Palo Alto Networks Security Advisories / CVE-2026-0276

CVE-2026-0276 Cortex XDR Broker VM: Privilege Escalation (PE) Vulnerability

Urgency MODERATE

047910
Severity 1.1 · LOW
Exploit Maturity UNREPORTED
Response Effort MODERATE
Recovery USER
Value Density DIFFUSE
Attack Vector LOCAL
Attack Complexity LOW
Attack Requirements NONE
Automatable NO
User Interaction NONE
Product Confidentiality LOW
Product Integrity LOW
Product Availability LOW
Privileges Required LOW
Subsequent Confidentiality NONE
Subsequent Integrity NONE
Subsequent Availability NONE

Description

A privilege escalation vulnerability in Palo Alto Networks Cortex® XDR Broker VM enables a locally authenticated user to perform actions as the root user.

Product Status

VersionsAffectedUnaffected
Cortex XDR Broker VM 20.0.96< 31.0.58>= 31.0.58

Required Configuration for Exposure

No special configuration is required to be affected by this issue.

Severity: LOW, Suggested Urgency: MODERATE

CVSS-BT: 1.1 / CVSS-B: 4.8 (CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber)

Exploitation Status

Palo Alto Networks is not aware of any malicious exploitation of this issue.

Weakness Type and Impact

CWE-269 — Improper Privilege Management

CAPEC-233 Privilege Escalation

Solution

This issue is fixed in Cortex XDR Broker VM 31.0.58, and all later Cortex XDR Broker VM versions.

Workarounds and Mitigations

No known workarounds exist for this issue.

Acknowledgments

Palo Alto Networks thanks Martin Rougeron for discovering and reporting this issue

CPE Applicability

Timeline

Initial publication.
© 2026 Palo Alto Networks, Inc. All rights reserved.