An improper verification of cryptographic signature occurs during the Microsoft Teams integration on Palo Alto Networks Cortex XSOAR and Cortex XSIAM. Because the platform fails to validate the signed data, an attacker can supply a tampered yet still cryptographically signed payload and bypass the signature check. The result is that unauthenticated users can access and alter protected resources within the platform, compromising data integrity and potentially enabling further attacks. This weakness is defined as CWE‑347, which highlights the danger of not validating signed information.

The affected products are Palo Alto Networks Cortex XSIAM Microsoft Teams Marketplace and Cortex XSOAR Microsoft Teams Marketplace. Versions from 1.5.0 through 1.5.51 inclusive are vulnerable. Users running any of these releases can be impacted; upgrading to version 1.5.52 or later removes the flaw for both products.

The CVSS base score of 7.2 marks this defect as high severity. EPSS data is not available and the issue is not listed in the CISA KEV catalog, suggesting limited public exploitation evidence at this time. The likely attack scenario involves an unauthenticated actor crafting a tampered signed message and sending it to the integration endpoint, which then accepts the payload due to the missing verification step. Because there are no workarounds, the only viable mitigation is to apply the vendor patch immediately.