Palo Alto Networks has issued important updates to fix 3 different flaws in its security products. These issues affect the Cortex XDR Agent, the Autonomous Digital Experience Manager (ADEM), and Cortex XSOAR/XSIAM platforms. The flaws include ways to skip local protection and access resources without permission.
The first flaw, known as CVE-2026-0232, impacts the Cortex XDR Agent on Windows computers. There is an issue with a safety feature that lets a local Windows admin turn off the agent completely.
Affected Versions: Cortex XDR Agent versions 9.0 (prior to 9.0.1 without CU-2120), 8.9 (prior to 8.9.1 without CU-2120), and several CE versions.
The Fix: Users should upgrade to 9.1 or apply CU-2120.
Another flaw is in a local privilege escalation vulnerability in the Autonomous Digital Experience Manager (ADEM) for Windows. This vulnerability, tracked as CVE-2026-0233, allows a local Windows user to “execute arbitrary code with NT AUTHORITY\SYSTEM privileges”.
An attacker could take full control of the machine by getting the highest system access. They could also install backdoors or steal sensitive data.
Affected Versions: ADEM on Windows versions prior to 5.10.14.
The Fix: Palo Alto Networks urges upgrading to version 5.10.14 or newer.
The final advisory highlights an “improper verification of cryptographic signature” within the Microsoft Teams integration for the Cortex XSOAR and XSIAM platforms.
This serious problem, known as CVE-2026-0234 (CVSS 7.2), is worrying because it lets anyone without a login get into and change protected information. By avoiding signature checks, a hacker could insert themselves into secure chats or alter platform data.
Affected Versions: Cortex XSIAM and XSOAR Microsoft Teams Marketplace versions prior to 1.5.52.
The Fix: Administrators should update to Marketplace integration version 1.5.52 or higher.
Palo Alto Networks says it does not know of any bad uses of these flaws right now. Still, companies are encouraged to quickly install these updates to keep their defenses strong.
InfoSecBulletin Cybersecurity for mankind
