{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-0232", "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "state": "PUBLISHED", "assignerShortName": "palo_alto", "dateReserved": "2025-11-03T20:43:53.493Z", "datePublished": "2026-04-13T07:22:48.325Z", "dateUpdated": "2026-04-13T13:27:43.511Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "shortName": "palo_alto", "dateUpdated": "2026-04-13T07:22:48.325Z"}, "title": "Cortex XDR Agent: Local Administrator can disable the agent on Windows", "datePublic": "2026-04-08T16:00:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-15", "description": "CWE-15: External Control of System or Configuration Setting", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-578", "descriptions": [{"lang": "en", "value": "CAPEC-578 Disable Security Software"}]}], "affected": [{"vendor": "Palo Alto Networks", "product": "Cortex XDR Agent", "versions": [{"status": "unaffected", "version": "9.1.0", "lessThan": "5.10.14", "changes": [{"at": "5.10.14", "status": "unaffected"}], "versionType": "custom"}, {"status": "unaffected", "version": "9.0", "versionType": "custom"}, {"status": "unaffected", "version": "8.9", "versionType": "custom"}, {"status": "unaffected", "version": "8.7-CE", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Palo Alto Networks", "product": "Cortex XDR Agent", "versions": [{"status": "affected", "version": "9.0", "lessThan": "9.0.1", "changes": [{"at": "9.0.1", "status": "unaffected"}], "versionType": "custom"}, {"status": "affected", "version": "8.9", "lessThan": "8.9.1", "changes": [{"at": "8.9.1", "status": "unaffected"}], "versionType": "custom"}, {"status": "affected", "version": "8.7-CE", "lessThan": "8.7.101-CE", "changes": [{"at": "8.7.101-CE", "status": "unaffected"}], "versionType": "custom"}, {"status": "affected", "version": "8.3-CE", "lessThan": "8.3-CE-CU-2120", "changes": [{"at": "8.3-CE", "status": "unaffected"}], "versionType": "custom"}, {"status": "affected", "version": "7.9-CE", "lessThan": "7.9-CE-CU-2120", "changes": [{"at": "7.9-CE", "status": "unaffected"}], "versionType": "custom"}], "defaultStatus": "unaffected", "platforms": ["Windows"], "cpes": ["cpe:2.3:a:palo_alto_networks:cortex_xdr_agent:9.0.0:*:*:*:*:Windows:*:*", "cpe:2.3:a:palo_alto_networks:cortex_xdr_agent:8.9.0:*:*:*:*:Windows:*:*", "cpe:2.3:a:palo_alto_networks:cortex_xdr_agent:8.7-CE:*:*:*:*:Windows:*:*"]}], "cpeApplicability": [{"operator": "OR", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:palo_alto_networks:cortex_xdr_agent:*:*:*:*:*:Windows:*:*", "versionStartIncluding": "9.0.0", "versionEndExcluding": "9.0.1"}, {"vulnerable": true, "criteria": "cpe:2.3:a:palo_alto_networks:cortex_xdr_agent:*:*:*:*:*:Windows:*:*", "versionStartIncluding": "8.9.0", "versionEndExcluding": "8.9.1"}, {"vulnerable": true, "criteria": "cpe:2.3:a:palo_alto_networks:cortex_xdr_agent:*:*:*:*:*:Windows:*:*", "versionStartIncluding": "8.7.101", "versionEndExcluding": "8.7.101-ce"}]}]}], "descriptions": [{"lang": "en", "value": "A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows allows a local Windows administrator to disable the agent.\u00a0This issue may be leveraged by malware to perform malicious activity without detection.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows allows a local Windows administrator to disable the agent.&nbsp;This issue may be leveraged by malware to perform malicious activity without detection."}]}], "references": [{"url": "https://security.paloaltonetworks.com/CVE-2026-0232", "tags": ["vendor-advisory"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subAvailabilityImpact": "NONE", "exploitMaturity": "UNREPORTED", "Safety": "NOT_DEFINED", "Automatable": "YES", "Recovery": "USER", "valueDensity": "DIFFUSE", "vulnerabilityResponseEffort": "MODERATE", "providerUrgency": "AMBER", "version": "4.0", "baseSeverity": "MEDIUM", "baseScore": 4, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/AU:Y/R:U/V:D/RE:M/U:Amber"}}], "workarounds": [{"lang": "eng", "value": "No known workarounds exist for this issue.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "No known workarounds exist for this issue."}]}], "solutions": [{"lang": "eng", "value": "To fully remediate this vulnerability, customers must ensure their Content Update is at version 2120 or higher. This update provides the necessary protection across all supported versions of Cortex XDR.\n\nWhile the Content Update provides the primary fix, the following software releases include complementary architectural enhancements to further harden the environment:\n\n * Cortex XDR 9.1.0 (or later)\n * Cortex XDR 9.0.1 (or later)\n * Cortex XDR 8.9.1 (or later)\n * Cortex XDR 8.7.101-CE (or later)\n\nNote for 8.3-CE and 7.9-CE: These versions are fully protected by applying Content Update 2120. No additional software upgrade is required for these versions to mitigate this specific vulnerability.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>To fully remediate this vulnerability, customers must ensure their Content Update is at version 2120 or higher. This update provides the necessary protection across all supported versions of Cortex XDR.</p><p>While the Content Update provides the primary fix, the following software releases include complementary architectural enhancements to further harden the environment:</p><ul><li>Cortex XDR 9.1.0 (or later)</li><li>Cortex XDR 9.0.1 (or later)</li><li>Cortex XDR 8.9.1 (or later)</li><li>Cortex XDR 8.7.101-CE (or later)</li></ul>Note for 8.3-CE and 7.9-CE: These versions are fully protected by applying Content Update 2120. No additional software upgrade is required for these versions to mitigate this specific vulnerability."}]}], "exploits": [{"lang": "en", "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."}]}], "timeline": [{"time": "2026-04-08T16:00:00.000Z", "lang": "en", "value": "Initial publication."}], "credits": [{"lang": "en", "value": "WhatThe0xDoin", "type": "finder"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "x_affectedList": ["Cortex XDR Agent 9.0.0", "Cortex XDR Agent 8.9.0", "Cortex XDR Agent 8.7-CE"]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-13T13:14:26.660757Z", "id": "CVE-2026-0232", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-13T13:27:43.511Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-0232", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-13T13:14:26.660757Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-13T13:15:33.586Z"}}], "cna": {"title": "Cortex XDR Agent: Local Administrator can disable the agent on Windows", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "WhatThe0xDoin"}], "impacts": [{"capecId": "CAPEC-578", "descriptions": [{"lang": "en", "value": "CAPEC-578 Disable Security Software"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "USER", "baseScore": 4, "Automatable": "YES", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/AU:Y/R:U/V:D/RE:M/U:Amber", "exploitMaturity": "UNREPORTED", "providerUrgency": "AMBER", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "MODERATE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Palo Alto Networks", "product": "Cortex XDR Agent", "versions": [{"status": "unaffected", "changes": [{"at": "5.10.14", "status": "unaffected"}], "version": "9.1.0", "lessThan": "5.10.14", "versionType": "custom"}, {"status": "unaffected", "version": "9.0", "versionType": "custom"}, {"status": "unaffected", "version": "8.9", "versionType": "custom"}, {"status": "unaffected", "version": "8.7-CE", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"cpes": ["cpe:2.3:a:palo_alto_networks:cortex_xdr_agent:9.0.0:*:*:*:*:Windows:*:*", "cpe:2.3:a:palo_alto_networks:cortex_xdr_agent:8.9.0:*:*:*:*:Windows:*:*", "cpe:2.3:a:palo_alto_networks:cortex_xdr_agent:8.7-CE:*:*:*:*:Windows:*:*"], "vendor": "Palo Alto Networks", "product": "Cortex XDR Agent", "versions": [{"status": "affected", "changes": [{"at": "9.0.1", "status": "unaffected"}], "version": "9.0", "lessThan": "9.0.1", "versionType": "custom"}, {"status": "affected", "changes": [{"at": "8.9.1", "status": "unaffected"}], "version": "8.9", "lessThan": "8.9.1", "versionType": "custom"}, {"status": "affected", "changes": [{"at": "8.7.101-CE", "status": "unaffected"}], "version": "8.7-CE", "lessThan": "8.7.101-CE", "versionType": "custom"}, {"status": "affected", "changes": [{"at": "8.3-CE", "status": "unaffected"}], "version": "8.3-CE", "lessThan": "8.3-CE-CU-2120", "versionType": "custom"}, {"status": "affected", "changes": [{"at": "7.9-CE", "status": "unaffected"}], "version": "7.9-CE", "lessThan": "7.9-CE-CU-2120", "versionType": "custom"}], "platforms": ["Windows"], "defaultStatus": "unaffected"}], "exploits": [{"lang": "en", "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.", "supportingMedia": [{"type": "text/html", "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.", "base64": false}]}], "timeline": [{"lang": "en", "time": "2026-04-08T16:00:00.000Z", "value": "Initial publication."}], "solutions": [{"lang": "eng", "value": "To fully remediate this vulnerability, customers must ensure their Content Update is at version 2120 or higher. This update provides the necessary protection across all supported versions of Cortex XDR.\n\nWhile the Content Update provides the primary fix, the following software releases include complementary architectural enhancements to further harden the environment:\n\n * Cortex XDR 9.1.0 (or later)\n * Cortex XDR 9.0.1 (or later)\n * Cortex XDR 8.9.1 (or later)\n * Cortex XDR 8.7.101-CE (or later)\n\nNote for 8.3-CE and 7.9-CE: These versions are fully protected by applying Content Update 2120. No additional software upgrade is required for these versions to mitigate this specific vulnerability.", "supportingMedia": [{"type": "text/html", "value": "<p>To fully remediate this vulnerability, customers must ensure their Content Update is at version 2120 or higher. This update provides the necessary protection across all supported versions of Cortex XDR.</p><p>While the Content Update provides the primary fix, the following software releases include complementary architectural enhancements to further harden the environment:</p><ul><li>Cortex XDR 9.1.0 (or later)</li><li>Cortex XDR 9.0.1 (or later)</li><li>Cortex XDR 8.9.1 (or later)</li><li>Cortex XDR 8.7.101-CE (or later)</li></ul>Note for 8.3-CE and 7.9-CE: These versions are fully protected by applying Content Update 2120. No additional software upgrade is required for these versions to mitigate this specific vulnerability.", "base64": false}]}], "datePublic": "2026-04-08T16:00:00.000Z", "references": [{"url": "https://security.paloaltonetworks.com/CVE-2026-0232", "tags": ["vendor-advisory"]}], "workarounds": [{"lang": "eng", "value": "No known workarounds exist for this issue.", "supportingMedia": [{"type": "text/html", "value": "No known workarounds exist for this issue.", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows allows a local Windows administrator to disable the agent.\u00a0This issue may be leveraged by malware to perform malicious activity without detection.", "supportingMedia": [{"type": "text/html", "value": "A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows allows a local Windows administrator to disable the agent.&nbsp;This issue may be leveraged by malware to perform malicious activity without detection.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-15", "description": "CWE-15: External Control of System or Configuration Setting"}]}], "x_affectedList": ["Cortex XDR Agent 9.0.0", "Cortex XDR Agent 8.9.0", "Cortex XDR Agent 8.7-CE"], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:palo_alto_networks:cortex_xdr_agent:*:*:*:*:*:Windows:*:*", "vulnerable": true, "versionEndExcluding": "9.0.1", "versionStartIncluding": "9.0.0"}, {"criteria": "cpe:2.3:a:palo_alto_networks:cortex_xdr_agent:*:*:*:*:*:Windows:*:*", "vulnerable": true, "versionEndExcluding": "8.9.1", "versionStartIncluding": "8.9.0"}, {"criteria": "cpe:2.3:a:palo_alto_networks:cortex_xdr_agent:*:*:*:*:*:Windows:*:*", "vulnerable": true, "versionEndExcluding": "8.7.101-ce", "versionStartIncluding": "8.7.101"}], "operator": "OR"}], "operator": "OR"}], "providerMetadata": {"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "shortName": "palo_alto", "dateUpdated": "2026-04-13T07:22:48.325Z"}}}, "cveMetadata": {"cveId": "CVE-2026-0232", "state": "PUBLISHED", "dateUpdated": "2026-04-13T13:27:43.511Z", "dateReserved": "2025-11-03T20:43:53.493Z", "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "datePublished": "2026-04-13T07:22:48.325Z", "assignerShortName": "palo_alto"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows allows a local Windows administrator to disable the agent.\u00a0This issue may be leveraged by malware to perform malicious activity without detection."}], "id": "CVE-2026-0232", "lastModified": "2026-04-13T15:01:43.663", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "YES", "Recovery": "USER", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 4.0, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "UNREPORTED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "AMBER", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:D/RE:M/U:Amber", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "MODERATE"}, "source": "psirt@paloaltonetworks.com", "type": "Secondary"}]}, "published": "2026-04-13T08:16:20.900", "references": [{"source": "psirt@paloaltonetworks.com", "url": "https://security.paloaltonetworks.com/CVE-2026-0232"}], "sourceIdentifier": "psirt@paloaltonetworks.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-15"}], "source": "psirt@paloaltonetworks.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[9.1.0,5.10.14)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "9.0"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "8.9"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "8.7-CE"}}, {"platform": ["windows"], "status": "affected", "versions": {"scheme": "generic", "value": "[9.0,9.0.1)"}}, {"platform": ["windows"], "status": "affected", "versions": {"scheme": "generic", "value": "[8.9,8.9.1)"}}, {"platform": ["windows"], "status": "affected", "versions": {"scheme": "generic", "value": "[8.7-CE,8.7.101-CE)"}}, {"platform": ["windows"], "status": "affected", "versions": {"scheme": "generic", "value": "[8.3-CE,8.3-CE-CU-2120)"}}, {"platform": ["windows"], "status": "affected", "versions": {"scheme": "generic", "value": "[7.9-CE,7.9-CE-CU-2120)"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "cortex_xdr_agent", "vendor": "palo_alto_networks"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[9.1.0,5.10.14)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "9.0"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "8.9"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "8.7-CE"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Cortex XDR Agent", "source": "cna", "vendor": "Palo Alto Networks"}, "product": "cortex_xdr_agent", "vendor": "palo_alto_networks"}, {"configurations": [{"platform": ["windows"], "status": "affected", "versions": {"scheme": "generic", "value": "[9.0,9.0.1)"}}, {"platform": ["windows"], "status": "affected", "versions": {"scheme": "generic", "value": "[8.9,8.9.1)"}}, {"platform": ["windows"], "status": "affected", "versions": {"scheme": "generic", "value": "[8.7-CE,8.7.101-CE)"}}, {"platform": ["windows"], "status": "affected", "versions": {"scheme": "generic", "value": "[8.3-CE,8.3-CE-CU-2120)"}}, {"platform": ["windows"], "status": "affected", "versions": {"scheme": "generic", "value": "[7.9-CE,7.9-CE-CU-2120)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Cortex XDR Agent", "source": "cna", "vendor": "Palo Alto Networks"}, "product": "cortex_xdr_agent", "vendor": "palo_alto_networks"}], "analysis": {"en": {"generated_at": "2026-04-13T09:20:50.101806+00:00", "value": {"mitigation_remediation": ["Apply Content Update 2120 or later", "If running an older software release, upgrade to Cortex XDR 9.1.0 or a later supported version (9.0.1, 8.9.1, or 8.7.101\u2011CE)", "For versions 8.3\u2011CE and 7.9\u2011CE, apply content update 2120 only", "No known workarounds exist"], "summary": {"action": "Patch", "impact": "Agent disablement enabling undetected activity"}, "threat_synthesis": {"affected_systems": "All installations of Cortex XDR Agent on Windows that have not applied content update 2120 are vulnerable, including older releases such as 8.7\u2011CE, 8.9.0, 9.0.0 and earlier. Installing the content update 2120 or upgrading the product to version 9.1.0, 9.0.1, 8.9.1, or 8.7.101\u2011CE removes the flaw. For releases 8.3\u2011CE and 7.9\u2011CE, applying content update 2120 alone is sufficient.", "description_and_impact": "A flaw in the protection mechanism of the Palo Alto Networks Cortex XDR agent on Windows allows a user with local administrator privileges to disable the agent, effectively turning off endpoint detection controls. The weakness is tracked as CWE\u201115, external control of system configuration, and while it does not grant remote code execution, it permits malicious activity to proceed without triggering the agent\u2019s alerts.", "risk_and_exploitability": "The CVSS score of 4.0 indicates a medium severity. Exploitation requires local administrator rights and does not provide remote code execution, but disabling the agent undermines the monitoring posture and increases the risk of undetected compromise. EPSS data are not available, and the vulnerability is not listed in the CISA KEV catalog. No workaround has been provided, so submittent remediation via patch or upgrade is the only mitigation path."}}}}, "created": "2026-04-13T12:36:47.484524+00:00", "updated": "2026-04-13T12:52:35.862052+00:00", "vendors": ["palo_alto_networks", "palo_alto_networks$PRODUCT$cortex_xdr_agent"]}