Cortex XDR Agent Admin Bypass: Local Admin Can Disable Agent Protection
CVE-2026-0232 Published on April 13, 2026
Cortex XDR Agent: Local Administrator can disable the agent on Windows
A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows allows a local Windows administrator to disable the agent. This issue may be leveraged by malware to perform malicious activity without detection.
Timeline
Initial publication.
Weakness Type
External Control of System or Configuration Setting
One or more system settings or configuration elements can be externally controlled by a user. Allowing external control of system settings can disrupt service or cause an application to behave in unexpected, and potentially malicious ways.
Products Associated with CVE-2026-0232
Want to know whenever a new CVE is published for Palo Alto Networks Cortex Xdr Agent? stack.watch will email you.
Affected Versions
Palo Alto Networks Cortex XDR Agent:- Version 9.1.0 and below 5.10.14 is unaffected.
- Version 9.0 is unaffected.
- Version 8.9 is unaffected.
- Version 8.7-CE is unaffected.
- Version 9.0 and below 9.0.1 is affected.
- Version 8.9 and below 8.9.1 is affected.
- Version 8.7-CE and below 8.7.101-CE is affected.
- Version 8.3-CE and below 8.3-CE-CU-2120 is affected.
- Version 7.9-CE and below 7.9-CE-CU-2120 is affected.