CVE-2026-0234 Cortex XSOAR: Improper Verification of Cryptographic Signature in Microsoft Teams integration

Palo Alto Networks Security Advisories / CVE-2026-0234

CVE-2026-0234 Cortex XSOAR: Improper Verification of Cryptographic Signature in Microsoft Teams integration

Urgency HIGHEST

Severity 7.2 · HIGH

Exploit Maturity UNREPORTED

Response Effort MODERATE

Recovery USER

Value Density DIFFUSE

Attack Vector NETWORK

Attack Complexity HIGH

Attack Requirements PRESENT

Automatable NO

User Interaction NONE

Product Confidentiality HIGH

Product Integrity HIGH

Product Availability HIGH

Privileges Required NONE

Subsequent Confidentiality NONE

Subsequent Integrity NONE

Subsequent Availability NONE

CVE JSON CSAF

Published 2026-04-08

Updated 2026-04-08

Discovered externally

Description

An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR and Cortex XSIAM platforms during integration of Microsoft Teams that enables an unauthenticated user to access and modify protected resources.

Product Status

Versions	Affected	Unaffected
Cortex XSIAM Microsoft Teams Marketplace 1.5.0	< 1.5.52	>= 1.5.52
Cortex XSOAR Microsoft Teams Marketplace 1.5.0	< 1.5.52	>= 1.5.52

Severity: HIGH, Suggested Urgency: HIGHEST

CVSS-BT: 7.2 / CVSS-B: 9.2 (CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Red)

Exploitation Status

Palo Alto Networks is not aware of any malicious exploitation of this issue.

Weakness Type and Impact

CWE-347 Improper Verification of Cryptographic Signature

CAPEC-475 Signature Spoofing by Improper Validation

Solution

Version	Minor Version	Suggested Solution
Cortex XSOAR Microsoft Teams Marketplace 1.5	1.5.0 through 1.5.51	Upgrade to 1.5.52 or later.
Cortex XSIAM Microsoft Teams Marketplace 1.5	1.5.0 through 1.5.51	Upgrade to 1.5.52 or later.

Workarounds and Mitigations

No known workarounds exist for this issue.

Acknowledgments

Palo Alto Networks thanks quinn for discovering and reporting this issue.

CPE Applicability

- cpe:2.3:a:palo_alto_networks:cortex_xsoar_microsoft_teams_marketplace:*:*:*:*:*:*:*:* is vulnerable from (including)1.5.0 and up to (excluding)1.5.52
or
- cpe:2.3:a:palo_alto_networks:cortex_xsiam_microsoft_teams_marketplace:*:*:*:*:*:*:*:* is vulnerable from (including)1.5.0 and up to (excluding)1.5.52

Timeline

2026-04-08 Initial Publication