CVE-2026-0233

Severity CVSS v4.0:

LOW

Type:

CWE-295 Improper Certificate Validation

Publication date:

13/04/2026

Last modified:

13/04/2026

Description

A certificate validation vulnerability in Palo Alto Networks Autonomous Digital Experience Manager on Windows allows an unauthenticated attacker with adjacent network access to execute arbitrary code with NT AUTHORITY\SYSTEM privileges.

Impact

Vector 4.0

CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Green CVSS v4.0 Severity and Metrics:

Base Score: 2.00 LOW
Vector: CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Green

Attack Vector (AV): Physical
Attack Complexity (AC): Low
Attack Requirements (AT): Present
Privileges Required (PR): None
User Interaction (UI): None
Confidentiality (VC): High
Integrity (VI): High
Availability (VA): High
Confidentiality (SC): None
Integrity (SI): None
Availability (SA): None
Automatable (AU): No
Recovery (R): User
Value Density (V): Diffuse
Vulnerability Response Effort (RE): Moderate
Provider Urgency (U): Green
Exploit Maturity (E): Unreported

Base Score 4.0

2.00

Severity 4.0

LOW

References to Advisories, Solutions, and Tools

https://security.paloaltonetworks.com/CVE-2026-0233