Description
A SQL injection vulnerability in Trust Protection Foundation allows an authenticated attacker to execute arbitrary SQL commands against the product database. Successful exploitation could allow an attacker to read sensitive data, modify database contents, and escalate privileges to gain full administrative control of the platform.
Published: 2026-05-13
Score: 6.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A particular version of Trust Protection Foundation suffers from a SQL injection flaw that lets an attacker with valid credentials run arbitrary SQL statements against the product database. If successful, the attacker can read confidential information, modify stored data, and raise privileges to full administrative control of the platform. The weakness is CWE‑89, a classic input validation failure that allows malicious input to be executed by the database engine.

Affected Systems

The vulnerability applies to Palo Alto Networks Trust Protection Foundation versions 24.1.0 through 24.1.12, 24.3.0 through 24.3.5, 25.1.0 through 25.1.7, and 25.3.0 through 25.3.2, as well as all older releases that have not been patched to a fixed version.

Risk and Exploitability

The CVSS score of 6.1 indicates a moderate severity, with the EPSS score not available to gauge exploitation likelihood. The vulnerability is listed outside the CISA KEV catalog, suggesting no widely known active exploits. However, because the flaw requires authentication, an attacker must first obtain legitimate credentials or compromise an account with database access. Once authenticated, the attacker could abuse the injection to perform data exfiltration, tampering, or privilege escalation. Given the medium severity and lack of publicly known exploitation, the risk is moderate to high in environments where privileged users have inconsistent safeguards.

Generated by OpenCVE AI on May 13, 2026 at 20:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor‑provided fix by upgrading to Trust Protection Foundation 25.3.3 or newer, or 25.1.8 or newer, or 24.3.6 or newer, as appropriate for the installed version. This removes the injection point and restores secure input handling.
  • If an upgrade is not immediately possible, strictly limit the accounts that have database write privileges to the minimum required, and consider disabling or removing any unused privileged roles that could be leveraged to perform the injection.
  • Enable comprehensive auditing and logging of all SQL queries, and monitor the logs for anomalous or unexpected query patterns that may indicate attempted exploitation.

Generated by OpenCVE AI on May 13, 2026 at 20:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 13 May 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 13 May 2026 19:15:00 +0000

Type Values Removed Values Added
Description A SQL injection vulnerability in Trust Protection Foundation allows an authenticated attacker to execute arbitrary SQL commands against the product database. Successful exploitation could allow an attacker to read sensitive data, modify database contents, and escalate privileges to gain full administrative control of the platform.
Title Trust Protection Foundation: SQL Injection Vulnerability
First Time appeared Palo Alto Networks
Palo Alto Networks trust Protection Foundation
Weaknesses CWE-89
CPEs cpe:2.3:a:palo_alto_networks:trust_protection_foundation:*:*:*:*:*:*:*:*
Vendors & Products Palo Alto Networks
Palo Alto Networks trust Protection Foundation
References
Metrics cvssV4_0

{'score': 6.1, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N/E:U/AU:Y/R:U/V:C/RE:M/U:Amber'}

Subscriptions

Palo Alto Networks Trust Protection Foundation
cve-icon MITRE

Status: PUBLISHED

Assigner: palo_alto

Published:

Updated: 2026-05-15T03:56:11.733Z

Reserved: 2025-11-03T20:44:03.175Z

Link: CVE-2026-0242

cve-icon Vulnrichment

Updated: 2026-05-13T19:29:33.504Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-13T19:16:58.130

Modified: 2026-05-14T16:21:23.190

Link: CVE-2026-0242

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-14T14:33:47Z

Weaknesses