{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-0233", "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "state": "PUBLISHED", "assignerShortName": "palo_alto", "dateReserved": "2025-11-03T20:43:54.324Z", "datePublished": "2026-04-13T07:17:34.585Z", "dateUpdated": "2026-04-13T13:35:50.988Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "shortName": "palo_alto", "dateUpdated": "2026-04-13T07:17:34.585Z"}, "title": "Autonomous Digital Experience Manager: Improper validation of ADEM certificate", "datePublic": "2026-04-08T16:00:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-295", "description": "CWE-295: Improper Certificate Validation", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-187", "descriptions": [{"lang": "en", "value": "CAPEC-187 Malicious Automated Software Update"}]}], "affected": [{"vendor": "Palo Alto Networks", "product": "Autonomous Digital Experience Manager", "versions": [{"status": "affected", "version": "5.10.0", "lessThan": "5.10.14", "changes": [{"at": "5.10.14", "status": "unaffected"}], "versionType": "custom"}], "defaultStatus": "unaffected", "platforms": ["Windows"]}], "cpeApplicability": [{"operator": "OR", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:palo_alto_networks:autonomous_digital_experience_manager:*:*:*:*:*:Windows:*:*", "versionStartIncluding": "5.10.0", "versionEndExcluding": "5.10.14"}]}]}], "descriptions": [{"lang": "en", "value": "A certificate validation vulnerability in Palo Alto Networks Autonomous Digital Experience Manager on Windows allows an unauthenticated attacker with adjacent network access to execute arbitrary code with NT AUTHORITY\\SYSTEM privileges.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "A certificate validation vulnerability in Palo Alto Networks Autonomous Digital Experience Manager on Windows allows an unauthenticated attacker with adjacent network access to execute arbitrary code with NT AUTHORITY\\SYSTEM privileges."}]}], "references": [{"url": "https://security.paloaltonetworks.com/CVE-2026-0233", "tags": ["vendor-advisory"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "PHYSICAL", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subAvailabilityImpact": "NONE", "exploitMaturity": "UNREPORTED", "Safety": "NOT_DEFINED", "Automatable": "NO", "Recovery": "USER", "valueDensity": "DIFFUSE", "vulnerabilityResponseEffort": "MODERATE", "providerUrgency": "GREEN", "version": "4.0", "baseSeverity": "LOW", "baseScore": 2, "vectorString": "CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Green"}}], "workarounds": [{"lang": "eng", "value": "No known workarounds exist for this issue.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "No known workarounds exist for this issue."}]}], "solutions": [{"lang": "eng", "value": "Version\nMinor Version\nSuggested Solution\n\n Autonomous Digital Experience Manager 5.10 on Windows\n\n 5.10.0 through 5.10.14\n Upgrade to 5.10.14 or later.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<table><thead><tr><th>Version<br></th><th>Minor Version<br></th><th>Suggested Solution<br></th></tr></thead><tbody><tr>\n <td>Autonomous Digital Experience Manager 5.10 on Windows<br></td>\n <td>5.10.0 through 5.10.14</td>\n <td>Upgrade to 5.10.14 or later.</td>\n </tr></tbody></table>"}]}], "exploits": [{"lang": "en", "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."}]}], "timeline": [{"time": "2026-04-08T16:00:00.000Z", "lang": "en", "value": "Initial publication."}, {"time": "2026-04-08T18:05:00.000Z", "lang": "en", "value": "Corrected the version ranges."}], "credits": [{"lang": "en", "value": "David Fischer with OBI", "type": "finder"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "configurations": [{"lang": "eng", "value": "No special configuration is required to be affected by this issue.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "No special configuration is required to be affected by this issue."}]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-13T13:35:00.659053Z", "id": "CVE-2026-0233", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-13T13:35:50.988Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-0233", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-13T13:35:00.659053Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-13T13:35:44.902Z"}}], "cna": {"title": "Autonomous Digital Experience Manager: Improper validation of ADEM certificate", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "David Fischer with OBI"}], "impacts": [{"capecId": "CAPEC-187", "descriptions": [{"lang": "en", "value": "CAPEC-187 Malicious Automated Software Update"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "USER", "baseScore": 2, "Automatable": "NO", "attackVector": "PHYSICAL", "baseSeverity": "LOW", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Green", "exploitMaturity": "UNREPORTED", "providerUrgency": "GREEN", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "MODERATE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Palo Alto Networks", "product": "Autonomous Digital Experience Manager", "versions": [{"status": "affected", "changes": [{"at": "5.10.14", "status": "unaffected"}], "version": "5.10.0", "lessThan": "5.10.14", "versionType": "custom"}], "platforms": ["Windows"], "defaultStatus": "unaffected"}], "exploits": [{"lang": "en", "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.", "supportingMedia": [{"type": "text/html", "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.", "base64": false}]}], "timeline": [{"lang": "en", "time": "2026-04-08T16:00:00.000Z", "value": "Initial publication."}, {"lang": "en", "time": "2026-04-08T18:05:00.000Z", "value": "Corrected the version ranges."}], "solutions": [{"lang": "eng", "value": "Version\nMinor Version\nSuggested Solution\n\n Autonomous Digital Experience Manager 5.10 on Windows\n\n 5.10.0 through 5.10.14\n Upgrade to 5.10.14 or later.", "supportingMedia": [{"type": "text/html", "value": "<table><thead><tr><th>Version<br></th><th>Minor Version<br></th><th>Suggested Solution<br></th></tr></thead><tbody><tr>\n <td>Autonomous Digital Experience Manager 5.10 on Windows<br></td>\n <td>5.10.0 through 5.10.14</td>\n <td>Upgrade to 5.10.14 or later.</td>\n </tr></tbody></table>", "base64": false}]}], "datePublic": "2026-04-08T16:00:00.000Z", "references": [{"url": "https://security.paloaltonetworks.com/CVE-2026-0233", "tags": ["vendor-advisory"]}], "workarounds": [{"lang": "eng", "value": "No known workarounds exist for this issue.", "supportingMedia": [{"type": "text/html", "value": "No known workarounds exist for this issue.", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "A certificate validation vulnerability in Palo Alto Networks Autonomous Digital Experience Manager on Windows allows an unauthenticated attacker with adjacent network access to execute arbitrary code with NT AUTHORITY\\SYSTEM privileges.", "supportingMedia": [{"type": "text/html", "value": "A certificate validation vulnerability in Palo Alto Networks Autonomous Digital Experience Manager on Windows allows an unauthenticated attacker with adjacent network access to execute arbitrary code with NT AUTHORITY\\SYSTEM privileges.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-295", "description": "CWE-295: Improper Certificate Validation"}]}], "configurations": [{"lang": "eng", "value": "No special configuration is required to be affected by this issue.", "supportingMedia": [{"type": "text/html", "value": "No special configuration is required to be affected by this issue.", "base64": false}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:palo_alto_networks:autonomous_digital_experience_manager:*:*:*:*:*:Windows:*:*", "vulnerable": true, "versionEndExcluding": "5.10.14", "versionStartIncluding": "5.10.0"}], "operator": "OR"}], "operator": "OR"}], "providerMetadata": {"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "shortName": "palo_alto", "dateUpdated": "2026-04-13T07:17:34.585Z"}}}, "cveMetadata": {"cveId": "CVE-2026-0233", "state": "PUBLISHED", "dateUpdated": "2026-04-13T13:35:50.988Z", "dateReserved": "2025-11-03T20:43:54.324Z", "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "datePublished": "2026-04-13T07:17:34.585Z", "assignerShortName": "palo_alto"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A certificate validation vulnerability in Palo Alto Networks Autonomous Digital Experience Manager on Windows allows an unauthenticated attacker with adjacent network access to execute arbitrary code with NT AUTHORITY\\SYSTEM privileges."}], "id": "CVE-2026-0233", "lastModified": "2026-04-13T15:01:43.663", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NO", "Recovery": "USER", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "PHYSICAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 2.0, "baseSeverity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "UNREPORTED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "GREEN", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Green", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "MODERATE"}, "source": "psirt@paloaltonetworks.com", "type": "Secondary"}]}, "published": "2026-04-13T08:16:22.150", "references": [{"source": "psirt@paloaltonetworks.com", "url": "https://security.paloaltonetworks.com/CVE-2026-0233"}], "sourceIdentifier": "psirt@paloaltonetworks.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-295"}], "source": "psirt@paloaltonetworks.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": ["windows"], "status": "affected", "versions": {"scheme": "semver", "value": "[5.10.0,5.10.14)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Autonomous Digital Experience Manager", "source": "cna", "vendor": "Palo Alto Networks"}, "product": "autonomous_digital_experience_manager", "vendor": "palo_alto_networks"}], "analysis": {"en": {"generated_at": "2026-04-13T08:50:41.940638+00:00", "value": {"mitigation_remediation": ["Apply the official update to version 5.10.14 or later immediately.", "Verify that the patch has been applied to all Windows instances of Autonomous Digital Experience Manager.", "Restrict inbound network reachability to the ADEM instance to trusted IP ranges while monitoring for suspicious traffic.", "Continuously review logs for certificate validation failures or unusual activity."], "summary": {"action": "Patch Now", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "The vulnerability affects Palo Alto Networks Autonomous Digital Experience Manager versions 5.10.0 through 5.10.14 on Windows. Users running any of these releases should confirm their version and consider updating to a patched release.", "description_and_impact": "An improper validation of an ADEM certificate allows an unauthenticated attacker to execute code with NT AUTHORITY\\SYSTEM privileges on Windows deployments of Autonomous Digital Experience Manager. The flaw arises because the application does not properly verify the trustworthiness of presented certificates, leading to elevation of privilege to system level when exploited.", "risk_and_exploitability": "The CVSS score of 2.0 reflects a lower severity classification, yet the privilege escalation to SYSTEM is critical. No EPSS score is available. The likely attack vector is an attacker with adjacent network access; this inference comes from the description stating the attacker does not need authentication and must reach the vulnerable service locally or over an internal network. Exploitation requires supplying a malicious or improperly signed certificate to the ADEM instance, after which arbitrary code runs with full system privileges."}}}}, "created": "2026-04-13T12:36:48.503997+00:00", "updated": "2026-04-13T12:52:36.810319+00:00", "vendors": ["palo_alto_networks", "palo_alto_networks$PRODUCT$autonomous_digital_experience_manager"]}