VYPR
← All advisories
High severityNVD Advisory· Published Jun 10, 2026

CVE-2026-0274

CVE-2026-0274

Description

Improper credential validation in CommvaultSecurityIQ integration for Cortex XSOAR/XSIAM allows unauthenticated attackers to access/modify protected resources.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Improper credential validation in CommvaultSecurityIQ integration for Cortex XSOAR/XSIAM allows unauthenticated attackers to access/modify protected resources.

Vulnerability

An improper validation of credentials vulnerability exists in the CommvaultSecurityIQ integration for Cortex XSOAR and Cortex XSIAM. This issue affects versions 1.1.0 through 1.1.9 of the CommvaultSecurityIQ Marketplace integration for both Cortex XSOAR and Cortex XSIAM. No special configuration is required for the vulnerability to be exposed [1].

Exploitation

An unauthenticated attacker can exploit this vulnerability by leveraging the network attack vector. No user interaction, special privileges, or specific attack requirements are needed. The vulnerability is exploitable remotely and is automatable [1].

Impact

Successful exploitation allows an unauthenticated attacker to access and modify protected resources. This leads to a high impact on product confidentiality, integrity, and availability [1].

Mitigation

CommvaultSecurityIQ Marketplace versions 1.2.0 and later contain a fix for this vulnerability. Users are advised to upgrade to version 1.2.0 or later for both Cortex XSOAR and Cortex XSIAM. No known workarounds exist [1].

References
  1. CVE-2026-0274 Cortex XSOAR: Improper Validation of Credentials in CommvaultSecurityIQ integration

AI Insight generated on Jun 10, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

1

Patches

0

No patches discovered yet.

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

1

News mentions

1