Palo Alto Networks and SonicWall have separately announced patches for multiple vulnerabilities across their products, including two high-severity bugs.
Palo Alto Networks patched three flaws and rolled out third-party fixes for Cortex platforms, ADEM for Windows, PAN-OS, and products using a Chromium-based browser.
The most severe of these security defects is CVE-2026-0234, an improper verification of a cryptographic signature issue in the Cortex XSOAR and Cortex XSIAM platforms’ integration of Microsoft Teams.
Successful exploitation of the weakness allows attackers to access and tamper with protected resources, the company says.
Patches were also released for medium-severity vulnerabilities in Autonomous Digital Experience Manager on Windows and Cortex XDR agent on Windows that could allow attackers to execute arbitrary code or disable the XDR agent.
Additionally, the company incorporated nearly three dozen Chromium security fixes into its products and released fixes for multiple open source software CVEs impacting its products.
Palo Alto Networks says it is not aware of any of these security defects being exploited in the wild.
Additional information can be found on the company’s security advisories page.
SonicWall rolled out patches for four vulnerabilities in the SMA1000 series firewalls, including a high-severity SQL injection bug tracked as CVE-2026-4112.
Successful exploitation of this flaw, the company notes in its advisory, could allow attackers with read-only administrator privileges to obtain primary admin rights.
The remaining three issues patched this week could allow remote attackers to enumerate SSL VPN user credentials or bypass TOTP authentication.
SonicWall says it has no evidence that these vulnerabilities have been exploited in the wild, but urges users to update their SMA1000 series appliances as soon as possible.
Related: Data Leakage Vulnerability Patched in OpenSSL
Related: Severe StrongBox Vulnerability Patched in Android
Related: Cisco Patches Critical and High-Severity Vulnerabilities
Related: TP-Link Patches High-Severity Router Vulnerabilities
