Palo Alto Networks, SonicWall Patch High-Severity Vulnerabilities

Summary

Palo Alto Networks patched three vulnerabilities including CVE-2026-0234, a cryptographic signature verification flaw in Cortex XSOAR and XSIAM that allows attackers to tamper with protected resources and escalate privileges. SonicWall released patches for four vulnerabilities in SMA1000 series firewalls, including CVE-2026-4112, a high-severity SQL injection bug enabling privilege escalation. Neither vendor has reported active exploitation in the wild.

Full text

Palo Alto Networks and SonicWall have separately announced patches for multiple vulnerabilities across their products, including two high-severity bugs. Palo Alto Networks patched three flaws and rolled out third-party fixes for Cortex platforms, ADEM for Windows, PAN-OS, and products using a Chromium-based browser. The most severe of these security defects is CVE-2026-0234, an improper verification of a cryptographic signature issue in the Cortex XSOAR and Cortex XSIAM platforms’ integration of Microsoft Teams. Successful exploitation of the weakness allows attackers to access and tamper with protected resources, the company says. Patches were also released for medium-severity vulnerabilities in Autonomous Digital Experience Manager on Windows and Cortex XDR agent on Windows that could allow attackers to execute arbitrary code or disable the XDR agent. Additionally, the company incorporated nearly three dozen Chromium security fixes into its products and released fixes for multiple open source software CVEs impacting its products.Advertisement. Scroll to continue reading. Palo Alto Networks says it is not aware of any of these security defects being exploited in the wild. Additional information can be found on the company’s security advisories page. SonicWall rolled out patches for four vulnerabilities in the SMA1000 series firewalls, including a high-severity SQL injection bug tracked as CVE-2026-4112. Successful exploitation of this flaw, the company notes in its advisory, could allow attackers with read-only administrator privileges to obtain primary admin rights. The remaining three issues patched this week could allow remote attackers to enumerate SSL VPN user credentials or bypass TOTP authentication. SonicWall says it has no evidence that these vulnerabilities have been exploited in the wild, but urges users to update their SMA1000 series appliances as soon as possible. Related: Data Leakage Vulnerability Patched in OpenSSL Related: Severe StrongBox Vulnerability Patched in Android Related: Cisco Patches Critical and High-Severity Vulnerabilities Related: TP-Link Patches High-Severity Router Vulnerabilities Written By Ionut Arghire Ionut Arghire is an international correspondent for SecurityWeek. More from Ionut Arghire FBI: Cybercrime Losses Neared $21 Billion in 2025Evasive Masjesu DDoS Botnet Targets IoT DevicesHackers Targeting Ninja Forms Vulnerability That Exposes WordPress Sites to TakeoverTrent AI Emerges From Stealth With $13 Million in FundingCritical Flowise Vulnerability in Attacker CrosshairsGrafanaGhost: Attackers Can Abuse Grafana to Leak Enterprise DataMedusa Ransomware Fast to Exploit Vulnerabilities, Breached SystemsGerman Police Unmask REvil Ransomware Leader Latest News The Hidden ROI of Visibility: Better Decisions, Better Behavior, Better SecurityGoogle Warns of New Campaign Targeting BPOs to Steal Corporate DataAdobe Reader Zero-Day Exploited for Months: Researcher300,000 People Impacted by Eurail Data Breach$3.6 Million Stolen in Bitcoin Depot HackShaky Ceasefire Unlikely to Stop Cyberattacks From Iran-Linked Hackers for LongData Leakage Vulnerability Patched in OpenSSLRCE Bug Lurked in Apache ActiveMQ Classic for 13 Years Trending Daily Briefing Newsletter Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts. Webinar: Securing Fragile OT in an Exposed World March 10, 2026 Get a candid look at the current OT threat landscape as we move past "doom and gloom" to discuss the mechanics of modern OT exposure. Register Webinar: Why Automated Pentesting Alone Is Not Enough April 7, 2026 Join our live diagnostic session to expose hidden coverage gaps and shift from flawed tool-level evaluations to a comprehensive, program-level validation discipline. Register People on the MoveJohn Clancy has become Chief Executive Officer at Bitsight.Halcyon has appointed Dave Hannigan as Field Chief Information Security Officer.Pamela McLeod has been named as CISO of the state of New Hampshire.More People On The MoveExpert Insights The Hidden ROI of Visibility: Better Decisions, Better Behavior, Better Security Beyond monitoring and compliance, visibility acts as a powerful deterrent, shaping user behavior, improving collaboration, and enabling more accurate, data-driven security decisions. (Joshua Goldfarb) The New Rules of Engagement: Matching Agentic Attack Speed The cybersecurity response to AI-enabled nation-state threats cannot be incremental. It must be architectural. (Nadir Izrael) The Next Cybersecurity Crisis Isn’t Breaches—It’s Data You Can’t Trust Data integrity shouldn’t be seen only through the prism of a technical concern but also as a leadership issue. (Steve Durbin) Why Agentic AI Systems Need Better Governance – Lessons from OpenClaw Agentic AI platforms are shifting from passive recommendation tools to autonomous action-takers with real system access, (Etay Maor) The Human IOC: Why Security Professionals Struggle with Social Vetting Applying SOC-level rigor to the rumors, politics, and 'human intel' can make or break a security team. (Joshua Goldfarb) Flipboard Reddit Whatsapp Whatsapp Email

Indicators of Compromise

• cve — CVE-2026-0234
• cve — CVE-2026-4112

Entities