not aware of any malicious exploitation of this issue.\u003c/p\u003e"
                }
              ],
              "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-37",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-37 Retrieve Embedded Sensitive Data"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NO",
                "Recovery": "USER",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "ADJACENT",
                "baseScore": 4.5,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "UNREPORTED",
                "privilegesRequired": "LOW",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "LOW",
                "userInteraction": "NONE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-497",
                  "description": "CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-13T18:54:07.294Z",
            "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
            "shortName": "palo_alto"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.paloaltonetworks.com/CVE-2026-0240"
            }
          ],
          "solutions": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003ctable class=\"tbl\"\u003e\u003ctr\u003e\u003ctd\u003eVersion\u003c/td\u003e\u003ctd\u003eMinor Version\u003c/td\u003e\u003ctd\u003eSuggested Solution\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eTrust Protection Foundation 25.3\u003c/td\u003e\u003ctd\u003e25.3.0 through 25.3.2\u003c/td\u003e\u003ctd\u003eUpgrade to 25.3.3 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eTrust Protection Foundation 25.1\u003c/td\u003e\u003ctd\u003e25.1.0 through 25.1.7\u003c/td\u003e\u003ctd\u003eUpgrade to 25.1.8 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eTrust Protection Foundation 24.3\u003c/td\u003e\u003ctd\u003e24.3.0 through 24.3.5\u003c/td\u003e\u003ctd\u003eUpgrade to 24.3.6 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eTrust Protection Foundation 24.1\u003c/td\u003e\u003ctd\u003e24.1.0 through 24.1.12\u003c/td\u003e\u003ctd\u003eUpgrade to 24.1.13 or later.\u003c/td\u003e\u003c/tr\u003e\u003c/table\u003e"
                }
              ],
              "value": "Version  Minor Version  Suggested Solution\nTrust Protection Foundation 25.3  25.3.0 through 25.3.2  Upgrade to 25.3.3 or later.\nTrust Protection Foundation 25.1  25.1.0 through 25.1.7  Upgrade to 25.1.8 or later.\nTrust Protection Foundation 24.3  24.3.0 through 24.3.5  Upgrade to 24.3.6 or later.\nTrust Protection Foundation 24.1  24.1.0 through 24.1.12  Upgrade to 24.1.13 or later."
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2026-05-13T16:00:00.000Z",
              "value": "Initial publication."
            }
          ],
          "title": "Trust Protection Foundation: Sensitive Information Disclosure Vulnerability",
          "workarounds": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eNo known workarounds exist for this issue.\u003c/p\u003e"
                }
              ],
              "value": "No known workarounds exist for this issue."
            }
          ],
          "x_affectedList": [
            "Trust Protection Foundation 25.3.0",
            "Trust Protection Foundation 25.3.1",
            "Trust Protection Foundation 25.3.2",
            "Trust Protection Foundation 25.1.0",
            "Trust Protection Foundation 25.1.1",
            "Trust Protection Foundation 25.1.2",
            "Trust Protection Foundation 25.1.3",
            "Trust Protection Foundation 25.1.4",
            "Trust Protection Foundation 25.1.5",
            "Trust Protection Foundation 25.1.6",
            "Trust Protection Foundation 25.1.7",
            "Trust Protection Foundation 24.3.0",
            "Trust Protection Foundation 24.3.1",
            "Trust Protection Foundation 24.3.2",
            "Trust Protection Foundation 24.3.3",
            "Trust Protection Foundation 24.3.4",
            "Trust Protection Foundation 24.3.5",
            "Trust Protection Foundation 24.1.0",
            "Trust Protection Foundation 24.1.1",
            "Trust Protection Foundation 24.1.2",
            "Trust Protection Foundation 24.1.3",
            "Trust Protection Foundation 24.1.4",
            "Trust Protection Foundation 24.1.5",
            "Trust Protection Foundation 24.1.6",
            "Trust Protection Foundation 24.1.7",
            "Trust Protection Foundation 24.1.8",
            "Trust Protection Foundation 24.1.9",
            "Trust Protection Foundation 24.1.10",
            "Trust Protection Foundation 24.1.11",
            "Trust Protection Foundation 24.1.12"
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "assignerShortName": "palo_alto",
        "cveId": "CVE-2026-0240",
        "datePublished": "2026-05-13T18:54:07.294Z",
        "dateReserved": "2025-11-03T20:44:01.023Z",
        "dateUpdated": "2026-05-15T09:56:36.574Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0242 (GCVE-0-2026-0242)

    Vulnerability from cvelistv5 – Published: 2026-05-13 19:04 – Updated: 2026-05-15 03:56
    VLAI
    Title
    Trust Protection Foundation: SQL Injection Vulnerability
    Summary
    A SQL injection vulnerability in Trust Protection Foundation allows an authenticated attacker to execute arbitrary SQL commands against the product database. Successful exploitation could allow an attacker to read sensitive data, modify database contents, and escalate privileges to gain full administrative control of the platform.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Palo Alto Networks Trust Protection Foundation Affected: 25.3.0 , < 25.3.3 (custom)
    Affected: 25.1.0 , < 25.1.8 (custom)
    Affected: 24.3.0 , < 24.3.6 (custom)
    Affected: 24.1.0 , < 24.1.13 (custom)
    Create a notification for this product.
    Date Public
    2026-05-13 16:00
    Credits
    Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0242",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-14T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-15T03:56:11.733Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Trust Protection Foundation",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "25.3.3",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "25.3.3",
                  "status": "affected",
                  "version": "25.3.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "25.1.8",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "25.1.8",
                  "status": "affected",
                  "version": "25.1.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "24.3.6",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "24.3.6",
                  "status": "affected",
                  "version": "24.3.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "24.1.13",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "24.1.13",
                  "status": "affected",
                  "version": "24.1.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "configurations": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eNo special configuration is required to be affected by this vulnerability.\u003c/p\u003e"
                }
              ],
              "value": "No special configuration is required to be affected by this vulnerability."
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:palo_alto_networks:trust_protection_foundation:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "25.3.3",
                      "versionStartIncluding": "25.3.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:palo_alto_networks:trust_protection_foundation:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "25.1.8",
                      "versionStartIncluding": "25.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:palo_alto_networks:trust_protection_foundation:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "24.3.6",
                      "versionStartIncluding": "24.3.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:palo_alto_networks:trust_protection_foundation:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "24.1.13",
                      "versionStartIncluding": "24.1.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "other",
              "value": "Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue."
            }
          ],
          "datePublic": "2026-05-13T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eA SQL injection vulnerability in Trust Protection Foundation allows an authenticated attacker to execute arbitrary SQL commands against the product database. Successful exploitation could allow an attacker to read sensitive data, modify database contents, and escalate privileges to gain full administrative control of the platform.\u003c/p\u003e"
                }
              ],
              "value": "A SQL injection vulnerability in Trust Protection Foundation allows an authenticated attacker to execute arbitrary SQL commands against the product database. Successful exploitation could allow an attacker to read sensitive data, modify database contents, and escalate privileges to gain full administrative control of the platform."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003ePalo Alto Networks is not aware of any malicious exploitation of this issue.\u003c/p\u003e"
                }
              ],
              "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-66",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-66 SQL Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "USER",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "ADJACENT",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "UNREPORTED",
                "privilegesRequired": "LOW",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "LOW",
                "userInteraction": "NONE",
                "valueDensity": "CONCENTRATED",
                "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N/E:U/AU:Y/R:U/V:C/RE:M/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-13T19:04:52.841Z",
            "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
            "shortName": "palo_alto"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.paloaltonetworks.com/CVE-2026-0242"
            }
          ],
          "solutions": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003ctable class=\"tbl\"\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eVersion\u003c/th\u003e\u003cth\u003e\u0026nbsp;Minor Version\u003c/th\u003e\u003cth\u003eSuggested Solution\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eTrust Protection Foundation 25.3\u003c/td\u003e\u003ctd\u003e\u0026nbsp;\u003cspan\u003e25.3.0 through 25.3.2\u003c/span\u003e\u003c/td\u003e\u003ctd\u003eUpgrade to 25.3.3 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eTrust Protection Foundation 25.1\u003c/td\u003e\u003ctd\u003e\u0026nbsp;\u003cspan\u003e25.1.0 through 25.1.7\u003c/span\u003e\u003c/td\u003e\u003ctd\u003eUpgrade to 25.1.8 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eTrust Protection Foundation 24.3\u003c/td\u003e\u003ctd\u003e\u0026nbsp;\u003cspan\u003e24.3.0 through 24.3.5\u003c/span\u003e\u003c/td\u003e\u003ctd\u003eUpgrade to 24.3.6 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eTrust Protection Foundation 24.1\u003c/td\u003e\u003ctd\u003e\u0026nbsp;\u003cspan\u003e24.1.0 through 24.1.12\u003c/span\u003e\u003c/td\u003e\u003ctd\u003eUpgrade to 24.1.13 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eAll older versions\u003c/td\u003e\u003ctd\u003e\u0026nbsp;\u003c/td\u003e\u003ctd\u003eUpgrade to a supported fixed version.\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e"
                }
              ],
              "value": "Version                             Minor Version            Suggested Solution\nTrust Protection Foundation 25.3    25.3.0 through 25.3.2    Upgrade to 25.3.3 or later.\nTrust Protection Foundation 25.1    25.1.0 through 25.1.7    Upgrade to 25.1.8 or later.\nTrust Protection Foundation 24.3    24.3.0 through 24.3.5    Upgrade to 24.3.6 or later.\nTrust Protection Foundation 24.1    24.1.0 through 24.1.12   Upgrade to 24.1.13 or later.\nAll older versions                                           Upgrade to a supported fixed version."
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2026-05-13T16:00:00.000Z",
              "value": "Initial publication."
            }
          ],
          "title": "Trust Protection Foundation: SQL Injection Vulnerability",
          "x_affectedList": [
            "Trust Protection Foundation 25.3.0",
            "Trust Protection Foundation 25.3.1",
            "Trust Protection Foundation 25.3.2",
            "Trust Protection Foundation 25.1.0",
            "Trust Protection Foundation 25.1.1",
            "Trust Protection Foundation 25.1.2",
            "Trust Protection Foundation 25.1.3",
            "Trust Protection Foundation 25.1.4",
            "Trust Protection Foundation 25.1.5",
            "Trust Protection Foundation 25.1.6",
            "Trust Protection Foundation 25.1.7",
            "Trust Protection Foundation 24.3.0",
            "Trust Protection Foundation 24.3.1",
            "Trust Protection Foundation 24.3.2",
            "Trust Protection Foundation 24.3.3",
            "Trust Protection Foundation 24.3.4",
            "Trust Protection Foundation 24.3.5",
            "Trust Protection Foundation 24.1.0",
            "Trust Protection Foundation 24.1.1",
            "Trust Protection Foundation 24.1.2",
            "Trust Protection Foundation 24.1.3",
            "Trust Protection Foundation 24.1.4",
            "Trust Protection Foundation 24.1.5",
            "Trust Protection Foundation 24.1.6",
            "Trust Protection Foundation 24.1.7",
            "Trust Protection Foundation 24.1.8",
            "Trust Protection Foundation 24.1.9",
            "Trust Protection Foundation 24.1.10",
            "Trust Protection Foundation 24.1.11",
            "Trust Protection Foundation 24.1.12"
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "assignerShortName": "palo_alto",
        "cveId": "CVE-2026-0242",
        "datePublished": "2026-05-13T19:04:52.841Z",
        "dateReserved": "2025-11-03T20:44:03.175Z",
        "dateUpdated": "2026-05-15T03:56:11.733Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0241 (GCVE-0-2026-0241)

    Vulnerability from cvelistv5 – Published: 2026-05-13 19:01 – Updated: 2026-05-13 19:30
    VLAI
    Title
    Trust Protection Foundation: Multiple Authorization Bypass Vulnerabilities
    Summary
    Incorrect Authorization vulnerabilities in Trust Protection Foundation allow attackers to bypass access controls and perform unauthorized actions on restricted resources.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-754 - Improper Check for Unusual or Exceptional Conditions
    Assigner
    References
    Impacted products
    Vendor Product Version
    Palo Alto Networks Trust Protection Foundation Affected: 25.3.0 , < 25.3.3 (custom)
    Affected: 25.1.0 , < 25.1.8 (custom)
    Affected: 24.3.0 , < 24.3.6 (custom)
    Affected: 24.1.0 , < 24.1.13 (custom)
    Create a notification for this product.
    Date Public
    2026-05-13 16:00
    Credits
    Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0241",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-13T19:16:03.842883Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-13T19:30:09.308Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Trust Protection Foundation",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "25.3.3",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "25.3.3",
                  "status": "affected",
                  "version": "25.3.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "25.1.8",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "25.1.8",
                  "status": "affected",
                  "version": "25.1.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "24.3.6",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "24.3.6",
                  "status": "affected",
                  "version": "24.3.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "24.1.13",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "24.1.13",
                  "status": "affected",
                  "version": "24.1.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "configurations": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eNo specific configuration is required for exposure to this vulnerability.\u003c/p\u003e"
                }
              ],
              "value": "No specific configuration is required for exposure to this vulnerability."
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:palo_alto_networks:trust_protection_foundation:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "25.3.3",
                      "versionStartIncluding": "25.3.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:palo_alto_networks:trust_protection_foundation:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "25.1.8",
                      "versionStartIncluding": "25.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:palo_alto_networks:trust_protection_foundation:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "24.3.6",
                      "versionStartIncluding": "24.3.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:palo_alto_networks:trust_protection_foundation:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "24.1.13",
                      "versionStartIncluding": "24.1.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "other",
              "value": "Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue."
            }
          ],
          "datePublic": "2026-05-13T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIncorrect Authorization vulnerabilities in Trust Protection Foundation allow attackers to bypass access controls and perform unauthorized actions on restricted resources.\u003c/p\u003e"
                }
              ],
              "value": "Incorrect Authorization vulnerabilities in Trust Protection Foundation allow attackers to bypass access controls and perform unauthorized actions on restricted resources."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003ePalo Alto Networks is not aware of any malicious exploitation of this issue.\u003c/p\u003e"
                }
              ],
              "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-122",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-122 Privilege Abuse"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NO",
                "Recovery": "USER",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "ADJACENT",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "UNREPORTED",
                "privilegesRequired": "NONE",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "LOW",
                "userInteraction": "NONE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:L/SI:L/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-754",
                  "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-13T19:01:24.094Z",
            "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
            "shortName": "palo_alto"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.paloaltonetworks.com/CVE-2026-0241"
            }
          ],
          "solutions": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003ctable class=\"tbl\"\u003e\u003ctr\u003e\u003ctd\u003eVersion\u003c/td\u003e\u003ctd\u003eMinor Version\u003c/td\u003e\u003ctd\u003eSuggested Solution\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eTrust Protection Foundation 25.3\u003c/td\u003e\u003ctd\u003e25.3.0 through 25.3.2\u003c/td\u003e\u003ctd\u003eUpgrade to 25.3.3 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eTrust Protection Foundation 25.1\u003c/td\u003e\u003ctd\u003e25.1.0 through 25.1.7\u003c/td\u003e\u003ctd\u003eUpgrade to 25.1.8 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eTrust Protection Foundation 24.3\u003c/td\u003e\u003ctd\u003e24.3.0 through 24.3.5\u003c/td\u003e\u003ctd\u003eUpgrade to 24.3.6 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eTrust Protection Foundation 24.1\u003c/td\u003e\u003ctd\u003e24.1.0 through 24.1.12\u003c/td\u003e\u003ctd\u003eUpgrade to 24.1.13 or later.\u003c/td\u003e\u003c/tr\u003e\u003c/table\u003e"
                }
              ],
              "value": "Version  Minor Version  Suggested Solution\nTrust Protection Foundation 25.3  25.3.0 through 25.3.2  Upgrade to 25.3.3 or later.\nTrust Protection Foundation 25.1  25.1.0 through 25.1.7  Upgrade to 25.1.8 or later.\nTrust Protection Foundation 24.3  24.3.0 through 24.3.5  Upgrade to 24.3.6 or later.\nTrust Protection Foundation 24.1  24.1.0 through 24.1.12  Upgrade to 24.1.13 or later."
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2026-05-13T16:00:00.000Z",
              "value": "Initial publication."
            }
          ],
          "title": "Trust Protection Foundation: Multiple Authorization Bypass Vulnerabilities",
          "workarounds": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eNo known workarounds exist for this issue.\u003c/p\u003e"
                }
              ],
              "value": "No known workarounds exist for this issue."
            }
          ],
          "x_affectedList": [
            "Trust Protection Foundation 25.3.0",
            "Trust Protection Foundation 25.3.1",
            "Trust Protection Foundation 25.3.2",
            "Trust Protection Foundation 25.1.0",
            "Trust Protection Foundation 25.1.1",
            "Trust Protection Foundation 25.1.2",
            "Trust Protection Foundation 25.1.3",
            "Trust Protection Foundation 25.1.4",
            "Trust Protection Foundation 25.1.5",
            "Trust Protection Foundation 25.1.6",
            "Trust Protection Foundation 25.1.7",
            "Trust Protection Foundation 24.3.0",
            "Trust Protection Foundation 24.3.1",
            "Trust Protection Foundation 24.3.2",
            "Trust Protection Foundation 24.3.3",
            "Trust Protection Foundation 24.3.4",
            "Trust Protection Foundation 24.3.5",
            "Trust Protection Foundation 24.1.0",
            "Trust Protection Foundation 24.1.1",
            "Trust Protection Foundation 24.1.2",
            "Trust Protection Foundation 24.1.3",
            "Trust Protection Foundation 24.1.4",
            "Trust Protection Foundation 24.1.5",
            "Trust Protection Foundation 24.1.6",
            "Trust Protection Foundation 24.1.7",
            "Trust Protection Foundation 24.1.8",
            "Trust Protection Foundation 24.1.9",
            "Trust Protection Foundation 24.1.10",
            "Trust Protection Foundation 24.1.11",
            "Trust Protection Foundation 24.1.12"
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "assignerShortName": "palo_alto",
        "cveId": "CVE-2026-0241",
        "datePublished": "2026-05-13T19:01:24.094Z",
        "dateReserved": "2025-11-03T20:44:02.327Z",
        "dateUpdated": "2026-05-13T19:30:09.308Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0240 (GCVE-0-2026-0240)

    Vulnerability from cvelistv5 – Published: 2026-05-13 18:54 – Updated: 2026-05-15 09:56
    VLAI
    Title
    Trust Protection Foundation: Sensitive Information Disclosure Vulnerability
    Summary
    An information disclosure vulnerability in Trust Protection Foundation enables an authenticated attacker to obtain sensitive information from the server's vault. Successful exploitation of this issue allows the attacker to impersonate any user within the environment and arbitrarily modify configuration settings.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere
    Assigner
    References
    Impacted products
    Vendor Product Version
    Palo Alto Networks Trust Protection Foundation Affected: 25.3.0 , < 25.3.3 (custom)
    Affected: 25.1.0 , < 25.1.8 (custom)
    Affected: 24.3.0 , < 24.3.6 (custom)
    Affected: 24.1.0 , < 24.1.13 (custom)
    Create a notification for this product.
    Date Public
    2026-05-13 16:00
    Credits
    Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0240",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-15T03:56:11.417596Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-15T09:56:36.574Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Trust Protection Foundation",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "25.3.3",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "25.3.3",
                  "status": "affected",
                  "version": "25.3.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "25.1.8",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "25.1.8",
                  "status": "affected",
                  "version": "25.1.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "24.3.6",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "24.3.6",
                  "status": "affected",
                  "version": "24.3.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "24.1.13",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "24.1.13",
                  "status": "affected",
                  "version": "24.1.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "configurations": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eNo specific configuration is required for exposure to this vulnerability.\u003c/p\u003e"
                }
              ],
              "value": "No specific configuration is required for exposure to this vulnerability."
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:palo_alto_networks:trust_protection_foundation:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "25.3.3",
                      "versionStartIncluding": "25.3.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:palo_alto_networks:trust_protection_foundation:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "25.1.8",
                      "versionStartIncluding": "25.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:palo_alto_networks:trust_protection_foundation:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "24.3.6",
                      "versionStartIncluding": "24.3.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:palo_alto_networks:trust_protection_foundation:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "24.1.13",
                      "versionStartIncluding": "24.1.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "other",
              "value": "Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue."
            }
          ],
          "datePublic": "2026-05-13T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eAn information disclosure vulnerability in Trust Protection Foundation enables an authenticated attacker to obtain sensitive information from the server\u0027s vault. Successful exploitation of this issue allows the attacker to impersonate any user within the environment and arbitrarily modify configuration settings.\u003c/p\u003e"
                }
              ],
              "value": "An information disclosure vulnerability in Trust Protection Foundation enables an authenticated attacker to obtain sensitive information from the server\u0027s vault. Successful exploitation of this issue allows the attacker to impersonate any user within the environment and arbitrarily modify configuration settings."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003ePalo Alto Networks is not aware of any malicious exploitation of this issue.\u003c/p\u003e"
                }
              ],
              "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-37",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-37 Retrieve Embedded Sensitive Data"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NO",
                "Recovery": "USER",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "ADJACENT",
                "baseScore": 4.5,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "UNREPORTED",
                "privilegesRequired": "LOW",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "LOW",
                "userInteraction": "NONE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-497",
                  "description": "CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-13T18:54:07.294Z",
            "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
            "shortName": "palo_alto"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.paloaltonetworks.com/CVE-2026-0240"
            }
          ],
          "solutions": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003ctable class=\"tbl\"\u003e\u003ctr\u003e\u003ctd\u003eVersion\u003c/td\u003e\u003ctd\u003eMinor Version\u003c/td\u003e\u003ctd\u003eSuggested Solution\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eTrust Protection Foundation 25.3\u003c/td\u003e\u003ctd\u003e25.3.0 through 25.3.2\u003c/td\u003e\u003ctd\u003eUpgrade to 25.3.3 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eTrust Protection Foundation 25.1\u003c/td\u003e\u003ctd\u003e25.1.0 through 25.1.7\u003c/td\u003e\u003ctd\u003eUpgrade to 25.1.8 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eTrust Protection Foundation 24.3\u003c/td\u003e\u003ctd\u003e24.3.0 through 24.3.5\u003c/td\u003e\u003ctd\u003eUpgrade to 24.3.6 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eTrust Protection Foundation 24.1\u003c/td\u003e\u003ctd\u003e24.1.0 through 24.1.12\u003c/td\u003e\u003ctd\u003eUpgrade to 24.1.13 or later.\u003c/td\u003e\u003c/tr\u003e\u003c/table\u003e"
                }
              ],
              "value": "Version  Minor Version  Suggested Solution\nTrust Protection Foundation 25.3  25.3.0 through 25.3.2  Upgrade to 25.3.3 or later.\nTrust Protection Foundation 25.1  25.1.0 through 25.1.7  Upgrade to 25.1.8 or later.\nTrust Protection Foundation 24.3  24.3.0 through 24.3.5  Upgrade to 24.3.6 or later.\nTrust Protection Foundation 24.1  24.1.0 through 24.1.12  Upgrade to 24.1.13 or later."
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2026-05-13T16:00:00.000Z",
              "value": "Initial publication."
            }
          ],
          "title": "Trust Protection Foundation: Sensitive Information Disclosure Vulnerability",
          "workarounds": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eNo known workarounds exist for this issue.\u003c/p\u003e"
                }
              ],
              "value": "No known workarounds exist for this issue."
            }
          ],
          "x_affectedList": [
            "Trust Protection Foundation 25.3.0",
            "Trust Protection Foundation 25.3.1",
            "Trust Protection Foundation 25.3.2",
            "Trust Protection Foundation 25.1.0",
            "Trust Protection Foundation 25.1.1",
            "Trust Protection Foundation 25.1.2",
            "Trust Protection Foundation 25.1.3",
            "Trust Protection Foundation 25.1.4",
            "Trust Protection Foundation 25.1.5",
            "Trust Protection Foundation 25.1.6",
            "Trust Protection Foundation 25.1.7",
            "Trust Protection Foundation 24.3.0",
            "Trust Protection Foundation 24.3.1",
            "Trust Protection Foundation 24.3.2",
            "Trust Protection Foundation 24.3.3",
            "Trust Protection Foundation 24.3.4",
            "Trust Protection Foundation 24.3.5",
            "Trust Protection Foundation 24.1.0",
            "Trust Protection Foundation 24.1.1",
            "Trust Protection Foundation 24.1.2",
            "Trust Protection Foundation 24.1.3",
            "Trust Protection Foundation 24.1.4",
            "Trust Protection Foundation 24.1.5",
            "Trust Protection Foundation 24.1.6",
            "Trust Protection Foundation 24.1.7",
            "Trust Protection Foundation 24.1.8",
            "Trust Protection Foundation 24.1.9",
            "Trust Protection Foundation 24.1.10",
            "Trust Protection Foundation 24.1.11",
            "Trust Protection Foundation 24.1.12"
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "assignerShortName": "palo_alto",
        "cveId": "CVE-2026-0240",
        "datePublished": "2026-05-13T18:54:07.294Z",
        "dateReserved": "2025-11-03T20:44:01.023Z",
        "dateUpdated": "2026-05-15T09:56:36.574Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }