Primary

Context

Palo Alto Networks Cortex XDR Broker VM Code Injection Vulnerability Allowing Root Privilege Escalation

Vulnerability

A code injection vulnerability has been identified in the Palo Alto Networks Cortex XDR Broker VM, specifically in versions prior to 26.0.119. This vulnerability allows an authenticated user to execute arbitrary code with root privileges on the host operating system where the Broker VM is running.

Impact

Exploitation of this vulnerability could lead to unauthorized code execution with root privileges on the host operating system.

Remediation

Users can upgrade to Cortex XDR Broker VM version 26.0.119 or later to address this vulnerability. For those who have not enabled automatic upgrades, it is recommended to do so to ensure the latest security patches are applied.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

5.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

5.7

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

5.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

5.7

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Palo Alto Networks Cortex XDR Broker VM Code Injection Vulnerability Allowing Root Privilege Escalation

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating