Palo Alto Networks Security Advisories / CVE-2024-3094

CVE-2024-3094 Informational: Impact of Malicious Code in XZ Tools and Libraries (CVE-2024-3094)



The Palo Alto Networks Product Security Assurance team has evaluated the supply chain compromise impacting versions 5.6.0 and 5.6.1 of XZ tools and libraries. These versions of the software may allow unauthorized access to affected systems.

Based on the information presently known, Palo Alto Networks products and cloud services do not contain affected XZ software packages and are not impacted by these issues.

Please refer to the Unit42 Threat Brief for the latest guidance and product offerings to protect customers from CVE-2024-3094 in their environments:

CVE-2024-3094Malicious code in distributed source tarballs of xz, starting with version 5.6.0

Product Status

Cloud NGFW Noneall
Cortex XDR Noneall
Cortex XDR Agent Noneall
GlobalProtect App Noneall
PAN-OS Noneall
Prisma Access Noneall
Prisma Cloud Noneall
Prisma Cloud Compute Noneall

Weakness Type

CWE-506: Embedded Malicious Code


No software updates are required at this time.


Initial Publication
© 2024 Palo Alto Networks, Inc. All rights reserved.