Palo Alto Networks Patches Cortex XDR and Prisma Browser Vulnerabilities
Palo Alto Networks published security advisories addressing multiple vulnerabilities affecting Cortex XDR components and Prisma Browser, including CVE-2026-0230 (macOS Cortex XDR Agent can be disabled by a local administrator) and CVE-2026-0231 (Cortex XDR Broker VM information disclosure). For CVE-2026-0230, Palo Alto Networks reported a protection-mechanism issue on macOS that could allow malware to operate without detection if a local admin disables the agent; affected versions include Cortex XDR Agent 8.7-CE prior to 8.7.101-CE and 8.3-CE prior to 8.3.102-CE on macOS, with Palo Alto Networks stating it is not aware of in-the-wild exploitation. For CVE-2026-0231, an authenticated user with network access to the Broker VM could obtain and modify sensitive information by triggering a live terminal session via the Cortex UI and changing configuration settings; the issue affects Cortex XDR Broker VM 30.0.0 prior to 30.0.49, and Palo Alto Networks stated there are no workarounds and that upgrading is required.
Palo Alto Networks also released PAN-SA-2026-0003, incorporating upstream Chromium security fixes into Prisma Browser and listing multiple Chromium CVEs (including CVE-2026-2314, CVE-2026-2321, and CVE-2026-2441); Prisma Browser versions prior to 145.7.9.76 are affected and should be updated. The Canadian Centre for Cyber Security echoed these Palo Alto Networks advisories and urged organizations to apply the necessary updates and mitigations. A separate Canadian advisory covered Splunk product vulnerabilities across Splunk Enterprise, Splunk Cloud Platform, and multiple AppDynamics agents, but it is unrelated to the Palo Alto Networks Cortex/Prisma issues.
Timeline
Apr 8, 2026
Canadian Centre for Cyber Security issues alert on April 8 Palo Alto advisories
On 2026-04-08, the Canadian Centre for Cyber Security published alert AV26-331 summarizing Palo Alto Networks' April 8 advisories affecting Cortex XDR Agent, Cortex XSOAR Microsoft Teams Marketplace, Cortex XSIAM Microsoft Teams Marketplace, Autonomous Digital Experience Manager, and Prisma Browser. The alert highlighted CVE-2026-0232, CVE-2026-0233, CVE-2026-0234, and the April 2026 Chromium update, and urged organizations to review mitigations and apply updates.
Apr 8, 2026
Palo Alto Networks publishes advisory for CVE-2026-0232 in Cortex XDR Agent
On 2026-04-08, Palo Alto Networks published a security advisory for CVE-2026-0232, a vulnerability in Cortex XDR Agent that allows a local administrator to disable the agent on Windows. The advisory represents a new disclosure separate from the March 11 Cortex XDR and Prisma Browser advisories.
Mar 12, 2026
Canadian Centre for Cyber Security issues alert on Palo Alto advisories
On 2026-03-12, the Canadian Centre for Cyber Security published alert AV26-228 summarizing Palo Alto Networks' March 11 advisories and recommending that organizations review the notices, apply mitigations, and update to remediated versions.
Mar 11, 2026
Palo Alto Networks publishes advisories for Cortex XDR and Prisma Browser flaws
On 2026-03-11, Palo Alto Networks published multiple security advisories covering CVE-2026-0230, a macOS issue allowing a local administrator to disable the Cortex XDR Agent; CVE-2026-0231, a sensitive information disclosure vulnerability in Cortex XDR Broker VM; and PAN-SA-2026-0003, the March 2026 Chromium vulnerability update affecting Prisma Browser. The advisories identified affected version ranges and stated that fixed versions were available.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Related Entities
Vulnerabilities
Sources
1 more from sources like palo alto product advisories
Related Stories
Palo Alto Networks PAN-OS and Prisma Browser Vulnerabilities Disclosed
Palo Alto Networks disclosed a denial-of-service (DoS) vulnerability, identified as CVE-2025-4619, affecting PAN-OS software on PA-Series, VM-Series, CN-Series firewalls, and Prisma Access. This vulnerability allows an unauthenticated attacker to reboot a firewall by sending specially crafted packets through the data plane, potentially causing the device to enter maintenance mode if exploited repeatedly. The company has detailed affected and unaffected PAN-OS versions and confirmed that Cloud NGFW is not impacted. Prisma Access customers have largely been upgraded, with remaining updates scheduled. Additionally, Palo Alto Networks released its November 2025 monthly vulnerability update for Chromium and Prisma Browser, addressing multiple CVEs, including several Chromium vulnerabilities and three specific to Prisma Browser (CVE-2025-4616, CVE-2025-4617, CVE-2025-4618). The Canadian Centre for Cyber Security issued an advisory summarizing these disclosures and urging administrators to review the advisories, apply mitigations, and update affected products to secure their environments against these vulnerabilities.
1 months ago
Palo Alto PAN-OS Vulnerabilities Including ADNS DoS (CVE-2026-0229)
Palo Alto Networks published fixes for multiple **PAN-OS** vulnerabilities affecting supported releases (including PAN-OS 12.1, 11.2, 11.1, and 10.2) and related services such as *Prisma Access* and *Prisma Browser*. The Canadian Centre for Cyber Security amplified the vendor guidance, pointing organizations to apply updates and mitigations for PAN-OS and Prisma products, including **CVE-2026-0228** and **CVE-2026-0229**, and a separate Chromium monthly update advisory referenced by Palo Alto. **CVE-2026-0229** is a network-reachable denial-of-service condition in PAN-OS’s **Advanced DNS Security (ADNS)** feature that can allow an unauthenticated attacker to trigger system reboots with a maliciously crafted packet; repeated triggering can push a firewall into maintenance mode, creating a high availability impact. Exposure requires ADNS to be enabled and a spyware profile action set to `block`, `sinkhole`, or `alert` (i.e., not `allow`); Palo Alto stated *Cloud NGFW* and *Prisma Access* are not impacted by this specific issue and reported no known exploitation. **CVE-2026-0228** involves improper certificate validation that can allow Windows Terminal Server Agents to connect using expired certificates under certain configurations, with no workaround noted by the vendor; affected organizations are advised to upgrade to fixed PAN-OS versions per Palo Alto’s guidance.
1 months ago
Denial-of-Service Vulnerabilities Disrupting Network Perimeter and Wi‑Fi Infrastructure
A **DoS vulnerability in Palo Alto Networks PAN-OS** tracked as **CVE-2024-3393** was reported as **actively exploited in the wild**, allowing **unauthenticated remote attackers** to send specially crafted **DNS** packets that can force affected firewalls to **reboot** and, with repeated triggering, potentially enter **maintenance mode**, effectively disabling perimeter enforcement. Reported impact is tied to the **data plane** when **DNS Security** is enabled and **DNS Security logging** is active, and it may affect multiple form factors (including PA-Series, VM-Series, CN-Series, and Prisma Access) where the DNS Security license is applied; advisories urge rapid patching/mitigation due to the risk of losing network security controls. Separately, researchers disclosed a **Broadcom chipset software flaw** affecting at least the **ASUS RT-BE86U** that enables an **unauthenticated, in-range attacker on 5 GHz Wi‑Fi** to send a single malformed frame that **immediately disconnects clients**, requiring a **manual router reset**; the issue was found via fuzzing, fixed by Broadcom, and addressed by ASUS in updated firmware (reported fixed in `3.0.0.6.102_37841`, affecting `3.0.0.6.102_37612` and older). A Palo Alto Networks advisory on a **Chromium monthly vulnerability update** lists multiple Chromium CVEs incorporated into Palo Alto products, but it is not directly related to the PAN-OS DNS DoS exploitation or the Broadcom/ASUS Wi‑Fi DoS issue.
1 months ago