A recent study has uncovered a significant vulnerability in Palo Alto Networks’ Cortex XDR Live Terminal feature, which can be exploited to create command-and-control (C2) channels. This feature, embedded within a trusted endpoint detection and response (EDR) agent, typically evades detection by enterprise security systems, presenting a stealthy opportunity for attackers.
Understanding Cortex XDR’s Vulnerability
The Live Terminal function is a legitimate remote management tool, enabling security personnel to execute commands, run scripts, and manage processes remotely. Communication occurs through WebSocket connections to Palo Alto’s cloud infrastructure. Notably, the protocol lacks command signing, allowing attackers to intercept and reroute communications to a server they control without verification.
InfoGuard Labs discovered that the cortex-xdr-payload.exe, a client-side component, is trusted by the EDR engine. This allows any executed commands to bypass standard detection mechanisms. The research highlights two exploitation methods: a cross-tenant attack using an attacker’s Cortex tenant and a method involving a custom server mimicking WebSocket communication.
Exploitation Techniques
In the cross-tenant scenario, attackers generate a valid session token from their own Cortex tenant, which they then use to redirect the victim’s endpoint to their server. Alternatively, attackers can create a custom server that replicates the WebSocket communication protocol, enabling them to control endpoints with minimal development effort.
This vulnerability poses a severe risk to enterprises using Cortex XDR. Once attackers gain access, they can maintain control over compromised systems clandestinely. The network traffic produced mimics regular Cortex agent activity, often escaping TLS inspection, allowing attackers to move laterally and gather data undetected.
Technical Details and Recommendations
When launching a Live Terminal session, a WebSocket message from Palo Alto’s cloud instructs the agent to execute cortex-xdr-payload.exe with specific parameters. Upon decompiling this executable, researchers identified a flaw in how server addresses are validated, allowing malicious URLs to bypass security checks.
The cross-tenant attack involves intercepting session tokens before the victim’s system connects to the attacker’s tenant, granting full access via the official interface. The legitimate parent process for cortex-xdr-payload.exe is cyserver.exe, and any deviation should raise alarms.
Palo Alto Networks was informed of these issues in September 2025, with versions 8.7 to 8.9 reportedly including fixes. However, tests in February 2026 revealed the vulnerabilities persist. Security teams are advised to monitor process creation events and flag anomalies. Implementing mutual authentication and command signing within the protocol is crucial for prevention.
For continuous updates on this and other cybersecurity news, follow us on Google News, LinkedIn, and X, and set CSN as a preferred source on Google.
