CVE-2026-0270 - Vulnerability Details - OpenCVE

A path traversal vulnerability in Palo Alto Networks Cortex XSOAR engine software running on Linux allows an unauthenticated attacker on an adjacent network, with the ability to intercept and manipulate network response traffic via a man-in-the-middle (MITM) attack, to write arbitrary files to the host.

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required None

Attack Requirements Present

User Interaction Passive

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Vendors	Products
Palo Alto Networks	Cortex Xsoar

No data.

No data.

No data.

References

Link	Providers
https://nvd.nist.gov/vuln/detail/CVE-2007-4559
https://security.paloaltonetworks.com/CVE-2026-0270

History

Wed, 10 Jun 2026 21:45:00 +0000

Type	Values Removed	Values Added
Description		A path traversal vulnerability in Palo Alto Networks Cortex XSOAR engine software running on Linux allows an unauthenticated attacker on an adjacent network, with the ability to intercept and manipulate network response traffic via a man-in-the-middle (MITM) attack, to write arbitrary files to the host.
Title		Cortex XSOAR: Path Traversal Vulnerability
First Time appeared		Palo Alto Networks Palo Alto Networks cortex Xsoar
Weaknesses		CWE-22
CPEs		cpe:2.3:a:palo_alto_networks:cortex_xsoar:::::::: cpe:2.3:a:palo_alto_networks:cortex_xsoar::::::Linux::*
Vendors & Products		Palo Alto Networks Palo Alto Networks cortex Xsoar
References		https://nvd.nist.gov/vuln/detail/CVE-2007-4559 https://security.paloaltonetworks.com/CVE-2026-0270
Metrics		cvssV4_0 `{'score': 4.8, 'vector': 'CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:Y/R:U/V:D/RE:M/U:Amber'}`

MITRE

Status: PUBLISHED

Assigner: palo_alto

Published: 2026-06-10T20:59:00.350Z

Updated: 2026-06-10T20:59:00.350Z

Reserved: 2025-11-03T20:44:30.311Z

Link: CVE-2026-0270

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-06-10T22:16:53.953

Modified: 2026-06-10T22:16:53.953

Link: CVE-2026-0270

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-0270", "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "state": "PUBLISHED", "assignerShortName": "palo_alto", "dateReserved": "2025-11-03T20:44:30.311Z", "datePublished": "2026-06-10T20:59:00.350Z", "dateUpdated": "2026-06-10T20:59:00.350Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "shortName": "palo_alto", "dateUpdated": "2026-06-10T20:59:00.350Z"}, "title": "Cortex XSOAR: Path Traversal Vulnerability", "datePublic": "2026-06-10T16:00:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-88", "descriptions": [{"lang": "en", "value": "CAPEC-88 OS Command Injection"}]}], "affected": [{"vendor": "Palo Alto Networks", "product": "Cortex XSOAR", "platforms": ["Linux"], "versions": [{"status": "affected", "version": "8.13", "lessThan": "8.13.0.11", "changes": [{"at": "8.13.0.11", "status": "unaffected"}], "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Palo Alto Networks", "product": "Cortex XSOAR", "versions": [{"status": "affected", "version": "8.12.0", "versionType": "custom"}, {"status": "affected", "version": "8.11.0", "versionType": "custom"}, {"status": "affected", "version": "8.10.0", "versionType": "custom"}, {"status": "unaffected", "version": "6.14.0", "versionType": "custom"}, {"status": "unaffected", "version": "6.13.0", "versionType": "custom"}, {"status": "unaffected", "version": "6.12.0", "versionType": "custom"}], "defaultStatus": "unaffected"}], "cpeApplicability": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:palo_alto_networks:cortex_xsoar:*:*:*:*:*:Linux:*:*", "versionEndExcluding": "8.13.0.11", "versionStartIncluding": "8.13.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:palo_alto_networks:cortex_xsoar:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.12.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:palo_alto_networks:cortex_xsoar:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.11.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:palo_alto_networks:cortex_xsoar:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.10.0", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "OR"}], "descriptions": [{"lang": "en", "value": "A path traversal vulnerability in Palo Alto Networks Cortex XSOAR engine software running on Linux allows an unauthenticated attacker on an adjacent network, with the ability to intercept and manipulate network response traffic via a man-in-the-middle (MITM) attack, to write arbitrary files to the host.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p></p>A path traversal vulnerability in Palo Alto Networks Cortex XSOAR engine software running on Linux allows an unauthenticated attacker on an adjacent network, with the ability to intercept and manipulate network response traffic via a man-in-the-middle (MITM) attack, to write arbitrary files to the host.<br><p></p>"}]}], "references": [{"url": "https://security.paloaltonetworks.com/CVE-2026-0270", "tags": ["vendor-advisory"]}, {"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-4559", "name": "CVE-2007-4559: Python tarfile module path traversal", "tags": ["related", "third-party-advisory"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "ADJACENT", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subAvailabilityImpact": "NONE", "exploitMaturity": "UNREPORTED", "Safety": "NOT_DEFINED", "Automatable": "YES", "Recovery": "USER", "valueDensity": "DIFFUSE", "vulnerabilityResponseEffort": "MODERATE", "providerUrgency": "AMBER", "version": "4.0", "baseSeverity": "MEDIUM", "baseScore": 4.8, "vectorString": "CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:Y/R:U/V:D/RE:M/U:Amber"}}], "configurations": [{"lang": "en", "value": "No special configuration is required.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "No special configuration is required."}]}], "workarounds": [{"lang": "en", "value": "Palo Alto Networks is not aware of any malicious exploitation of these issues.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Palo Alto Networks is not aware of any malicious exploitation of these issues."}]}], "solutions": [{"lang": "eng", "value": "VERSION MINOR VERSION SUGGESTED SOLUTION\nCortex XSOAR 8.13 on Linux 8.13.0 Upgrade to 8.13.0.11 or later.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<table><thead><tr><th>Version<br></th><th>Minor Version<br></th><th>Suggested Solution<br></th></tr></thead><tbody><tr>\n <td>Cortex XSOAR 8.13 on Linux<br></td>\n <td>8.13.0</td>\n <td>Upgrade to 8.13.0.11 or later.</td>\n </tr></tbody></table>"}]}], "exploits": [{"lang": "en", "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."}]}], "timeline": [{"time": "2026-06-10T16:00:00.000Z", "lang": "eng", "value": "Initial publication"}], "credits": [{"lang": "en", "value": "Palo Alto Networks thanks the internal security team for discovering and reporting this issue.", "type": "finder"}], "source": {"discovery": "INTERNAL"}, "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_affectedList": ["Cortex XSOAR 8.13.0"]}}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A path traversal vulnerability in Palo Alto Networks Cortex XSOAR engine software running on Linux allows an unauthenticated attacker on an adjacent network, with the ability to intercept and manipulate network response traffic via a man-in-the-middle (MITM) attack, to write arbitrary files to the host."}], "id": "CVE-2026-0270", "lastModified": "2026-06-10T22:16:53.953", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "YES", "Recovery": "USER", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "attackVector": "ADJACENT", "availabilityRequirement": "NOT_DEFINED", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "UNREPORTED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "AMBER", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:D/RE:M/U:Amber", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "MODERATE"}, "source": "[email protected]", "type": "Secondary"}]}, "published": "2026-06-10T22:16:53.953", "references": [{"source": "[email protected]", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-4559"}, {"source": "[email protected]", "url": "https://security.paloaltonetworks.com/CVE-2026-0270"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "[email protected]", "type": "Secondary"}]}