Authenticated Admin Injection in Palo Alto Broker VM
CVE-2026-0238 Published on May 13, 2026
Broker VM: Improper Input Validation in Broker VM Certificate and Key Fields
A vulnerability in Palo Alto Networks Broker VM allows an authenticated administrator to inject arbitrary content into certain Broker VM fields.
Timeline
Initial Publication.
Weakness Type
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Products Associated with CVE-2026-0238
Want to know whenever a new CVE is published for Palo Alto Networks Broker Vm? stack.watch will email you.
Affected Versions
Palo Alto Networks Broker VM:- Version 30.0 and below 30.0.24 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.