SQLi in Trust Protection Foundation (TPF) enabling admin takeover
CVE-2026-0242 Published on May 13, 2026
Trust Protection Foundation: SQL Injection Vulnerability
A SQL injection vulnerability in Trust Protection Foundation allows an authenticated attacker to execute arbitrary SQL commands against the product database. Successful exploitation could allow an attacker to read sensitive data, modify database contents, and escalate privileges to gain full administrative control of the platform.
Timeline
Initial publication.
Weakness Type
What is a SQL Injection Vulnerability?
The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.
CVE-2026-0242 has been classified to as a SQL Injection vulnerability or weakness.
Products Associated with CVE-2026-0242
Want to know whenever a new CVE is published for Palo Alto Networks Trust Protection Foundation? stack.watch will email you.
Affected Versions
Palo Alto Networks Trust Protection Foundation:- Version 25.3.0 and below 25.3.3 is affected.
- Version 25.1.0 and below 25.1.8 is affected.
- Version 24.3.0 and below 24.3.6 is affected.
- Version 24.1.0 and below 24.1.13 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.