// UNCLASSIFIED // CLEARED FOR PUBLIC RELEASE //
FILE INT-34DTG 0600Z
ColdRecon / Competitor Intel / Palo Alto Networks
Endpoint Security Vendor

Palo Alto Networks

34 PUBLIC SECURITY EVENTS ON FILE · 2023-07-07 — 2026-06-01

Publicly-known security events concerning Palo Alto Networks — CVEs, advisories, and incidents drawn from open-source reporting. Every item links to its original source.

Category

What Palo Alto Networks sells

EDR is agent-based endpoint tooling that monitors process/file/network activity, detects malicious behavior, and enables response. It is detection-led by design: it observes and acts after code executes. Its efficacy depends on recognizing a threat, so novel/zero-day techniques are a window of exposure until detected.

SOURCE · ColdRecon Reference

Palo Alto Networks competes in the endpoint-security category. ColdRecon publishes only the factual public record below — no competitive analysis or positioning.

The Public Record

Recent security events

On file: 18 vuln disclosures · 12 research pocs · 4 incidents.

2026-06-01
vuln disclosure
Attackers Exploit Palo Alto Networks PAN-OS Management Interface Command Injection VulnerabilityCVE-2025-0110
A command injection vulnerability in the PAN-OS management web interface, tracked as CVE-2025-0110, is being actively exploited in the wild. The flaw allows unauthenticated attackers to execute commands with root privileges on the firewall. Initially rated medium severity, it was upgraded to critical after exploitation was observed.
2026-05-18
vuln disclosure
Pwn2Own Berlin 2024: 47 Zero-Days Disclosed Across Security ProductsPwn2Own Berlin 2024
At Pwn2Own Berlin 2024, security researchers disclosed 47 previously unknown zero-day vulnerabilities in various endpoint security and enterprise products. The event awarded $1.3 million in bounties, highlighting weaknesses in widely used security tools.
2026-05-13
vuln disclosure
CVE-2026-0247: Authorization Bypass in Prisma Access Agent Endpoint DLPCVE-2026-0247
Palo Alto Networks disclosed multiple authorization bypass vulnerabilities in the Endpoint DLP component of Prisma Access Agent. A local attacker with low privileges can bypass authentication to execute privileged operations, potentially compromising confidentiality, integrity, and availability of the endpoint. The issue affects versions prior to 26.2.1 on macOS and Windows.
2026-04-13
vuln disclosure
CVE-2026-0234: Cortex XSOAR/XSIAM Microsoft Teams Integration Authentication BypassCVE-2026-0234
CVE-2026-0234 is an authentication bypass vulnerability in Palo Alto Networks Cortex XSOAR and Cortex XSIAM platforms affecting the Microsoft Teams integration. The flaw allows unauthenticated attackers to bypass cryptographic signature verification and access or modify protected resources. This could compromise security orchestration workflows and sensitive incident response data.
2026-03-18
vuln disclosure
CVE-2026-0232: Local Administrator Can Disable Cortex XDR Agent on WindowsCVE-2026-0232
A vulnerability in Palo Alto Networks Cortex XDR agent on Windows allows a local administrator to disable the agent. This could allow malware to operate without detection. The issue is fixed via Content Update 2120 and newer agent versions.
2026-03-17
research poc
Researchers Decrypt Palo Alto Cortex XDR BIOC Rules, Uncover Global Whitelist EvasionCortex XDR BIOC Rule Decryption and Global Whitelist Bypass
Researchers reverse-engineered Palo Alto Cortex XDR agent's encrypted BIOC rules, revealing hardcoded global whitelists that allowed attackers to bypass behavioral detections. By appending a specific string to command-line arguments, malicious actions like LSASS credential dumping could evade detection. Palo Alto patched the issue in agent version 9.1 and content update 2160.
2026-03-11
vuln disclosure
CVE-2026-0230: Local Administrator Can Disable Cortex XDR Agent on macOSCVE-2026-0230
A vulnerability in Palo Alto Networks Cortex XDR agent on macOS allows a local administrator to disable the agent. This could enable malware to operate without detection. The issue is fixed in specific agent versions.
2026-02-25
research poc
Cortex XDR Live Terminal Feature Abused for C2 CommunicationsCortex XDR Live Terminal C2 Abuse
Researchers disclosed that Palo Alto Networks Cortex XDR Live Terminal feature can be abused as a command-and-control channel. The trusted EDR agent component allows attackers to bypass detection by blending traffic with normal operations. Two methods were demonstrated: cross-tenant token reuse and a custom server exploiting a URL validation flaw.
2026-02-10
incident
Reynolds Ransomware Embeds Vulnerable Driver to Kill EDR Before EncryptionReynolds ransomware
Broadcom researchers disclosed Reynolds ransomware in February 2026, which embeds the vulnerable NsecSoft NSecKrnl driver (CVE-2025-68947) directly into its payload to terminate endpoint security processes before encrypting files. This single-binary approach eliminates the detection gap of traditional BYOVD attacks, making it harder for defenders to spot. The ransomware targets major EDR products including CrowdStrike Falcon, Cortex XDR, and others.
2025-10-18
research poc
ShellcodePack Pro EDR Evasion Tool Leaked on Cybercrime ForumShellcodePack Pro
A threat actor is distributing 'ShellcodePack Pro', a tool designed to execute malicious shellcode while evading detection by CrowdStrike and Cortex EDRs. The tool lowers the barrier for attackers by packaging sophisticated evasion techniques, and the distributor advises using 'kleenscan' instead of VirusTotal to avoid burning the methods. This poses a direct threat to organizations relying on these EDR platforms.
2025-09-02
incident
Palo Alto Networks Salesforce data breach via Salesloft Drift OAuth token compromiseSalesloft Drift OAuth token supply chain attack
Palo Alto Networks suffered a data breach after attackers used compromised OAuth tokens from the Salesloft Drift supply chain attack to access its Salesforce CRM. Exposed data includes business contact information, account records, and basic support case data, but no technical support files or attachments. The incident did not affect any Palo Alto Networks products, systems, or services.
2025-06-18
research poc
Red Team Evasion of Cortex XDR via COM Profiler Injection and AMSI BypassCortex XDR COM Profiler AMSI Bypass
A red team engagement demonstrated a multi-stage evasion chain against Cortex XDR, bypassing PowerShell execution policies, injecting a malicious .NET profiler via COM hooks, and disabling AMSI in memory without admin privileges. The attack went undetected by default Cortex XDR analytics, prompting a forensic report to the vendor and subsequent patching.
2025-05-24
research poc
LoaderGate: C# Shellcode Loader Bypasses Cortex XDR and Sophos EDRLoaderGate
A security researcher released LoaderGate, a C# shellcode loader designed to bypass Palo Alto Cortex XDR and Sophos EDR. The tool demonstrates a specific evasion technique and was published with a detailed blog post. It highlights a potential detection gap in these endpoint security products.
2025-05-14
vuln disclosure
CVE-2025-0134: Authenticated Code Injection in Cortex XDR Broker VMCVE-2025-0134
A code injection vulnerability in Palo Alto Networks Cortex XDR Broker VM allows an authenticated user to execute arbitrary code with root privileges on the host OS. The issue affects Broker VM versions prior to 26.0.119 and has a CVSS-BT score of 2.6 (LOW). No exploitation has been observed in the wild.
2025-04-15
research poc
PatchedCLRLoader: .NET Assembly Loader with AMSI and ETW Patching BypassPatchedCLRLoader
A proof-of-concept tool named PatchedCLRLoader demonstrates loading .NET assemblies while bypassing AMSI and ETW by patching functions in clr.dll and ntdll.dll. It uses direct syscalls and RC4 encryption to evade detection, and was tested successfully against Cortex XDR, Sophos, MDE, and CrowdStrike. The technique specifically patches AmsiScanBuffer in clr.dll and NtTraceEvent to avoid newer Windows Defender protections.
2025-04-09
vuln disclosure
CVE-2025-0120: Palo Alto GlobalProtect App Local Privilege Escalation on WindowsCVE-2025-0120
A local privilege escalation vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows. A locally authenticated non-administrative user can escalate to NT AUTHORITY\SYSTEM by exploiting a privilege management flaw combined with a race condition. The vulnerability is rated MEDIUM severity and has no known in-the-wild exploitation.
2025-03-19
vuln disclosure
CVE-2025-0121: Cortex XDR Agent for Windows Null Pointer Dereference Allows Local Crash and Detection BypassCVE-2025-0121
A null pointer dereference vulnerability (CVE-2025-0121) in Palo Alto Networks Cortex XDR agent on Windows allows a low-privileged local user to crash the agent. Malware can exploit this to perform malicious activity without detection. The issue is fixed in agent versions 8.6.1, 8.5.2, and later hotfixes.
2025-02-12
vuln disclosure
CVE-2025-0112: Cortex XDR Agent on Windows Can Be Disabled by Local Non-Admin UserCVE-2025-0112
A vulnerability in the Cortex XDR agent on Windows allows a local non-administrative user to disable the agent. This could be exploited by malware to evade detection and perform malicious activity. Palo Alto Networks has released patches in versions 8.3.101-CE, 8.5.1, and 8.6.
2025-02-10
vuln disclosure
CVE-2024-5905: Minor Authentication Issue in Cortex XDR Windows DriverCVE-2024-5905
InfoGuard Labs analyzed the attack surface of EDR drivers from a low-privileged user perspective. They identified a minor authentication issue in the Windows driver of Palo Alto Cortex XDR, assigned CVE-2024-5905. The research also found a PPL bypass and detection bypass via early startup, and snapshot fuzzing of Sophos Intercept X mini-filter driver.
2025-02-07
research poc
Cortex EDR Ransomware Protection Bypass Proof of Concept ReleasedCortexRansomBypass
A proof-of-concept tool named CortexRansomBypass demonstrates a method to bypass Palo Alto Networks Cortex EDR ransomware protection. The repository includes C# code and links to a detailed blog post explaining the technique. This highlights a potential detection gap in Cortex's anti-ransomware capabilities.
2024-11-01
incident
Extortion Actor Tests EDR Bypass Tool Using BYOVD Against Cortex XDREDRSandBlast-based BYOVD bypass tool (disabler.exe)
During an extortion incident investigation, Unit 42 discovered a threat actor testing an AV/EDR bypass tool against Cortex XDR on a rogue virtual system. The tool, based on EDRSandBlast, uses a vulnerable driver to unhook user-mode and kernel-mode callbacks. The actor's testing inadvertently exposed their toolkit and led to identification of the seller on cybercrime forums.
2024-10-15
vuln disclosure
CVE-2024-9469: Palo Alto Cortex XDR Agent Disablement by Unprivileged Windows UserCVE-2024-9469
A vulnerability in the Palo Alto Networks Cortex XDR agent on Windows allows a non-administrative user to disable the agent. This could enable malware to operate undetected by removing endpoint monitoring. A patch is available.
2024-09-11
vuln disclosure
CVE-2024-8690: Cortex XDR Agent on Windows Can Be Disabled by Local AdministratorCVE-2024-8690
A vulnerability in the Palo Alto Networks Cortex XDR agent on Windows allows a user with local administrator privileges to disable the agent. This could enable malware to deactivate the security agent and then perform malicious actions undetected. The issue is fixed in agent version 8.2 and later.
2024-08-07
vuln disclosure
CVE-2024-5909: Palo Alto Cortex XDR Agent Local Privilege Management Vulnerability Allows Agent DisableCVE-2024-5909
A vulnerability in Palo Alto Networks Cortex XDR agent on Windows allows a low-privileged local user to disable the agent. This could be exploited by malware to evade detection and perform malicious activity. Patches are available in versions 7.9.102+, 8.1.2+, and 8.2.1+.
2024-08-02
research poc
RustPatchlessCLRLoader: Patchless AMSI and ETW Bypass for .NET Assembly LoadingRustPatchlessCLRLoader
RustPatchlessCLRLoader is a proof-of-concept tool that loads .NET assemblies while bypassing AMSI and ETW using hardware breakpoints instead of memory patching. It was tested against several EDR products and successfully executed without detection, though behavioral detection may still trigger on malicious actions.
2024-07-10
vuln disclosure
CVE-2024-5912: Cortex XDR Agent Improper File Signature Verification Allows Executable Blocking BypassCVE-2024-5912
A vulnerability in Palo Alto Networks Cortex XDR agent allows attackers to bypass the agent's executable blocking capabilities due to improper file signature verification. This could enable execution of untrusted software without detection or blocking. The issue is fixed in agent versions 7.9.102-CE, 8.1.3, 8.2.2, and later.
2024-06-12
vuln disclosure
Two Vulnerabilities in Palo Alto Cortex XDR Agent Allow Local Privilege Escalation and Agent DisableCVE-2024-5907, CVE-2024-9469
Researchers disclosed two vulnerabilities in the Palo Alto Networks Cortex XDR agent on Windows. CVE-2024-5907 is a local privilege escalation via a race condition in support file generation that allows arbitrary folder deletion, potentially leading to SYSTEM privileges. CVE-2024-9469 allows a low-privileged user to disable the agent by manipulating CPU usage checks in the Adaptive Policy module.
2024-04-19
research poc
SafeBreach PoC Bypasses Cortex XDR Agent Protection Modules on WindowsSafeBreach Cortex XDR Bypass
SafeBreach researchers presented a proof-of-concept technique that bypasses protection modules in the Cortex XDR agent on Windows. The bypass requires administrative privileges and is detected and blocked by content update CU-1320 or later. Palo Alto Networks states this is not a product vulnerability and no malicious exploitation has been observed.
2024-04-19
research poc
Researcher weaponizes Palo Alto Cortex XDR via Lua file tamperingEvil XDR
A security researcher demonstrated a proof-of-concept attack turning Palo Alto Networks Cortex XDR into malware by bypassing its anti-tampering mechanism and modifying plaintext Lua rule files. This allowed loading a vulnerable driver, disabling protections, and deploying a reverse shell and ransomware. Palo Alto has fixed all but one of the associated weaknesses.
2024-01-12
vuln disclosure
Cortex EDR Temporary File Exposure Before EncryptionCortex EDR TFS Vulnerability
A vulnerability in Cortex EDR allows local attackers to access sensitive log files before they are encrypted by the TFS process. During support file generation, temporary unencrypted copies of files like trapsd.log, agset.json, and defaultprofile.json are briefly stored in C:\ProgramData\Cyvera\LocalSystem\, enabling data theft. This bypasses the intended encryption and password protection of the generated support ZIP file.
2023-10-18
vuln disclosure
CVE-2023-3282: Local Privilege Escalation in Cortex XSOAR Engine on LinuxCVE-2023-3282
A local privilege escalation vulnerability exists in Palo Alto Networks Cortex XSOAR engine software on Linux. An attacker with shell access to the engine can execute programs with elevated privileges. The issue is fixed in updated engine installers from Cortex XSOAR 6.10 build B250144 and later.
2023-08-25
incident
Threat Actor Uses Modified EDRsandblast Tool to Bypass Cortex XDR in Extortion CampaignEDRsandblast
Unit 42 investigated an extortion attack where a threat actor used a modified version of the open-source EDRsandblast tool, named disabler.exe, to bypass Cortex XDR via a BYOVD technique. The attacker inadvertently exposed their toolkit and identity by connecting rogue endpoints to the victim's network. The tool disabled EDR to allow execution of Mimikatz for credential dumping.
2023-07-07
research poc
WFP_EDR: Proof-of-Concept Tool Abuses Windows Filtering Platform to Block EDR Cloud CommunicationsWFP_EDR
A proof-of-concept tool named WFP_EDR was published on GitHub, demonstrating how to abuse the Windows Filtering Platform (WFP) to block endpoint detection and response (EDR) agents from communicating with their cloud backends. The tool requires local administrator privileges and can target specific EDR products like Cortex XDR and Windows Event Forwarding. It highlights a technique that could allow attackers to evade detection by severing the telemetry link between the endpoint and the security vendor.
Every event on this page is a record in ColdRecon's canonical set, drawn from public reporting and linked to its source above. ColdRecon monitors open-source signal only; it publishes no non-public or customer information.

Palo Alto Networks ships. Your prospect reads the headline. Do you?

ColdRecon turns this signal into one short daily brief, written from the seller's seat — what changed, why it matters to your deals, how to position. Request clearance and the first lands tomorrow at 0600.

Request Clearance →