Description
A path traversal vulnerability in Palo Alto Networks Cortex XSOAR engine software running on Linux allows an unauthenticated attacker on an adjacent network, with the ability to intercept and manipulate network response traffic via a man-in-the-middle (MITM) attack, to write arbitrary files to the host.
Published: 2026-06-10
Score: 4.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A path traversal flaw (CWE-22) exists in the Cortex XSOAR engine running on Linux. The flaw allows an unauthenticated attacker who can intercept and manipulate traffic via a MitM attack on an adjacent network to write arbitrary files to the host. This violates data integrity and can enable attackers to modify configuration files or deploy malicious content, potentially compromising the system.

Affected Systems

The affected system is an installation of Palo Alto Networks Cortex XSOAR version 8.13.0 running on Linux. The vendor recommends upgrading to version 8.13.0.11 or newer to eliminate the flaw. No specific OS versions outside of Linux are mentioned; the vulnerability is limited to Linux builds of Cortex XSOAR.

Risk and Exploitability

The CVSS score is 4.8, placing the vulnerability in a moderate risk range. EPSS is not available, and the issue is not yet listed in CISA KEV. The attack requires network proximity and the ability to perform a MitM attack, so it is unlikely to be exploited remotely over the internet. Nevertheless, the potential for arbitrary file writing makes it a serious concern, especially in environments where Cortex XSOAR is exposed to untrusted network segments.

Generated by OpenCVE AI on June 10, 2026 at 23:51 UTC.

Remediation

Vendor Workaround

Palo Alto Networks is not aware of any malicious exploitation of these issues.


OpenCVE Recommended Actions

  • Upgrade Cortex XSOAR to version 8.13.0.11 or later on all affected Linux hosts.
  • Restrict network access to the Cortex XSOAR instance by removing unnecessary inbound traffic and applying segmentation or firewall rules to prevent nearby attackers from performing a MitM attack.
  • Enable and monitor file integrity monitoring or log aggregation to detect unauthorized file creation or modifications within the Cortex XSOAR installation directories.

Generated by OpenCVE AI on June 10, 2026 at 23:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 11 Jun 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Thu, 11 Jun 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Paloaltonetworks
Paloaltonetworks cortex Xsoar
Vendors & Products Paloaltonetworks
Paloaltonetworks cortex Xsoar

Wed, 10 Jun 2026 21:45:00 +0000

Type Values Removed Values Added
Description A path traversal vulnerability in Palo Alto Networks Cortex XSOAR engine software running on Linux allows an unauthenticated attacker on an adjacent network, with the ability to intercept and manipulate network response traffic via a man-in-the-middle (MITM) attack, to write arbitrary files to the host.
Title Cortex XSOAR: Path Traversal Vulnerability
First Time appeared Palo Alto Networks
Palo Alto Networks cortex Xsoar
Weaknesses CWE-22
CPEs cpe:2.3:a:palo_alto_networks:cortex_xsoar:*:*:*:*:*:*:*:*
cpe:2.3:a:palo_alto_networks:cortex_xsoar:*:*:*:*:*:Linux:*:*
Vendors & Products Palo Alto Networks
Palo Alto Networks cortex Xsoar
References
Metrics cvssV4_0

{'score': 4.8, 'vector': 'CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:Y/R:U/V:D/RE:M/U:Amber'}


Subscriptions

Palo Alto Networks Cortex Xsoar
Paloaltonetworks Cortex Xsoar
cve-icon MITRE

Status: PUBLISHED

Assigner: palo_alto

Published:

Updated: 2026-06-12T03:55:34.115Z

Reserved: 2025-11-03T20:44:30.311Z

Link: CVE-2026-0270

cve-icon Vulnrichment

Updated: 2026-06-11T13:48:51.346Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-10T22:16:53.953

Modified: 2026-06-11T15:21:30.653

Link: CVE-2026-0270

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-11T10:30:11Z

Weaknesses
  • CWE-22

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')