What the vulnerability does
01Description
A vulnerability in Palo Alto Networks Broker VM allows an authenticated administrator to inject arbitrary content into certain Broker VM fields.
CVE-2026-0238
LOW
CVE-2026-0238: Broker VM: Improper Input Validation in Broker VM Certificate and Key Fields
CVSS base score
1.1/10
CVSS vector
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber
Key dates
02Disclosure timeline
May 13, 2026
CVE published
May 13, 2026
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2026-22444 Apache Solr: Insufficient file-access checking in standalone core-creation requests
CVE-2021-44462 Horner Automation Cscape EnvisionRV Improper Input Validation
CVE-2023-20255
CVE-2025-27731 Microsoft OpenSSH for Windows Elevation of Privilege Vulnerability
CVE-2020-7070 PHP parses encoded cookie names so malicious `__Host-` cookies can be sent
