TPF CVE-2026-0240: Authenticated InfoDisclosure & PrivEsc via Vault
CVE-2026-0240 Published on May 13, 2026
Trust Protection Foundation: Sensitive Information Disclosure Vulnerability
An information disclosure vulnerability in Trust Protection Foundation enables an authenticated attacker to obtain sensitive information from the server's vault. Successful exploitation of this issue allows the attacker to impersonate any user within the environment and arbitrarily modify configuration settings.
Timeline
Initial publication.
Weakness Type
Exposure of Sensitive System Information to an Unauthorized Control Sphere
The application does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the application does.
Products Associated with CVE-2026-0240
Want to know whenever a new CVE is published for Palo Alto Networks Trust Protection Foundation? stack.watch will email you.
Affected Versions
Palo Alto Networks Trust Protection Foundation:- Version 25.3.0 and below 25.3.3 is affected.
- Version 25.1.0 and below 25.1.8 is affected.
- Version 24.3.0 and below 24.3.6 is affected.
- Version 24.1.0 and below 24.1.13 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.