CVE-2026-0276: CWE-269 — Improper Privilege Management in Palo Alto Networks Cortex XDR Broker VM
CVE-2026-0276 is a privilege escalation vulnerability in Palo Alto Networks Cortex XDR Broker VM version 20.0.96. It allows a locally authenticated user to perform actions with root privileges. The vulnerability is classified under improper privilege management (CWE-269). The CVSS 4.0 base score is 1.1, indicating a low severity level. No official patch or remediation guidance has been provided yet by the vendor. There are no known exploits in the wild at this time.
AI Analysis
Technical Summary
This vulnerability in Palo Alto Networks Cortex XDR Broker VM (version 20.0.96) involves improper privilege management, enabling a locally authenticated user to escalate their privileges to root. The CVSS 4.0 vector indicates low attack complexity and privileges required, but the overall impact is limited, reflected by the low CVSS score of 1.1. No vendor advisory or patch is currently available, and no known exploitation has been reported.
Potential Impact
A locally authenticated user can gain root-level privileges on the affected Cortex XDR Broker VM version 20.0.96. This could allow unauthorized actions at the highest privilege level on the system. However, the low CVSS score and absence of known exploits suggest limited immediate risk.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, restrict local access to trusted users only and monitor for unusual privilege escalation attempts.
CVE-2026-0276: CWE-269 — Improper Privilege Management in Palo Alto Networks Cortex XDR Broker VM
Description
CVE-2026-0276 is a privilege escalation vulnerability in Palo Alto Networks Cortex XDR Broker VM version 20.0.96. It allows a locally authenticated user to perform actions with root privileges. The vulnerability is classified under improper privilege management (CWE-269). The CVSS 4.0 base score is 1.1, indicating a low severity level. No official patch or remediation guidance has been provided yet by the vendor. There are no known exploits in the wild at this time.
CVSS v4.0
Score 1.1low
Affected software
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability in Palo Alto Networks Cortex XDR Broker VM (version 20.0.96) involves improper privilege management, enabling a locally authenticated user to escalate their privileges to root. The CVSS 4.0 vector indicates low attack complexity and privileges required, but the overall impact is limited, reflected by the low CVSS score of 1.1. No vendor advisory or patch is currently available, and no known exploitation has been reported.
Potential Impact
A locally authenticated user can gain root-level privileges on the affected Cortex XDR Broker VM version 20.0.96. This could allow unauthorized actions at the highest privilege level on the system. However, the low CVSS score and absence of known exploits suggest limited immediate risk.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, restrict local access to trusted users only and monitor for unusual privilege escalation attempts.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- palo_alto
- Date Reserved
- 2025-11-03T20:44:35.481Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a4ffe7a68715ace43fdfbc4
Added to database: 07/09/2026, 20:03:06 UTC
Last enriched: 07/09/2026, 20:17:51 UTC
Last updated: 07/09/2026, 20:50:38 UTC
Views: 5
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.