Cortex XDR Agent: Local Administrator can disable the agent on Windows

Description

A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows allows a local Windows administrator to disable the agent. This issue may be leveraged by malware to perform malicious activity without detection.

Affected Products

Vendor	Product	Versions
palo alto	cortex xdr agent	9.0, 8.9, 8.7-CE, 8.3-CE, 7.9-CE

References

https://security.paloaltonetworks.com/CVE-2026-0232(vendor-advisory)

Related News (4 articles)

Tier C

VulDB23d ago

CVE-2026-0232 | Palo Alto Cortex XDR Agent up to 5.10.13/8.8/8.9.0/9.0.0 on Windows external control of setting

→ No new info (linked only)

Tier B

BSI Advisories27d ago

[NEU] [niedrig] Palo Alto Networks Cortex XDR Agent: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen

→ No new info (linked only)

Tier B

CERT-FR28d ago

Multiples vulnérabilités dans les produits Palo Alto Networks (09 avril 2026)

→ No new info (linked only)

Tier B

CCCS Canada28d ago

Palo Alto Networks security advisory (AV26-331)

Cortex XDR Agent: Local Administrator can disable the agent on Windows

Description

Affected Products

References

Related News (4 articles)

Community Vote

Related CVEs (2)

Pin to Dashboard

Verification

Vulnerability Timeline

Version History