{"document":{"category":"csaf_vex","csaf_version":"2.1","notes":[{"category":"summary","text":"Palo Alto Networks PSIRT provided VEX document. This document is autogenerated.","title":"Trust Protection Foundation: SQL Injection Vulnerability"}],"publisher":{"category":"vendor","name":"Palo Alto Networks","namespace":"https://security.paloaltonetworks.com"},"title":"Palo Alto Networks PSIRT provided VEX document: CVE-2026-0242","distribution":{"text":"Copyright © 2024 Palo Alto Networks. All rights reserved.","tlp":{"label":"CLEAR","url":"https://www.first.org/tlp/"}},"tracking":{"current_release_date":"2026-05-13T21:55:46.445Z","generator":{"date":"2026-05-13T21:55:46.445Z","engine":{"name":"Vulnogram","version":"0.1.0-dev"}},"id":"CVE-2026-0242","initial_release_date":"2026-05-13T16:00:00.000Z","revision_history":[{"number":"1","date":"2026-05-13T09:00:00.000Z","summary":"Initial publication."}],"status":"final","version":"1"}},"product_tree":{"branches":[{"name":"Palo Alto Networks","category":"vendor","branches":[{"name":"Trust Protection Foundation","category":"product_name","branches":[{"category":"product_version_range","name":"vers:generic/Trust Protection Foundation<25.3.3","product":{"name":"Palo Alto Networks Trust Protection Foundation","product_id":"PANW-Trust-Protection-Foundation-1"}},{"category":"product_version_range","name":"vers:generic/Trust Protection Foundation>=25.3.3","product":{"name":"Palo Alto Networks Trust Protection Foundation","product_id":"PANW-Trust-Protection-Foundation-1"}},{"category":"product_version_range","name":"vers:generic/Trust Protection Foundation<25.1.8","product":{"name":"Palo Alto Networks Trust Protection Foundation","product_id":"PANW-Trust-Protection-Foundation-2"}},{"category":"product_version_range","name":"vers:generic/Trust Protection Foundation>=25.1.8","product":{"name":"Palo Alto Networks Trust Protection Foundation","product_id":"PANW-Trust-Protection-Foundation-2"}},{"category":"product_version_range","name":"vers:generic/Trust Protection Foundation<24.3.6","product":{"name":"Palo Alto Networks Trust Protection Foundation","product_id":"PANW-Trust-Protection-Foundation-3"}},{"category":"product_version_range","name":"vers:generic/Trust Protection Foundation>=24.3.6","product":{"name":"Palo Alto Networks Trust Protection Foundation","product_id":"PANW-Trust-Protection-Foundation-3"}},{"category":"product_version_range","name":"vers:generic/Trust Protection Foundation<24.1.13","product":{"name":"Palo Alto Networks Trust Protection Foundation","product_id":"PANW-Trust-Protection-Foundation-4"}},{"category":"product_version_range","name":"vers:generic/Trust Protection Foundation>=24.1.13","product":{"name":"Palo Alto Networks Trust Protection Foundation","product_id":"PANW-Trust-Protection-Foundation-4"}}]}]}]},"vulnerabilities":[{"cve":"CVE-2026-0242","product_status":{"fixed":["PANW-Trust-Protection-Foundation-1","PANW-Trust-Protection-Foundation-2","PANW-Trust-Protection-Foundation-3","PANW-Trust-Protection-Foundation-4"],"known_affected":["PANW-Trust-Protection-Foundation-1","PANW-Trust-Protection-Foundation-2","PANW-Trust-Protection-Foundation-3","PANW-Trust-Protection-Foundation-4"]},"notes":[{"category":"description","text":"A SQL injection vulnerability in Trust Protection Foundation allows an authenticated attacker to execute arbitrary SQL commands against the product database. Successful exploitation could allow an attacker to read sensitive data, modify database contents, and escalate privileges to gain full administrative control of the platform."}],"references":[{"category":"external","summary":"NVD - CVE-2026-0242","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-0242"},{"category":"self","summary":"Palo Alto Networks Security Advisory CVE-2026-0242","url":"https://security.paloaltonetworks.com/CVE-2026-0242"}],"threats":[{"category":"impact","description":"A SQL injection vulnerability in Trust Protection Foundation allows an authenticated attacker to execute arbitrary SQL commands against the product database. Successful exploitation could allow an attacker to read sensitive data, modify database contents, and escalate privileges to gain full administrative control of the platform."}],"scores":[{"cvss_v4":{"version":"4.0","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","subConfidentialityImpact":"LOW","vulnIntegrityImpact":"HIGH","subIntegrityImpact":"LOW","vulnAvailabilityImpact":"HIGH","subAvailabilityImpact":"NONE","Safety":"NOT_DEFINED","Automatable":"YES","Recovery":"USER","valueDensity":"CONCENTRATED","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"AMBER","exploitMaturity":"UNREPORTED","baseSeverity":"HIGH","baseScore":8.6,"threatSeverity":"MEDIUM","threatScore":6.1,"vectorString":"CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N/E:U/AU:Y/R:U/V:C/RE:M/U:Amber"},"products":["PANW-Trust-Protection-Foundation-1","PANW-Trust-Protection-Foundation-2","PANW-Trust-Protection-Foundation-3","PANW-Trust-Protection-Foundation-4"]}]}]}