Palo Alto Networks Family April 2026 Security Update Advisory

Overview.

Palo Alto Networks announced on 2026-04-08 a security update that resolved vulnerabilities in multiple products.
affected products include Cortex XSOAR Microsoft Teams Marketplace, Cortex XSIAM Microsoft Teams Marketplace, Prisma Browser, Autonomous Digital Experience Manager, and multiple versions of Cortex XDR Agent.

Key vulnerabilities and impacts addressed.

CVE-2026-0234 is a vulnerability due to improper encrypted signature verification during Microsoft Teams integration, which could allow unauthenticated users to access and modify protected resources, CVSS 9.2.
PAN-SA-2026-0004 is a vulnerability with a Chromium security fix that affects Prisma Browser and is rated CVSS 8.6.
CVE-2026-0233 is a vulnerability in Autonomous Digital Experience Manager that could allow arbitrary code execution and is rated CVSS 7.7.
CVE-2026-0232 is a vulnerability that could allow a local Windows administrator to disable the Cortex XDR agent and is rated CVSS 6.7.

Affected range and patch version.

the affected segments are specific low versions of the described products as follows: Cortex XSOAR/XSIAM Microsoft Teams Marketplace before 1.5.52, Prisma Browser before 145.16.12.110, Autonomous Digital Experience Manager before 5.10.14, and several older versions of Cortex XDR Agent and non-CU-2120 versions.
patched versions are available for Cortex XSOAR/XSIAM 1.5.52 or later, Prisma Browser 146.3.8.76 or later, Autonomous Digital Experience Manager 5.10.14 or later, and Cortex XDR Agent with CU-2120 or higher as noted.

Recommendations and references.

updates to the published patch versions are recommended for environments using these products.
for more technical information and individual vulnerability descriptions, please refer to Palo Alto Networks’ Security Advisory page.
reference links: https://security.paloaltonetworks.com/CVE-2026-0234, https://security.paloaltonetworks.com/PAN-SA-2026-0004, https://security.paloaltonetworks.com/CVE-2026-0233, https://security.paloaltonetworks.com/CVE-2026-0232.