CVE-2026-0274 HIGH

CVE-2026-0274: Cortex XSOAR: Improper Validation of Credentials in CommvaultSecurityIQ integration

Vendor Palo Alto Networks
Product Cortex XSIAM CommvaultSecurityIQ Marketplace
Weakness CWE-1390
Published June 10, 2026
Last update June 12, 2026

CVSS base score

8.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Red

What the vulnerability does

01Description

An improper validation of credentials vulnerability in the CommvaultSecurityIQ integration for Cortex XSOAR and Cortex XSIAM allows an unauthenticated attacker to access and modify protected resources.

Key dates

02Disclosure timeline

June 10, 2026 CVE published
June 12, 2026 Record updated