{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81718?format=json","vulnerability_id":"VCID-zhpe-x7xz-hkad","summary":"An information disclosure vulnerability in Palo Alto Networks Cortex XDR® Broker VM allows an authenticated user to obtain and modify sensitive information by triggering live terminal session via Cortex UI and modifying any configuration setting. \nThe attacker must have network access to the Broker VM to exploit this issue.","aliases":[{"alias":"CVE-2026-0231"}],"fixed_packages":[],"affected_packages":[],"references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-0231","reference_id":"","reference_type":"","scores":[{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05637","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-0231"},{"reference_url":"https://security.paloaltonetworks.com/CVE-2026-0231","reference_id":"CVE-2026-0231","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-11T20:21:23Z/"}],"url":"https://security.paloaltonetworks.com/CVE-2026-0231"}],"weaknesses":[{"cwe_id":497,"name":"Exposure of Sensitive System Information to an Unauthorized Control Sphere","description":"The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does."}],"exploits":[],"severity_range_score":"5.7 - 5.7","exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zhpe-x7xz-hkad"}