Description
A certificate validation vulnerability in Palo Alto Networks Autonomous Digital Experience Manager on Windows allows an unauthenticated attacker with adjacent network access to execute arbitrary code with NT AUTHORITY\SYSTEM privileges.
Published: 2026-04-13
Score: 2 Low
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Patch Now
AI Analysis

Impact

An improper validation of an ADEM certificate allows an unauthenticated attacker to execute code with NT AUTHORITY\SYSTEM privileges on Windows deployments of Autonomous Digital Experience Manager. The flaw arises because the application does not properly verify the trustworthiness of presented certificates, leading to elevation of privilege to system level when exploited.

Affected Systems

The vulnerability affects Palo Alto Networks Autonomous Digital Experience Manager versions 5.10.0 through 5.10.14 on Windows. Users running any of these releases should confirm their version and consider updating to a patched release.

Risk and Exploitability

The CVSS score of 2.0 reflects a lower severity classification, yet the privilege escalation to SYSTEM is critical. No EPSS score is available. The likely attack vector is an attacker with adjacent network access; this inference comes from the description stating the attacker does not need authentication and must reach the vulnerable service locally or over an internal network. Exploitation requires supplying a malicious or improperly signed certificate to the ADEM instance, after which arbitrary code runs with full system privileges.

Generated by OpenCVE AI on April 13, 2026 at 08:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the official update to version 5.10.14 or later immediately.
  • Verify that the patch has been applied to all Windows instances of Autonomous Digital Experience Manager.
  • Restrict inbound network reachability to the ADEM instance to trusted IP ranges while monitoring for suspicious traffic.
  • Continuously review logs for certificate validation failures or unusual activity.

Generated by OpenCVE AI on April 13, 2026 at 08:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 13 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 13 Apr 2026 07:45:00 +0000

Type Values Removed Values Added
Description A certificate validation vulnerability in Palo Alto Networks Autonomous Digital Experience Manager on Windows allows an unauthenticated attacker with adjacent network access to execute arbitrary code with NT AUTHORITY\SYSTEM privileges.
Title Autonomous Digital Experience Manager: Improper validation of ADEM certificate
First Time appeared Palo Alto Networks
Palo Alto Networks autonomous Digital Experience Manager
Weaknesses CWE-295
CPEs cpe:2.3:a:palo_alto_networks:autonomous_digital_experience_manager:*:*:*:*:*:Windows:*:*
Vendors & Products Palo Alto Networks
Palo Alto Networks autonomous Digital Experience Manager
References
Metrics cvssV4_0

{'score': 2, 'vector': 'CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Green'}

Subscriptions

Palo Alto Networks Autonomous Digital Experience Manager
cve-icon MITRE

Status: PUBLISHED

Assigner: palo_alto

Published:

Updated: 2026-04-13T13:35:50.988Z

Reserved: 2025-11-03T20:43:54.324Z

Link: CVE-2026-0233

cve-icon Vulnrichment

Updated: 2026-04-13T13:35:44.902Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-13T08:16:22.150

Modified: 2026-04-13T15:01:43.663

Link: CVE-2026-0233

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-13T12:52:36Z

Weaknesses