CVE-2026-0274
CVE-2026-0274 is a high-severity vulnerability with a CVSS 4.0 base score of 8.1. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-1390.
Key facts
- Severity: High (CVSS 4.0 base score 8.1)
- EPSS exploit prediction: 0% (23rd percentile)
- Actively exploited: Not listed in CISA KEV
- EU (EUVD) id: EUVD-2026-36150
- Weakness: CWE-1390
- Published:
- Last modified:
Description
An improper validation of credentials vulnerability in the CommvaultSecurityIQ integration for Cortex XSOAR and Cortex XSIAM allows an unauthenticated attacker to access and modify protected resources.
Frequently asked questions
- What is CVE-2026-0274?
- An improper validation of credentials vulnerability in the CommvaultSecurityIQ integration for Cortex XSOAR and Cortex XSIAM allows an unauthenticated attacker to access and modify protected resources.
- How severe is CVE-2026-0274?
- CVE-2026-0274 has a CVSS 4.0 base score of 8.1, rated high severity.
- Is CVE-2026-0274 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (23rd percentile), an estimate of the probability of exploitation in the next 30 days.
- How do I fix CVE-2026-0274?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its high severity, prioritise patching exposed systems.
- Does CVE-2026-0274 have an EU (EUVD) identifier?
- Yes. CVE-2026-0274 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2026-36150.
- When was CVE-2026-0274 published?
- CVE-2026-0274 was published on 2026-06-10 and last updated on 2026-06-17.
References
Other CWE-1390 vulnerabilities
- CVE-2025-30412 — Critical (CVSS 10.0): Sensitive data disclosure and manipulation due to improper authentication. The following products are affected: Acronis…
- CVE-2025-30411 — Critical (CVSS 10.0): Sensitive data disclosure and manipulation due to improper authentication. The following products are affected: Acronis…
- CVE-2026-6886 — Critical (CVSS 9.8): Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has a Authentication Bypass…
- CVE-2026-28710 — Critical (CVSS 9.8): Sensitive information disclosure and manipulation due to improper authentication. The following products are affected:…
- CVE-2025-40554 — Critical (CVSS 9.8): SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that, if exploited,…
- CVE-2025-40552 — Critical (CVSS 9.8): SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that if exploited, would…