CVE Daily
← All tags

Tag: Palo Alto Networks Cortex XDR agent

All CVEs associated with "Palo Alto Networks Cortex XDR agent". Page 1/1 • 32 CVEs.

About “Palo Alto Networks Cortex XDR agent”

A curated feed of “Palo Alto Networks Cortex XDR agent”-related CVEs appears below. We currently track 32 CVEs for this tag (all time). In the last 365 days, 5 were published. Average CVSS is 6.0 (all time; 4.3 over 365d), and 19% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-15 - External Control of System or Configuration Setting, CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere, CWE-754 - Improper Check for Unusual or Exceptional Conditions.

In our taxonomy this topic maps to a LOW impact class. Endpoint security agents run with high privilege. Patch agents, validate policies, enforce tamper protection, and monitor rollout health. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

Support & lifecycle: cortex-xdr

This table shows recent release cycles and their projected end-of-life. Data source: endoflife.date.

CycleReleaseLatestEOLLTS
9.1- Soon
9.0- Soon
8.9- Expired
8.8- Expired
8.7- Expired
7.9.103-ce-
8.6- Expired
8.5- Expired
8.3-ce- Expired
8.4- Expired
8.3- Expired
8.2- Expired
8.1- Expired
7.9-ce- ExpiredLTS
8.0- Expired
7.9- Expired
7.8- Expired
7.7- Expired
7.5-ce- ExpiredLTS
7.6- Expired
7.5- Expired
7.4- Expired
7.3- Expired
7.2- Expired
7.1- Expired
7.0- Expired
6.1- Expired
6.0- Expired
4.2- Expired
5.0- Expired
4.1- Expired
4.0- Expired
3.4- Expired
3.3- Expired
3.2- Expired
3.1- Expired

Maintained Soon (≤ 180 days) Expired

Subscribe lifecycle: RSS  ·  RSS (expired)  ·  ICS

Subscribe CVEs: RSS for “Palo Alto Networks Cortex XDR agent”  ·  RSS (High+Critical only)

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2026-04-13
Medium

CVE-2026-0232

A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows allows a local Windows administrator to disable the agent. This issue may be leveraged by malware to perfor…

CVSS: 4.0 CWE: CWE-15 - External Control of System or Configuration Setting View on NVD
2026-03-11
Medium

CVE-2026-0231

An information disclosure vulnerability in Palo Alto Networks Cortex XDR® Broker VM allows an authenticated user to obtain and modify sensitive information by triggering live terminal session via Cor…

CVSS: 5.7 CWE: CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere View on NVD
Medium

CVE-2026-0230

A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on macOS allows a local administrator to disable the agent. This issue could be leveraged by malware to perform malici…

CVSS: 4.0 CWE: CWE-754 - Improper Check for Unusual or Exceptional Conditions View on NVD
2025-09-12
Low

CVE-2025-4234

A problem with the Palo Alto Networks Cortex XDR Microsoft 365 Defender Pack can result in exposure of user credentials in application logs. Normally, these application logs are only viewable by loca…

CVSS: 2.4 CWE: CWE-532 - Insertion of Sensitive Information into Log File View on NVD
2025-08-13
Medium

CVE-2025-2184

A credential management flaw in Palo Alto Networks Cortex XDR® Broker VM causes different Broker VM images to share identical default credentials for internal services. Users knowing these default cr…

CVSS: 5.3 CWE: CWE-1392 - Use of Default Credentials View on NVD
2025-05-14
Medium

CVE-2025-0134

A code injection vulnerability in the Palo Alto Networks Cortex XDR® Broker VM allows an authenticated user to execute arbitrary code with root privileges on the host operating system running Broker…

CVSS: 6.5 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
Medium

CVE-2025-0132

A missing authentication vulnerability in Palo Alto Networks Cortex XDR® Broker VM allows an unauthenticated user to disable certain internal services on the Broker VM.  The attacker must have netwo…

CVSS: 6.9 CWE: CWE-306 - Missing Authentication for Critical Function View on NVD
2025-04-11
Medium

CVE-2025-0119

A command injection vulnerability in the Palo Alto Networks Cortex XDR® Broker VM allows an authenticated user to execute arbitrary OS commands with root privileges on the host operating system runni…

CVSS: 6.3 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD
Medium

CVE-2025-0121

A null pointer dereference vulnerability in the Palo Alto Networks Cortex® XDR agent on Windows devices allows a low-privileged local Windows user to crash the agent. Additionally, malware can use th…

CVSS: 6.8 CWE: CWE-476 - NULL Pointer Dereference View on NVD
2025-02-20
Medium

CVE-2025-0112

A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows non-administrative privileges to disable the agent. This vulnerability c…

CVSS: 6.8 CWE: CWE-754 - Improper Check for Unusual or Exceptional Conditions View on NVD
2025-02-12
Medium

CVE-2025-0113

A problem with the network isolation mechanism of the Palo Alto Networks Cortex XDR Broker VM allows attackers unauthorized access to Docker containers from the host network used by Broker VM. This m…

CVSS: 5.3 CWE: CWE-424 - Improper Protection of Alternate Path View on NVD
2024-10-09
Medium

CVE-2024-9469

A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows non-administrative privileges to disable the agent. This issue may be le…

CVSS: 5.5 CWE: CWE-754 - Improper Check for Unusual or Exceptional Conditions View on NVD
2024-09-11
Medium

CVE-2024-8690

A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows administrator privileges to disable the agent. This issue may be leverag…

CVSS: 4.4 CWE: CWE-440 - Expected Behavior Violation View on NVD
2024-07-10
Medium

CVE-2024-5912

An improper file signature check in Palo Alto Networks Cortex XDR agent may allow an attacker to bypass the Cortex XDR agent's executable blocking capabilities and run untrusted executables on the de…

CVSS: 6.8 CWE: CWE-347 - Improper Verification of Cryptographic Signature View on NVD
2024-06-12
Medium

CVE-2024-5909

A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a low privileged local Windows user to disable the agent. This issue may be leveraged by mal…

CVSS: 5.5 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2024-5907

A privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices enables a local user to execute programs with elevated privileges. However, execution does requ…

CVSS: 7.0 CWE: CWE-269 - Improper Privilege Management View on NVD
Medium

CVE-2024-5905

A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local low privileged Windows user to disrupt some functionality of the agent. However, the…

CVSS: 4.4 CWE: CWE-346 - Origin Validation Error View on NVD
2023-09-13
Medium

CVE-2023-3280

A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local user to disable the agent.

CVSS: 5.5 CWE: CWE-755 - Improper Handling of Exceptional Conditions View on NVD
2023-02-08
Medium

CVE-2023-0002

A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local user to execute privileged cytool commands that disable or uninstall the agent.

CVSS: 5.5 CWE: CWE-693 - Protection Mechanism Failure View on NVD
Medium

CVE-2023-0001

An information exposure vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local system administrator to disclose the admin password for the agent in cleartext, whic…

CVSS: 6.0 CWE: CWE-319 - Cleartext Transmission of Sensitive Information View on NVD
2022-09-14
Medium

CVE-2022-0029

An improper link resolution vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local attacker to read files on the system with elevated privileges when generating a…

CVSS: 5.5 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2022-05-11
Medium

CVE-2022-0026

A local privilege escalation (PE) vulnerability exists in Palo Alto Networks Cortex XDR agent software on Windows that enables an authenticated local user with file creation privilege in the Windows…

CVSS: 6.7 CWE: CWE-282 - Improper Ownership Management View on NVD
Medium

CVE-2022-0025

A local privilege escalation (PE) vulnerability exists in Palo Alto Networks Cortex XDR agent software on Windows that enables an authenticated local user with file creation privilege in the Windows…

CVSS: 6.7 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
2022-01-12
High

CVE-2022-0015

A local privilege escalation (PE) vulnerability exists in the Palo Alto Networks Cortex XDR agent that enables an authenticated local user to execute programs with elevated privileges. This issue imp…

CVSS: 7.8 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
Medium

CVE-2022-0014

An untrusted search path vulnerability exists in the Palo Alto Networks Cortex XDR agent that enables a local attacker with file creation privilege in the Windows root directory (such as C:\) to stor…

CVSS: 6.7 CWE: CWE-426 - Untrusted Search Path View on NVD
Medium

CVE-2022-0013

A file information exposure vulnerability exists in the Palo Alto Networks Cortex XDR agent that enables a local attacker to read the contents of arbitrary files on the system with elevated privilege…

CVSS: 5.0 CWE: CWE-538 - Insertion of Sensitive Information into Externally-Accessible File or Directory View on NVD
Medium

CVE-2022-0012

An improper link resolution before file access vulnerability exists in the Palo Alto Networks Cortex XDR agent on Windows platforms that enables a local user to delete arbitrary system files and impa…

CVSS: 6.1 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2021-07-15
High

CVE-2021-3042

A local privilege escalation (PE) vulnerability exists in the Palo Alto Networks Cortex XDR agent on Windows platforms that enables an authenticated local Windows user to execute programs with SYSTEM…

CVSS: 7.8 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
2021-06-10
High

CVE-2021-3041

A local privilege escalation vulnerability exists in the Palo Alto Networks Cortex XDR agent on Windows platforms that enables an authenticated local Windows user to execute programs with SYSTEM priv…

CVSS: 7.8 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
2020-12-09
High

CVE-2020-2049

A local privilege escalation vulnerability exists in Palo Alto Networks Cortex XDR Agent on the Windows platform that allows an authenticated local Windows user to execute programs with SYSTEM privil…

CVSS: 7.8 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
Medium

CVE-2020-2020

An improper handling of exceptional conditions vulnerability in Cortex XDR Agent allows a local authenticated Windows user to create files in the software's internal program directory that prevents t…

CVSS: 5.5 CWE: CWE-755 - Improper Handling of Exceptional Conditions View on NVD
2020-04-08
High

CVE-2020-1991

An insecure temporary file vulnerability in Palo Alto Networks Traps allows a local authenticated Windows user to escalate privileges or overwrite system files. This issue affects Palo Alto Networks…

CVSS: 7.8 CWE: CWE-377 - Insecure Temporary File View on NVD
CVE Daily Lookup — auto-links CVE IDs on any page you visit. GitHub, Jira, Confluence & more. Free.
Chrome Firefox