Local Admin Can Disable Palo Alto Cortex XDR on macOS
CVE-2026-0230 Published on March 11, 2026
Cortex XDR Agent: Local Administrator can disable the agent on macOS
A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on macOS allows a local administrator to disable the agent. This issue could be leveraged by malware to perform malicious activity without detection.
Timeline
Initial publication.
Weakness Type
Improper Check for Unusual or Exceptional Conditions
The software does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the software.
Products Associated with CVE-2026-0230
Want to know whenever a new CVE is published for Palo Alto Networks Cortex Xdr Agent? stack.watch will email you.
Affected Versions
Palo Alto Networks Cortex XDR Agent:- Version 9.1.0 is unaffected.
- Version 9.0.0 is unaffected.
- Version 8.9.0 is unaffected.
- Version 8.7-CE and below 8.7.101-CE is affected.
- Version 8.3-CE and below 8.3.102-CE is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.