CVE-2026-0270 MEDIUM

CVE-2026-0270: Cortex XSOAR: Path Traversal Vulnerability

Vendor Palo Alto Networks
Product Cortex XSOAR
Weakness CWE-22 · Path traversal
Published June 10, 2026
Last update June 12, 2026

CVSS base score

4.8/10
Attack vector Adjacent
Attack complexity High
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:Y/R:U/V:D/RE:M/U:Amber

What the vulnerability does

01Description

A path traversal vulnerability in Palo Alto Networks Cortex XSOAR engine software running on Linux allows an unauthenticated attacker on an adjacent network, with the ability to intercept and manipulate network response traffic via a man-in-the-middle (MITM) attack, to write arbitrary files to the host.

Key dates

02Disclosure timeline

June 10, 2026 CVE published
June 12, 2026 Record updated