Palo Alto Networks Security Advisories / CVE-2026-0270

CVE-2026-0270 Cortex XSOAR: Path Traversal Vulnerability

Description

A path traversal vulnerability in Palo Alto Networks Cortex XSOAR engine software running on Linux allows an unauthenticated attacker on an adjacent network, with the ability to intercept and manipulate network response traffic via a man-in-the-middle (MITM) attack, to write arbitrary files to the host.

Product Status

Versions	Affected	Unaffected
Cortex XSOAR 8.13	< 8.13.1 on Linux	>= 8.13.1 on Linux
Cortex XSOAR 8.12	All	None
Cortex XSOAR 8.11	All	None
Cortex XSOAR 8.10	All	None

Required Configuration for Exposure

No special configuration is required.

Severity: MEDIUM, Suggested Urgency: MODERATE

CVSS-BT: 4.8 / CVSS-B: 7.5 (CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:Y/R:U/V:D/RE:M/U:Amber)

Exploitation Status

Palo Alto Networks is not aware of any malicious exploitation of this issue.

Weakness Type and Impact

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CAPEC-88 OS Command Injection

Solution

Version	Minor Version	Suggested Solution
Cortex XSOAR 8.13 on Linux	8.13.0 through	Upgrade to 8.13.1 or later.

Workarounds and Mitigations

Palo Alto Networks is not aware of any malicious exploitation of these issues.

Acknowledgments

CPE Applicability

• • cpe:2.3:a:palo_alto_networks:cortex_xsoar:*:*:*:*:*:Linux:*:* is vulnerable from (including)8.13.0 and up to (excluding)8.13.1
• or
  • cpe:2.3:a:palo_alto_networks:cortex_xsoar:*:*:*:*:*:*:*:* is vulnerable from (including)8.12.0
  • ORcpe:2.3:a:palo_alto_networks:cortex_xsoar:*:*:*:*:*:*:*:* is vulnerable from (including)8.11.0
  • ORcpe:2.3:a:palo_alto_networks:cortex_xsoar:*:*:*:*:*:*:*:* is vulnerable from (including)8.10.0

Timeline