Main Vulnerability Database SB2026061638

SB2026061638 - Path traversal in Cortex XSOAR

Published: June 16, 2026

Security Bulletin ID SB2026061638

CSH Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Adjecent network

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Path traversal (CVE-ID: CVE-2026-0270)

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv4: CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote attacker to write arbitrary files to the host.

The vulnerability exists due to path traversal in Cortex XSOAR engine software when processing manipulated network response traffic during a man-in-the-middle attack. A remote attacker can intercept and manipulate network response traffic to write arbitrary files to the host.

The issue affects Cortex XSOAR engine software running on Linux, and user interaction is required.

Remediation

Install update from vendor's website.

References

https://security.paloaltonetworks.com/CVE-2026-0270