8.8
CVE-2026-0233
- EPSS 0.18%
- Veröffentlicht 13.04.2026 07:17:34
- Zuletzt bearbeitet 07.07.2026 18:12:23
- Quelle psirt@paloaltonetworks.com
- CVE-Watchlists
- Unerledigt
Autonomous Digital Experience Manager: Improper validation of ADEM certificate
A certificate validation vulnerability in Palo Alto Networks Autonomous Digital Experience Manager on Windows allows an unauthenticated attacker with adjacent network access to execute arbitrary code with NT AUTHORITY\SYSTEM privileges.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Paloaltonetworks ≫ Autonomous Digital Experience Manager Version >= 5.10.0 < 5.10.14
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.18% | 0.072 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| psirt@paloaltonetworks.com | 2 | 0 | 0 |
CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Green
|
CWE-295 Improper Certificate Validation
The product does not validate, or incorrectly validates, a certificate.
https://security.paloaltonetworks.com/CVE-2026-0233