CVE-2026-0238 Broker VM: Improper Input Validation in Broker VM Certificate and Key Fields
Exploit Maturity
UNREPORTED
Response Effort
MODERATE
Recovery
USER
Value Density
DIFFUSE
Attack Vector
LOCAL
Attack Complexity
LOW
Attack Requirements
NONE
Automatable
NO
User Interaction
NONE
Product Confidentiality
NONE
Product Integrity
LOW
Product Availability
NONE
Privileges Required
LOW
Subsequent Confidentiality
NONE
Subsequent Integrity
LOW
Subsequent Availability
NONE
Description
A vulnerability in Palo Alto Networks Broker VM allows an authenticated administrator to inject arbitrary content into certain Broker VM fields.
Product Status
| Versions | Affected | Unaffected |
|---|---|---|
| Broker VM 30.0 | < 30.0.24 | >= 30.0.24 |
Required Configuration for Exposure
No special configuration is required to be affected by this issue.
Severity: LOW, Suggested Urgency: MODERATE
CVSS-BT: 1.1 / CVSS-B: 4.8 (CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber)
Exploitation Status
Palo Alto Networks is not aware of any malicious exploitation of this issue.
Weakness Type and Impact
CWE-20 Improper Input Validation
CAPEC-153 Input Data Manipulation
Solution
| Version | Minor Version | Suggested Solution |
|---|---|---|
| Broker VM 30.0 | 30.0.24 or earlier | Upgrade to 30.0.24 or later. |
Workarounds and Mitigations
No known workarounds exist for this issue.
Acknowledgments
This issue was discovered during an internal penetration test.
CPE Applicability
- cpe:2.3:a:palo_alto_networks:broker_vm:*:*:*:*:*:*:*:* is vulnerable from (including)30.0.0 and up to (excluding)30.0.24
Timeline
Initial Publication.