Palo Alto Networks, SonicWall Patch High-Severity Vulnerabilities

Palo Alto Networks and SonicWall have separately announced patches for multiple vulnerabilities across their products, including two high-severity bugs. Palo Alto Networks patched three flaws and rolled out third-party fixes for Cortex platforms, ADEM for Windows, PAN-OS, and products using a Chromium-based browser. The most severe of these security defects is CVE-2026-0234, an improper verification of a cryptographic signature issue in the Cortex XSOAR and Cortex XSIAM platforms’ integration of Microsoft Teams. Successful exploitation of the weakness allows attackers to access and tamper with protected resources, the company says. Patches were also released for medium-severity vulnerabilities in Autonomous Digital Experience Manager on Windows and Cortex XDR agent on Windows that could allow attackers to execute arbitrary code or disable the XDR agent. Additionally, the company incorporated nearly three dozen Chromium security fixes into its products and released fixes for multiple open source software CVEs impacting its products. Palo Alto Networks says it is not aware of any of these security defects being exploited in the wild.  Additional information can be found on the company’s security advisories page. SonicWall rolled out patches for four vulnerabilities in the SMA1000 series firewalls, including a high-severity SQL injection bug tracked as CVE-2026-4112. Successful exploitation of this flaw, the company notes in its advisory, could allow attackers with read-only administrator privileges to obtain primary admin rights. The remaining three issues patched this week could allow remote attackers to enumerate SSL VPN user credentials or bypass TOTP authentication. SonicWall says it has no evidence that these vulnerabilities have been exploited in the wild, but urges users to update their SMA1000 series appliances as soon as possible. Related: Data Leakage Vulnerability Patched in OpenSSL Related: Severe StrongBox Vulnerability Patched in Android Related: Cisco Patches Critical and High-Severity Vulnerabilities Related: TP-Link Patches High-Severity Router Vulnerabilities WRITTEN BY Ionut Arghire Ionut Arghire is an international correspondent for SecurityWeek. More from Ionut Arghire FBI: Cybercrime Losses Neared $21 Billion in 2025 Evasive Masjesu DDoS Botnet Targets IoT Devices Hackers Targeting Ninja Forms Vulnerability That Exposes WordPress Sites to Takeover Trent AI Emerges From Stealth With $13 Million in Funding Critical Flowise Vulnerability in Attacker Crosshairs GrafanaGhost: Attackers Can Abuse Grafana to Leak Enterprise Data Medusa Ransomware Fast to Exploit Vulnerabilities, Breached Systems German Police Unmask REvil Ransomware Leader Latest News The Hidden ROI of Visibility: Better Decisions, Better Behavior, Better Security Google Warns of New Campaign Targeting BPOs to Steal Corporate Data Adobe Reader Zero-Day Exploited for Months: Researcher 300,000 People Impacted by Eurail Data Breach $3.6 Million Stolen in Bitcoin Depot Hack Shaky Ceasefire Unlikely to Stop Cyberattacks From Iran-Linked Hackers for Long Data Leakage Vulnerability Patched in OpenSSL RCE Bug Lurked in Apache ActiveMQ Classic for 13 Years Trending Webinar: Securing Fragile OT In An Exposed World March 10, 2026 Get a candid look at the current OT threat landscape as we move past "doom and gloom" to discuss the mechanics of modern OT exposure. Register Webinar: Why Automated Pentesting Alone Is Not Enough April 7, 2026 Join our live diagnostic session to expose hidden coverage gaps and shift from flawed tool-level evaluations to a comprehensive, program-level validation discipline. Register People on the Move John Clancy has become Chief Executive Officer at Bitsight. Halcyon has appointed Dave Hannigan as Field Chief Information Security Officer. Pamela McLeod has been named as CISO of the state of New Hampshire. More People On The Move Expert Insights The Hidden ROI Of Visibility: Better Decisions, Better Behavior, Better Security Beyond monitoring and compliance, visibility acts as a powerful deterrent, shaping user behavior, improving collaboration, and enabling more accurate, data-driven security decisions. (Joshua Goldfarb) The New Rules Of Engagement: Matching Agentic Attack Speed The cybersecurity response to AI-enabled nation-state threats cannot be incremental. It must be architectural. (Nadir Izrael) The Next Cybersecurity Crisis Isn’t Breaches—It’s Data You Can’t Trust Data integrity shouldn’t be seen only through the prism of a technical concern but also as a leadership issue. (Steve Durbin) Why Agentic AI Systems Need Better Governance – Lessons From OpenClaw Agentic AI platforms are shifting from passive recommendation tools to autonomous action-takers with real system access, (Etay Maor) The Human IOC: Why Security Professionals Struggle With Social Vetting Applying SOC-level rigor to the rumors, politics, and 'human intel' can make or break a security team. (Joshua Goldfarb) Flipboard Reddit Whatsapp Email