{ "document" : { "aggregate_severity" : { "text" : "niedrig" }, "category" : "csaf_base", "csaf_version" : "2.0", "distribution" : { "tlp" : { "label" : "WHITE", "url" : "https://www.first.org/tlp/" } }, "lang" : "de-DE", "notes" : [ { "category" : "legal_disclaimer", "text" : "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen." }, { "category" : "description", "text" : "Palo Alto Cortex XDR ist eine integrierte Sicherheitsplattform, die Endpunkte, Netzwerke und Cloud-Daten analysiert, um Bedrohungen zu erkennen, zu verhindern und zu untersuchen.", "title" : "Produktbeschreibung" }, { "category" : "summary", "text" : "Ein lokaler Angreifer kann eine Schwachstelle in Palo Alto Networks Cortex XDR Agent ausnutzen, um den Agenten zu deaktivieren, wodurch die Schutzmechanismen des Endgeräts effektiv umgangen werden und weitere böswillige Aktivitäten unbemerkt ausgeführt werden können.", "title" : "Angriff" }, { "category" : "general", "text" : "- Windows", "title" : "Betroffene Betriebssysteme" } ], "publisher" : { "category" : "other", "contact_details" : "csaf-provider@cert-bund.de", "name" : "Bundesamt für Sicherheit in der Informationstechnik", "namespace" : "https://www.bsi.bund.de" }, "references" : [ { "category" : "self", "summary" : "WID-SEC-W-2026-1019 - CSAF Version", "url" : "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1019.json" }, { "category" : "self", "summary" : "WID-SEC-2026-1019 - Portal Version", "url" : "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1019" }, { "category" : "external", "summary" : "Palo Alto Security Advisory vom 2026-04-08", "url" : "https://security.paloaltonetworks.com/CVE-2026-0232" } ], "source_lang" : "en-US", "title" : "Palo Alto Networks Cortex XDR Agent: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen", "tracking" : { "current_release_date" : "2026-04-08T22:00:00.000+00:00", "generator" : { "date" : "2026-04-09T10:09:13.863+00:00", "engine" : { "name" : "BSI-WID", "version" : "1.5.0" } }, "id" : "WID-SEC-W-2026-1019", "initial_release_date" : "2026-04-08T22:00:00.000+00:00", "revision_history" : [ { "date" : "2026-04-08T22:00:00.000+00:00", "number" : "1", "summary" : "Initiale Fassung" } ], "status" : "final", "version" : "1" } }, "product_tree" : { "branches" : [ { "branches" : [ { "branches" : [ { "category" : "product_version_range", "name" : "<9.0.1", "product" : { "name" : "Palo Alto Networks Cortex XDR <9.0.1", "product_id" : "T052546" } }, { "category" : "product_version", "name" : "9.0.1", "product" : { "name" : "Palo Alto Networks Cortex XDR 9.0.1", "product_id" : "T052546-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:paloaltonetworks:cortex_xdr:9.0.1" } } }, { "category" : "product_version_range", "name" : "<8.9.1", "product" : { "name" : "Palo Alto Networks Cortex XDR <8.9.1", "product_id" : "T052547" } }, { "category" : "product_version", "name" : "8.9.1", "product" : { "name" : "Palo Alto Networks Cortex XDR 8.9.1", "product_id" : "T052547-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:paloaltonetworks:cortex_xdr:8.9.1" } } }, { "category" : "product_version_range", "name" : "<8.7.101-CE", "product" : { "name" : "Palo Alto Networks Cortex XDR <8.7.101-CE", "product_id" : "T052548" } }, { "category" : "product_version", "name" : "8.7.101-CE", "product" : { "name" : "Palo Alto Networks Cortex XDR 8.7.101-CE", "product_id" : "T052548-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:paloaltonetworks:cortex_xdr:8.7.101-ce" } } }, { "category" : "product_version_range", "name" : "<9.1.0", "product" : { "name" : "Palo Alto Networks Cortex XDR <9.1.0", "product_id" : "T052549" } }, { "category" : "product_version", "name" : "9.1.0", "product" : { "name" : "Palo Alto Networks Cortex XDR 9.1.0", "product_id" : "T052549-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:paloaltonetworks:cortex_xdr:9.1.0" } } }, { "category" : "product_version_range", "name" : "Content Update <2120", "product" : { "name" : "Palo Alto Networks Cortex XDR Content Update <2120", "product_id" : "T052550" } }, { "category" : "product_version", "name" : "Content Update 2120", "product" : { "name" : "Palo Alto Networks Cortex XDR Content Update 2120", "product_id" : "T052550-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:paloaltonetworks:cortex_xdr:content_update__2120" } } } ], "category" : "product_name", "name" : "Cortex XDR" } ], "category" : "vendor", "name" : "Palo Alto Networks" } ] }, "vulnerabilities" : [ { "cve" : "CVE-2026-0232", "product_status" : { "known_affected" : [ "T052550", "T052548", "T052549", "T052546", "T052547" ] }, "release_date" : "2026-04-08T22:00:00.000+00:00", "title" : "CVE-2026-0232" } ] }