Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2026-0238— Broker VM: Improper Input Validation in Broker VM Certificate and Key Fields

EPSS 0.03% · P8
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-0238

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Broker VM: Improper Input Validation in Broker VM Certificate and Key Fields
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability in Palo Alto Networks Broker VM allows an authenticated administrator to inject arbitrary content into certain Broker VM fields.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
输入验证不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
Palo Alto Networks Broker VM 输入验证错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Palo Alto Networks Broker VM是美国派拓网络(Palo Alto Networks)公司的一个云安全代理虚拟机组件。 Palo Alto Networks Broker VM存在输入验证错误漏洞,该漏洞源于允许认证管理员向某些Broker VM字段注入任意内容。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
Palo Alto NetworksBroker VM 30.0 ~ 30.0.24 -

II. Public POCs for CVE-2026-0238

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-0238

登录查看更多情报信息。

Same Patch Batch · Palo Alto Networks · 2026-05-13 · 26 CVEs total

CVE-2026-0256PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the Web Interface
CVE-2026-0242Trust Protection Foundation: SQL Injection Vulnerability
CVE-2026-0258PAN-OS: Server-Side Request Forgery (SSRF) in IKEv2 Certificate URL Fetching
CVE-2026-0245Prisma Access Agent: Information Disclosure Vulnerabilities
CVE-2026-0259WildFire WF-500 and WF-500-B: Arbitrary File Read and Delete Vulnerability in WildFire App
CVE-2026-0236Prisma Browser: Code Injection Enables Security Controls Bypass
CVE-2026-0241Trust Protection Foundation: Multiple Authorization Bypass Vulnerabilities
CVE-2026-0261PAN-OS: Authenticated Admin Command Injection Vulnerability
CVE-2026-0265PAN-OS: Authentication Bypass with Cloud Authentication Service (CAS) enabled
CVE-2026-0243Prisma SD-WAN: Denial of Service (DoS) Vulnerability Through IPv6 Crafted Packet
CVE-2026-0262PAN-OS: Denial of Service Vulnerabilities in Network Traffic Parsing
CVE-2026-0237Prisma Browser: Improperly Restricted Automation Bridge Allows Security Bypass
CVE-2026-0247Prisma Access Agent Endpoint DLP: Authorization Bypass Vulnerabilities
CVE-2026-0250GlobalProtect App: Buffer Overflow Vulnerability during connection to Portal or Gateway
CVE-2026-0264PAN-OS: Heap-Based Buffer Overflow in DNS Proxy and DNS Server Allows Unauthenticated Remo
CVE-2026-0235Prisma Browser: Access and Data Rule Bypass
CVE-2026-0251GlobalProtect App: Local Privilege Escalation Vulnerabilities
CVE-2026-0249GlobalProtect App: Certificate Validation Bypass Vulnerabilities
CVE-2026-0240Trust Protection Foundation: Sensitive Information Disclosure Vulnerability
CVE-2026-0244Prisma SD-WAN: Improper Certificate Validation Vulnerability

Showing top 20 of 26 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same vendor: Palo Alto Networks
Same weakness: CWE-20

V. Comments for CVE-2026-0238

No comments yet

Leave a comment