{"document":{"category":"csaf_vex","csaf_version":"2.1","notes":[{"category":"summary","text":"Palo Alto Networks PSIRT provided VEX document. This document is autogenerated.","title":"Trust Protection Foundation: Sensitive Information Disclosure Vulnerability"}],"publisher":{"category":"vendor","name":"Palo Alto Networks","namespace":"https://security.paloaltonetworks.com"},"title":"Palo Alto Networks PSIRT provided VEX document: CVE-2026-0240","distribution":{"text":"Copyright © 2024 Palo Alto Networks. All rights reserved.","tlp":{"label":"CLEAR","url":"https://www.first.org/tlp/"}},"tracking":{"current_release_date":"2026-05-13T21:55:08.507Z","generator":{"date":"2026-05-13T21:55:08.507Z","engine":{"name":"Vulnogram","version":"0.1.0-dev"}},"id":"CVE-2026-0240","initial_release_date":"2026-05-13T16:00:00.000Z","revision_history":[{"number":"1","date":"2026-05-13T09:00:00.000Z","summary":"Initial publication."}],"status":"final","version":"1"}},"product_tree":{"branches":[{"name":"Palo Alto Networks","category":"vendor","branches":[{"name":"Trust Protection Foundation","category":"product_name","branches":[{"category":"product_version_range","name":"vers:generic/Trust Protection Foundation<25.3.3","product":{"name":"Palo Alto Networks Trust Protection Foundation","product_id":"PANW-Trust-Protection-Foundation-1"}},{"category":"product_version_range","name":"vers:generic/Trust Protection Foundation>=25.3.3","product":{"name":"Palo Alto Networks Trust Protection Foundation","product_id":"PANW-Trust-Protection-Foundation-1"}},{"category":"product_version_range","name":"vers:generic/Trust Protection Foundation<25.1.8","product":{"name":"Palo Alto Networks Trust Protection Foundation","product_id":"PANW-Trust-Protection-Foundation-2"}},{"category":"product_version_range","name":"vers:generic/Trust Protection Foundation>=25.1.8","product":{"name":"Palo Alto Networks Trust Protection Foundation","product_id":"PANW-Trust-Protection-Foundation-2"}},{"category":"product_version_range","name":"vers:generic/Trust Protection Foundation<24.3.6","product":{"name":"Palo Alto Networks Trust Protection Foundation","product_id":"PANW-Trust-Protection-Foundation-3"}},{"category":"product_version_range","name":"vers:generic/Trust Protection Foundation>=24.3.6","product":{"name":"Palo Alto Networks Trust Protection Foundation","product_id":"PANW-Trust-Protection-Foundation-3"}},{"category":"product_version_range","name":"vers:generic/Trust Protection Foundation<24.1.13","product":{"name":"Palo Alto Networks Trust Protection Foundation","product_id":"PANW-Trust-Protection-Foundation-4"}},{"category":"product_version_range","name":"vers:generic/Trust Protection Foundation>=24.1.13","product":{"name":"Palo Alto Networks Trust Protection Foundation","product_id":"PANW-Trust-Protection-Foundation-4"}}]}]}]},"vulnerabilities":[{"cve":"CVE-2026-0240","product_status":{"fixed":["PANW-Trust-Protection-Foundation-1","PANW-Trust-Protection-Foundation-2","PANW-Trust-Protection-Foundation-3","PANW-Trust-Protection-Foundation-4"],"known_affected":["PANW-Trust-Protection-Foundation-1","PANW-Trust-Protection-Foundation-2","PANW-Trust-Protection-Foundation-3","PANW-Trust-Protection-Foundation-4"]},"notes":[{"category":"description","text":"An information disclosure vulnerability in Trust Protection Foundation enables an authenticated attacker to obtain sensitive information from the server's vault. Successful exploitation of this issue allows the attacker to impersonate any user within the environment and arbitrarily modify configuration settings."}],"references":[{"category":"external","summary":"NVD - CVE-2026-0240","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-0240"},{"category":"self","summary":"Palo Alto Networks Security Advisory CVE-2026-0240","url":"https://security.paloaltonetworks.com/CVE-2026-0240"}],"threats":[{"category":"impact","description":"An information disclosure vulnerability in Trust Protection Foundation enables an authenticated attacker to obtain sensitive information from the server's vault. Successful exploitation of this issue allows the attacker to impersonate any user within the environment and arbitrarily modify configuration settings."}],"scores":[{"cvss_v4":{"version":"4.0","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","subConfidentialityImpact":"LOW","vulnIntegrityImpact":"HIGH","subIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subAvailabilityImpact":"NONE","Safety":"NOT_DEFINED","Automatable":"NO","Recovery":"USER","valueDensity":"DIFFUSE","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"AMBER","exploitMaturity":"UNREPORTED","baseSeverity":"HIGH","baseScore":7.4,"threatSeverity":"MEDIUM","threatScore":4.5,"vectorString":"CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber"},"products":["PANW-Trust-Protection-Foundation-1","PANW-Trust-Protection-Foundation-2","PANW-Trust-Protection-Foundation-3","PANW-Trust-Protection-Foundation-4"]}]}]}