{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-0242", "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "state": "PUBLISHED", "assignerShortName": "palo_alto", "dateReserved": "2025-11-03T20:44:03.175Z", "datePublished": "2026-05-13T19:04:52.841Z", "dateUpdated": "2026-05-13T19:29:39.078Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "shortName": "palo_alto", "dateUpdated": "2026-05-13T19:04:52.841Z"}, "title": "Trust Protection Foundation: SQL Injection Vulnerability", "datePublic": "2026-05-13T16:00:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-66", "descriptions": [{"lang": "en", "value": "CAPEC-66 SQL Injection"}]}], "affected": [{"vendor": "Palo Alto Networks", "product": "Trust Protection Foundation", "versions": [{"status": "affected", "version": "25.3.0", "lessThan": "25.3.3", "changes": [{"at": "25.3.3", "status": "unaffected"}], "versionType": "custom"}, {"status": "affected", "version": "25.1.0", "lessThan": "25.1.8", "changes": [{"at": "25.1.8", "status": "unaffected"}], "versionType": "custom"}, {"status": "affected", "version": "24.3.0", "lessThan": "24.3.6", "changes": [{"at": "24.3.6", "status": "unaffected"}], "versionType": "custom"}, {"status": "affected", "version": "24.1.0", "lessThan": "24.1.13", "changes": [{"at": "24.1.13", "status": "unaffected"}], "versionType": "custom"}], "defaultStatus": "unaffected"}], "cpeApplicability": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:palo_alto_networks:trust_protection_foundation:*:*:*:*:*:*:*:*", "versionEndExcluding": "25.3.3", "versionStartIncluding": "25.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:palo_alto_networks:trust_protection_foundation:*:*:*:*:*:*:*:*", "versionEndExcluding": "25.1.8", "versionStartIncluding": "25.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:palo_alto_networks:trust_protection_foundation:*:*:*:*:*:*:*:*", "versionEndExcluding": "24.3.6", "versionStartIncluding": "24.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:palo_alto_networks:trust_protection_foundation:*:*:*:*:*:*:*:*", "versionEndExcluding": "24.1.13", "versionStartIncluding": "24.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "OR"}], "descriptions": [{"lang": "en", "value": "A SQL injection vulnerability in Trust Protection Foundation allows an authenticated attacker to execute arbitrary SQL commands against the product database. Successful exploitation could allow an attacker to read sensitive data, modify database contents, and escalate privileges to gain full administrative control of the platform.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>A SQL injection vulnerability in Trust Protection Foundation allows an authenticated attacker to execute arbitrary SQL commands against the product database. Successful exploitation could allow an attacker to read sensitive data, modify database contents, and escalate privileges to gain full administrative control of the platform.</p>"}]}], "references": [{"url": "https://security.paloaltonetworks.com/CVE-2026-0242", "tags": ["vendor-advisory"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "ADJACENT", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "LOW", "vulnIntegrityImpact": "HIGH", "subIntegrityImpact": "LOW", "vulnAvailabilityImpact": "HIGH", "subAvailabilityImpact": "NONE", "exploitMaturity": "UNREPORTED", "Safety": "NOT_DEFINED", "Automatable": "YES", "Recovery": "USER", "valueDensity": "CONCENTRATED", "vulnerabilityResponseEffort": "MODERATE", "providerUrgency": "AMBER", "version": "4.0", "baseSeverity": "MEDIUM", "baseScore": 6.1, "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N/E:U/AU:Y/R:U/V:C/RE:M/U:Amber"}}], "configurations": [{"lang": "eng", "value": "No special configuration is required to be affected by this vulnerability.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>No special configuration is required to be affected by this vulnerability.</p>"}]}], "solutions": [{"lang": "eng", "value": "Version Minor Version Suggested Solution\nTrust Protection Foundation 25.3 25.3.0 through 25.3.2 Upgrade to 25.3.3 or later.\nTrust Protection Foundation 25.1 25.1.0 through 25.1.7 Upgrade to 25.1.8 or later.\nTrust Protection Foundation 24.3 24.3.0 through 24.3.5 Upgrade to 24.3.6 or later.\nTrust Protection Foundation 24.1 24.1.0 through 24.1.12 Upgrade to 24.1.13 or later.\nAll older versions Upgrade to a supported fixed version.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<table class=\"tbl\"><thead><tr><th>Version</th><th>&nbsp;Minor Version</th><th>Suggested Solution</th></tr></thead><tbody><tr><td>Trust Protection Foundation 25.3</td><td>&nbsp;<span>25.3.0 through 25.3.2</span></td><td>Upgrade to 25.3.3 or later.</td></tr><tr><td>Trust Protection Foundation 25.1</td><td>&nbsp;<span>25.1.0 through 25.1.7</span></td><td>Upgrade to 25.1.8 or later.</td></tr><tr><td>Trust Protection Foundation 24.3</td><td>&nbsp;<span>24.3.0 through 24.3.5</span></td><td>Upgrade to 24.3.6 or later.</td></tr><tr><td>Trust Protection Foundation 24.1</td><td>&nbsp;<span>24.1.0 through 24.1.12</span></td><td>Upgrade to 24.1.13 or later.</td></tr><tr><td>All older versions</td><td>&nbsp;</td><td>Upgrade to a supported fixed version.</td></tr></tbody></table>"}]}], "exploits": [{"lang": "en", "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>Palo Alto Networks is not aware of any malicious exploitation of this issue.</p>"}]}], "timeline": [{"time": "2026-05-13T16:00:00.000Z", "lang": "en", "value": "Initial publication."}], "credits": [{"lang": "en", "value": "Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue.", "type": "other"}], "source": {"discovery": "INTERNAL"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "x_affectedList": ["Trust Protection Foundation 25.3.0", "Trust Protection Foundation 25.3.1", "Trust Protection Foundation 25.3.2", "Trust Protection Foundation 25.1.0", "Trust Protection Foundation 25.1.1", "Trust Protection Foundation 25.1.2", "Trust Protection Foundation 25.1.3", "Trust Protection Foundation 25.1.4", "Trust Protection Foundation 25.1.5", "Trust Protection Foundation 25.1.6", "Trust Protection Foundation 25.1.7", "Trust Protection Foundation 24.3.0", "Trust Protection Foundation 24.3.1", "Trust Protection Foundation 24.3.2", "Trust Protection Foundation 24.3.3", "Trust Protection Foundation 24.3.4", "Trust Protection Foundation 24.3.5", "Trust Protection Foundation 24.1.0", "Trust Protection Foundation 24.1.1", "Trust Protection Foundation 24.1.2", "Trust Protection Foundation 24.1.3", "Trust Protection Foundation 24.1.4", "Trust Protection Foundation 24.1.5", "Trust Protection Foundation 24.1.6", "Trust Protection Foundation 24.1.7", "Trust Protection Foundation 24.1.8", "Trust Protection Foundation 24.1.9", "Trust Protection Foundation 24.1.10", "Trust Protection Foundation 24.1.11", "Trust Protection Foundation 24.1.12"]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-05-13T19:17:12.940083Z", "id": "CVE-2026-0242", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-13T19:29:39.078Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-0242", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-05-13T19:17:12.940083Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-13T19:29:33.504Z"}}], "cna": {"title": "Trust Protection Foundation: SQL Injection Vulnerability", "source": {"discovery": "INTERNAL"}, "credits": [{"lang": "en", "type": "other", "value": "Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue."}], "impacts": [{"capecId": "CAPEC-66", "descriptions": [{"lang": "en", "value": "CAPEC-66 SQL Injection"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "USER", "baseScore": 6.1, "Automatable": "YES", "attackVector": "ADJACENT", "baseSeverity": "MEDIUM", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N/E:U/AU:Y/R:U/V:C/RE:M/U:Amber", "exploitMaturity": "UNREPORTED", "providerUrgency": "AMBER", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "MODERATE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Palo Alto Networks", "product": "Trust Protection Foundation", "versions": [{"status": "affected", "changes": [{"at": "25.3.3", "status": "unaffected"}], "version": "25.3.0", "lessThan": "25.3.3", "versionType": "custom"}, {"status": "affected", "changes": [{"at": "25.1.8", "status": "unaffected"}], "version": "25.1.0", "lessThan": "25.1.8", "versionType": "custom"}, {"status": "affected", "changes": [{"at": "24.3.6", "status": "unaffected"}], "version": "24.3.0", "lessThan": "24.3.6", "versionType": "custom"}, {"status": "affected", "changes": [{"at": "24.1.13", "status": "unaffected"}], "version": "24.1.0", "lessThan": "24.1.13", "versionType": "custom"}], "defaultStatus": "unaffected"}], "exploits": [{"lang": "en", "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.", "supportingMedia": [{"type": "text/html", "value": "<p>Palo Alto Networks is not aware of any malicious exploitation of this issue.</p>", "base64": false}]}], "timeline": [{"lang": "en", "time": "2026-05-13T16:00:00.000Z", "value": "Initial publication."}], "solutions": [{"lang": "eng", "value": "Version Minor Version Suggested Solution\nTrust Protection Foundation 25.3 25.3.0 through 25.3.2 Upgrade to 25.3.3 or later.\nTrust Protection Foundation 25.1 25.1.0 through 25.1.7 Upgrade to 25.1.8 or later.\nTrust Protection Foundation 24.3 24.3.0 through 24.3.5 Upgrade to 24.3.6 or later.\nTrust Protection Foundation 24.1 24.1.0 through 24.1.12 Upgrade to 24.1.13 or later.\nAll older versions Upgrade to a supported fixed version.", "supportingMedia": [{"type": "text/html", "value": "<table class=\"tbl\"><thead><tr><th>Version</th><th>&nbsp;Minor Version</th><th>Suggested Solution</th></tr></thead><tbody><tr><td>Trust Protection Foundation 25.3</td><td>&nbsp;<span>25.3.0 through 25.3.2</span></td><td>Upgrade to 25.3.3 or later.</td></tr><tr><td>Trust Protection Foundation 25.1</td><td>&nbsp;<span>25.1.0 through 25.1.7</span></td><td>Upgrade to 25.1.8 or later.</td></tr><tr><td>Trust Protection Foundation 24.3</td><td>&nbsp;<span>24.3.0 through 24.3.5</span></td><td>Upgrade to 24.3.6 or later.</td></tr><tr><td>Trust Protection Foundation 24.1</td><td>&nbsp;<span>24.1.0 through 24.1.12</span></td><td>Upgrade to 24.1.13 or later.</td></tr><tr><td>All older versions</td><td>&nbsp;</td><td>Upgrade to a supported fixed version.</td></tr></tbody></table>", "base64": false}]}], "datePublic": "2026-05-13T16:00:00.000Z", "references": [{"url": "https://security.paloaltonetworks.com/CVE-2026-0242", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "A SQL injection vulnerability in Trust Protection Foundation allows an authenticated attacker to execute arbitrary SQL commands against the product database. Successful exploitation could allow an attacker to read sensitive data, modify database contents, and escalate privileges to gain full administrative control of the platform.", "supportingMedia": [{"type": "text/html", "value": "<p>A SQL injection vulnerability in Trust Protection Foundation allows an authenticated attacker to execute arbitrary SQL commands against the product database. Successful exploitation could allow an attacker to read sensitive data, modify database contents, and escalate privileges to gain full administrative control of the platform.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "configurations": [{"lang": "eng", "value": "No special configuration is required to be affected by this vulnerability.", "supportingMedia": [{"type": "text/html", "value": "<p>No special configuration is required to be affected by this vulnerability.</p>", "base64": false}]}], "x_affectedList": ["Trust Protection Foundation 25.3.0", "Trust Protection Foundation 25.3.1", "Trust Protection Foundation 25.3.2", "Trust Protection Foundation 25.1.0", "Trust Protection Foundation 25.1.1", "Trust Protection Foundation 25.1.2", "Trust Protection Foundation 25.1.3", "Trust Protection Foundation 25.1.4", "Trust Protection Foundation 25.1.5", "Trust Protection Foundation 25.1.6", "Trust Protection Foundation 25.1.7", "Trust Protection Foundation 24.3.0", "Trust Protection Foundation 24.3.1", "Trust Protection Foundation 24.3.2", "Trust Protection Foundation 24.3.3", "Trust Protection Foundation 24.3.4", "Trust Protection Foundation 24.3.5", "Trust Protection Foundation 24.1.0", "Trust Protection Foundation 24.1.1", "Trust Protection Foundation 24.1.2", "Trust Protection Foundation 24.1.3", "Trust Protection Foundation 24.1.4", "Trust Protection Foundation 24.1.5", "Trust Protection Foundation 24.1.6", "Trust Protection Foundation 24.1.7", "Trust Protection Foundation 24.1.8", "Trust Protection Foundation 24.1.9", "Trust Protection Foundation 24.1.10", "Trust Protection Foundation 24.1.11", "Trust Protection Foundation 24.1.12"], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:palo_alto_networks:trust_protection_foundation:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "25.3.3", "versionStartIncluding": "25.3.0"}, {"criteria": "cpe:2.3:a:palo_alto_networks:trust_protection_foundation:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "25.1.8", "versionStartIncluding": "25.1.0"}, {"criteria": "cpe:2.3:a:palo_alto_networks:trust_protection_foundation:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "24.3.6", "versionStartIncluding": "24.3.0"}, {"criteria": "cpe:2.3:a:palo_alto_networks:trust_protection_foundation:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "24.1.13", "versionStartIncluding": "24.1.0"}], "operator": "OR"}], "operator": "OR"}], "providerMetadata": {"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "shortName": "palo_alto", "dateUpdated": "2026-05-13T19:04:52.841Z"}}}, "cveMetadata": {"cveId": "CVE-2026-0242", "state": "PUBLISHED", "dateUpdated": "2026-05-13T19:29:39.078Z", "dateReserved": "2025-11-03T20:44:03.175Z", "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "datePublished": "2026-05-13T19:04:52.841Z", "assignerShortName": "palo_alto"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A SQL injection vulnerability in Trust Protection Foundation allows an authenticated attacker to execute arbitrary SQL commands against the product database. Successful exploitation could allow an attacker to read sensitive data, modify database contents, and escalate privileges to gain full administrative control of the platform."}], "id": "CVE-2026-0242", "lastModified": "2026-05-13T19:16:58.130", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "YES", "Recovery": "USER", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "ADJACENT", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "UNREPORTED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "AMBER", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "userInteraction": "NONE", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:C/RE:M/U:Amber", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "MODERATE"}, "source": "psirt@paloaltonetworks.com", "type": "Secondary"}]}, "published": "2026-05-13T19:16:58.130", "references": [{"source": "psirt@paloaltonetworks.com", "url": "https://security.paloaltonetworks.com/CVE-2026-0242"}], "sourceIdentifier": "psirt@paloaltonetworks.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "psirt@paloaltonetworks.com", "type": "Secondary"}]}

{}

{"created": "2026-05-13T20:30:04.255883+00:00", "updated": "2026-05-13T20:30:04.255899+00:00", "vendors": []}