{"cve":{"cve_id":"CVE-2026-0270","is_kev":false,"kev_date_added":null,"kev_vendor_project":null,"kev_product":null,"kev_vulnerability_name":null,"kev_short_description":null,"kev_required_action":null,"kev_due_date":null,"kev_known_ransomware":null,"kev_notes":null,"kev_cwes":null,"epss_score":0.00156,"epss_percentile":0.05059,"epss_as_of":"2026-06-23","description":"A path traversal vulnerability in Palo Alto Networks Cortex XSOAR engine software running on Linux  allows an unauthenticated attacker on an adjacent network, with the ability to intercept and manipulate network response traffic via a man-in-the-middle (MITM) attack, to write arbitrary files to the host.","published_at":"2026-06-10T20:59:00.350000Z","last_modified_at":null,"cvss_v3_score":null,"cvss_v3_vector":null,"cvss_v3_severity":null,"cvss_v4_score":4.8,"cvss_v4_vector":"CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:Y/R:U/V:D/RE:M/U:Amber","cvss_v4_severity":"MEDIUM","ssvc_decision":null,"ssvc_exploitation":null,"ssvc_automatable":null,"ssvc_technical_impact":null,"cwes":["CWE-22"],"nvd_references":["https://security.paloaltonetworks.com/CVE-2026-0270","https://nvd.nist.gov/vuln/detail/CVE-2007-4559"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:39.878444Z","updated_at":"2026-06-28T23:28:46.251824Z"},"effective_severity":"MEDIUM","badges":[],"impact_analysis":[],"cvss_v3_decoded":{"version":null,"metrics":[]},"cvss_v4_decoded":{"version":"4.0","metrics":[{"metric":"AV","name":"Attack Vector","value":"A","value_label":"Adjacent"},{"metric":"AC","name":"Attack Complexity","value":"H","value_label":"High"},{"metric":"AT","name":"Attack Requirements","value":"P","value_label":"Present"},{"metric":"PR","name":"Privileges Required","value":"N","value_label":"None"},{"metric":"UI","name":"User Interaction","value":"P","value_label":"Passive"},{"metric":"VC","name":"Confidentiality (Vulnerable System)","value":"H","value_label":"High"},{"metric":"VI","name":"Integrity (Vulnerable System)","value":"H","value_label":"High"},{"metric":"VA","name":"Availability (Vulnerable System)","value":"H","value_label":"High"},{"metric":"SC","name":"Confidentiality (Subsequent System)","value":"N","value_label":"None"},{"metric":"SI","name":"Integrity (Subsequent System)","value":"N","value_label":"None"},{"metric":"SA","name":"Availability (Subsequent System)","value":"N","value_label":"None"},{"metric":"E","name":"E","value":"U","value_label":"Unchanged"},{"metric":"AU","name":"AU","value":"Y","value_label":"Y"},{"metric":"R","name":"R","value":"U","value_label":"Unchanged"},{"metric":"V","name":"V","value":"D","value_label":"D"},{"metric":"RE","name":"RE","value":"M","value_label":"M"},{"metric":"U","name":"U","value":"Amber","value_label":"Amber"}]},"affected":[{"vendor_slug":"palo-alto-networks","vendor_name":"Palo Alto Networks","product_slug":"cortex-xsoar","product_name":"Cortex XSOAR","version_start":"8.13","version_start_inclusive":true,"version_end":"8.13.0.11","version_end_inclusive":false,"cpe23_uri":"cve5:palo-alto-networks:cortex-xsoar:8.13:8.13.0.11"},{"vendor_slug":"palo-alto-networks","vendor_name":"Palo Alto Networks","product_slug":"cortex-xsoar","product_name":"Cortex XSOAR","version_start":"8.12.0","version_start_inclusive":true,"version_end":"8.12.0","version_end_inclusive":true,"cpe23_uri":"cve5:palo-alto-networks:cortex-xsoar:8.12.0:8.12.0"},{"vendor_slug":"palo-alto-networks","vendor_name":"Palo Alto Networks","product_slug":"cortex-xsoar","product_name":"Cortex XSOAR","version_start":"8.11.0","version_start_inclusive":true,"version_end":"8.11.0","version_end_inclusive":true,"cpe23_uri":"cve5:palo-alto-networks:cortex-xsoar:8.11.0:8.11.0"},{"vendor_slug":"palo-alto-networks","vendor_name":"Palo Alto Networks","product_slug":"cortex-xsoar","product_name":"Cortex XSOAR","version_start":"8.10.0","version_start_inclusive":true,"version_end":"8.10.0","version_end_inclusive":true,"cpe23_uri":"cve5:palo-alto-networks:cortex-xsoar:8.10.0:8.10.0"},{"vendor_slug":"palo-alto-networks","vendor_name":"Palo Alto Networks","product_slug":"cortex-xsoar","product_name":"Cortex XSOAR","version_start":"6.14.0","version_start_inclusive":true,"version_end":"6.14.0","version_end_inclusive":true,"cpe23_uri":"cve5:palo-alto-networks:cortex-xsoar:6.14.0:6.14.0"},{"vendor_slug":"palo-alto-networks","vendor_name":"Palo Alto Networks","product_slug":"cortex-xsoar","product_name":"Cortex XSOAR","version_start":"6.13.0","version_start_inclusive":true,"version_end":"6.13.0","version_end_inclusive":true,"cpe23_uri":"cve5:palo-alto-networks:cortex-xsoar:6.13.0:6.13.0"},{"vendor_slug":"palo-alto-networks","vendor_name":"Palo Alto Networks","product_slug":"cortex-xsoar","product_name":"Cortex XSOAR","version_start":"6.12.0","version_start_inclusive":true,"version_end":"6.12.0","version_end_inclusive":true,"cpe23_uri":"cve5:palo-alto-networks:cortex-xsoar:6.12.0:6.12.0"}],"exploit_refs":[],"news":[],"references":[{"url":"https://security.paloaltonetworks.com/CVE-2026-0270","source_type":"MISC","tags":[]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2007-4559","source_type":"CONFIRM","tags":[]}],"timeline":[{"type":"published","at":"2026-06-10T20:59:00.350000Z","label":"CVE published","source":null},{"type":"cvss_changed","at":"2026-06-28T17:50:21.811688Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:50:21.811688Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:50:21.811688Z","label":"CVSS score revised","source":"cvelistv5"}]}