Search

Find a vulnerability

Search criteria

    424 vulnerabilities

    CVE-2026-0275 (GCVE-0-2026-0275)

    Vulnerability from cvelistv5 – Published: 2026-07-09 19:19 – Updated: 2026-07-10 03:55
    VLAI
    Title
    Prisma Browser: Local Privilege Escalation on macOS
    Summary
    A local privilege escalation vulnerability in Palo Alto Networks Prisma® Browser allows a locally authenticated administrator with access to the macOS local filesystem to perform actions on the device with root privileges. This issue only affects Prisma® Browser on macOS.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-269 - Improper Privilege Management
    Assigner
    References
    Impacted products
    Vendor Product Version
    Palo Alto Networks Prisma Browser Affected: 150.33.2.0 , < 150.33.2.46 (custom)
    Create a notification for this product.
    Date Public
    2026-07-08 16:00
    Credits
    Palo Alto Networks thanks Kun Peeks (@SwayZGl1tZyyy) for discovering and reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0275",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-10T03:55:49.835Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "macOS"
              ],
              "product": "Prisma Browser",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "150.33.2.46",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "150.33.2.46",
                  "status": "affected",
                  "version": "150.33.2.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "configurations": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "No special configuration is required to be affected by this issue."
                }
              ],
              "value": "No special configuration is required to be affected by this issue."
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:palo_alto_networks:prisma_browser:*:*:macos:*:*:*:*:*",
                      "versionEndExcluding": "150.33.2.46",
                      "versionStartIncluding": "150.33.2.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "other",
              "value": "Palo Alto Networks thanks Kun Peeks (@SwayZGl1tZyyy) for discovering and reporting this issue."
            }
          ],
          "datePublic": "2026-07-08T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A local privilege escalation vulnerability in Palo Alto Networks Prisma\u00ae Browser allows a locally authenticated administrator with access to the macOS local filesystem to perform actions on the device with root privileges. \u003cbr\u003e\u003cbr\u003eThis issue only affects Prisma\u00ae Browser on macOS."
                }
              ],
              "value": "A local privilege escalation vulnerability in Palo Alto Networks Prisma\u00ae Browser allows a locally authenticated administrator with access to the macOS local filesystem to perform actions on the device with root privileges. \n\nThis issue only affects Prisma\u00ae Browser on macOS."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003ePalo Alto Networks is not aware of any malicious exploitation of this issue.\u003c/p\u003e"
                }
              ],
              "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-233",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-233 Privilege Escalation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NO",
                "Recovery": "USER",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 2,
                "baseSeverity": "LOW",
                "exploitMaturity": "UNREPORTED",
                "privilegesRequired": "HIGH",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-269",
                  "description": "CWE-269 Improper Privilege Management",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T19:19:24.198Z",
            "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
            "shortName": "palo_alto"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.paloaltonetworks.com/CVE-2026-0275"
            }
          ],
          "solutions": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003ctable\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eVersion\u003c/th\u003e\u003cth\u003eSuggested Solution\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003ePrisma Browser\u003c/td\u003e\u003ctd\u003eUpgrade to 150.33.2.46\u0026nbsp;or later.\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e"
                }
              ],
              "value": "VersionSuggested SolutionPrisma BrowserUpgrade to 150.33.2.46\u00a0or later."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-08T16:00:00.000Z",
              "value": "Initial publication."
            }
          ],
          "title": "Prisma Browser: Local Privilege Escalation on macOS",
          "workarounds": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "No known workarounds exist for this issue."
                }
              ],
              "value": "No known workarounds exist for this issue."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "assignerShortName": "palo_alto",
        "cveId": "CVE-2026-0275",
        "datePublished": "2026-07-09T19:19:24.198Z",
        "dateReserved": "2025-11-03T20:44:34.621Z",
        "dateUpdated": "2026-07-10T03:55:49.835Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0276 (GCVE-0-2026-0276)

    Vulnerability from cvelistv5 – Published: 2026-07-09 19:17 – Updated: 2026-07-11 03:55
    VLAI
    Title
    Cortex XDR Broker VM: Privilege Escalation (PE) Vulnerability
    Summary
    A privilege escalation vulnerability in Palo Alto Networks Cortex® XDR Broker VM enables a locally authenticated user to perform actions as the root user.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-269 - — Improper Privilege Management
    Assigner
    References
    Impacted products
    Vendor Product Version
    Palo Alto Networks Cortex XDR Broker VM Affected: 20.0.96 , < 31.0.58 (custom)
    Create a notification for this product.
    Date Public
    2026-07-08 16:00
    Credits
    Palo Alto Networks thanks Martin Rougeron for discovering and reporting this issue
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0276",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-08T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-11T03:55:15.768Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Cortex XDR Broker VM",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "31.0.58",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "31.0.58",
                  "status": "affected",
                  "version": "20.0.96",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "configurations": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003e\u003cspan\u003eNo special configuration is required to be affected by this issue.\u003c/span\u003e\u003cbr\u003e\u003c/p\u003e"
                }
              ],
              "value": "No special configuration is required to be affected by this issue."
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:palo_alto_networks:cortex_xdr_broker_vm:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "31.0.58",
                      "versionStartIncluding": "20.0.96",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Palo Alto Networks thanks Martin Rougeron for discovering and reporting this issue"
            }
          ],
          "datePublic": "2026-07-08T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A privilege escalation vulnerability in Palo Alto Networks Cortex\u00ae XDR Broker VM enables a locally authenticated user to perform actions as the root user."
                }
              ],
              "value": "A privilege escalation vulnerability in Palo Alto Networks Cortex\u00ae XDR Broker VM enables a locally authenticated user to perform actions as the root user."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
                }
              ],
              "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-233",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-233 Privilege Escalation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NO",
                "Recovery": "USER",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 1.1,
                "baseSeverity": "LOW",
                "exploitMaturity": "UNREPORTED",
                "privilegesRequired": "LOW",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-269",
                  "description": "CWE-269 \u2014 Improper Privilege Management",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T19:17:01.145Z",
            "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
            "shortName": "palo_alto"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.paloaltonetworks.com/CVE-2026-0276"
            }
          ],
          "solutions": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eThis issue is fixed in Cortex XDR Broker VM 31.0.58, and all later Cortex XDR Broker VM versions.\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003eIf automatic upgrades are enabled for Broker VM, then no action is required at this time.\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003eIf automatic upgrades are not enabled for Broker VM, then we recommend that you do so to ensure that you always have the latest security patches installed in your software.\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"
                }
              ],
              "value": "This issue is fixed in Cortex XDR Broker VM 31.0.58, and all later Cortex XDR Broker VM versions.\n\n  *  \n\nIf automatic upgrades are enabled for Broker VM, then no action is required at this time.\n\n\n\n\n  *  \n\nIf automatic upgrades are not enabled for Broker VM, then we recommend that you do so to ensure that you always have the latest security patches installed in your software."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-08T16:00:00.000Z",
              "value": "Initial publication."
            }
          ],
          "title": "Cortex XDR Broker VM: Privilege Escalation (PE) Vulnerability",
          "workarounds": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "No known workarounds exist for this issue."
                }
              ],
              "value": "No known workarounds exist for this issue."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "assignerShortName": "palo_alto",
        "cveId": "CVE-2026-0276",
        "datePublished": "2026-07-09T19:17:01.145Z",
        "dateReserved": "2025-11-03T20:44:35.481Z",
        "dateUpdated": "2026-07-11T03:55:15.768Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0277 (GCVE-0-2026-0277)

    Vulnerability from cvelistv5 – Published: 2026-07-09 19:14 – Updated: 2026-07-10 14:19
    VLAI
    Title
    Prisma Access Agent: Improper Certificate Validation on iOS
    Summary
    An improper certificate validation vulnerability in the Prisma® Access Agent for iOS enables an attacker to perform a man-in-the-middle (MitM) attack to intercept VPN traffic. The Prisma Access Agent on Windows, macOS, Linux, Android and ChromeOS are not affected.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-295 - Improper Certificate Validation
    Assigner
    References
    Impacted products
    Date Public
    2026-07-08 16:00
    Credits
    our internal security research teams
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0277",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-10T14:19:46.628829Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-10T14:19:54.495Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "iOS"
              ],
              "product": "Prisma Access Agent",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "26.2.1",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "26.2.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux",
                "Windows",
                "macOS",
                "Android",
                "ChromeOS"
              ],
              "product": "Prisma Access Agent",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "configurations": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "No special configuration is required to be affected by this issue."
                }
              ],
              "value": "No special configuration is required to be affected by this issue."
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:palo_alto_networks:prisma_access_agent:*:*:*:*:*:iOS:*:*",
                      "versionEndExcluding": "26.2.1",
                      "versionStartIncluding": "25.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "our internal security research teams"
            }
          ],
          "datePublic": "2026-07-08T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An improper certificate validation vulnerability in the Prisma\u00ae Access Agent for iOS enables an attacker to perform a man-in-the-middle (MitM) attack to intercept VPN traffic. \u003cbr\u003e\u003cbr\u003eThe Prisma Access Agent on Windows, macOS, Linux, Android and ChromeOS are not affected."
                }
              ],
              "value": "An improper certificate validation vulnerability in the Prisma\u00ae Access Agent for iOS enables an attacker to perform a man-in-the-middle (MitM) attack to intercept VPN traffic. \n\nThe Prisma Access Agent on Windows, macOS, Linux, Android and ChromeOS are not affected."
            }
          ],
          "exploits": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
                }
              ],
              "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-94",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-94 Adversary in the Middle (AiTM)"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NO",
                "Recovery": "USER",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "ADJACENT",
                "baseScore": 5.7,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "UNREPORTED",
                "privilegesRequired": "NONE",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "PASSIVE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-295",
                  "description": "CWE-295 Improper Certificate Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T19:14:50.806Z",
            "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
            "shortName": "palo_alto"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.paloaltonetworks.com/CVE-2026-0277"
            }
          ],
          "solutions": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003ctable\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eVersion\u003cbr\u003e\u003c/th\u003e\u003cth\u003eMinor Version\u003cbr\u003e\u003c/th\u003e\u003cth\u003eSuggested Solution\u003cbr\u003e\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\n                                    \u003ctd\u003ePrisma Access Agent on iOS\u003cbr\u003e\u003c/td\u003e\n                                    \u003ctd\u003e25.0 through 26.2\u003c/td\u003e\n                                    \u003ctd\u003eUpgrade to 26.2.1 or later.\u003c/td\u003e\n                                \u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePrisma Access Agent on Linux\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePrisma Access Agent on Windows\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePrisma Access Agent on macOS\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePrisma Access Agent on Android\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePrisma Access Agent on ChromeOS\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e"
                }
              ],
              "value": "Version\nMinor Version\nSuggested Solution\n\n                                    Prisma Access Agent on iOS\n\n                                    25.0 through 26.2\n                                    Upgrade to 26.2.1 or later.\n                                Prisma Access Agent on Linux\nNo action needed.Prisma Access Agent on Windows\nNo action needed.Prisma Access Agent on macOS\nNo action needed.Prisma Access Agent on Android\nNo action needed.Prisma Access Agent on ChromeOS\nNo action needed."
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-08T16:00:00.000Z",
              "value": "Initial Publication"
            }
          ],
          "title": "Prisma Access Agent: Improper Certificate Validation on iOS",
          "workarounds": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "No known workarounds exist for this issue."
                }
              ],
              "value": "No known workarounds exist for this issue."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "assignerShortName": "palo_alto",
        "cveId": "CVE-2026-0277",
        "datePublished": "2026-07-09T19:14:50.806Z",
        "dateReserved": "2025-11-03T20:44:36.317Z",
        "dateUpdated": "2026-07-10T14:19:54.495Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0278 (GCVE-0-2026-0278)

    Vulnerability from cvelistv5 – Published: 2026-07-09 19:12 – Updated: 2026-07-11 03:55
    VLAI
    Title
    Prisma Access Agent: Multiple DLP Policy Bypass Vulnerabilities on Windows
    Summary
    Multiple protection mechanism failures in the Prisma Access Agent Data Loss Prevention (DLP) component for Windows allow a local user to bypass DLP policy enforcement controls. The Prisma Access Agent on macOS is not affected.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-693 - Protection Mechanism Failure
    Assigner
    References
    Impacted products
    Date Public
    2026-07-08 16:00
    Credits
    Daniel Cuthbert and Vladislav Ovitchinikov from Banco Santander
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0278",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-08T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-11T03:55:14.977Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Prisma Access Agent",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "26.2.1",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "26.2.1",
                  "status": "affected",
                  "version": "24.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "macOS"
              ],
              "product": "Prisma Access Agent",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "configurations": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "No special configuration is required to be affected by this issue."
                }
              ],
              "value": "No special configuration is required to be affected by this issue."
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:palo_alto_networks:prisma_access_agent:*:*:windows:*:*:*:*:*",
                      "versionEndExcluding": "26.2.1",
                      "versionStartIncluding": "24.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:palo_alto_networks:prisma_access_agent:all:*:macos:*:*:*:*:*",
                      "vulnerable": false
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Daniel Cuthbert and Vladislav Ovitchinikov from Banco Santander"
            }
          ],
          "datePublic": "2026-07-08T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003e\u003cspan\u003eMultiple protection mechanism failures in the Prisma Access Agent Data Loss Prevention (DLP) component for Windows allow a local user to bypass DLP policy enforcement controls.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan\u003eThe Prisma Access Agent on macOS is not affected.\u003c/span\u003e\u003c/p\u003e"
                }
              ],
              "value": "Multiple protection mechanism failures in the Prisma Access Agent Data Loss Prevention (DLP) component for Windows allow a local user to bypass DLP policy enforcement controls.\n\n\n\nThe Prisma Access Agent on macOS is not affected."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
                }
              ],
              "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-212",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-212 Functionality Misuse"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NO",
                "Recovery": "AUTOMATIC",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 5.8,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "UNREPORTED",
                "privilegesRequired": "LOW",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "CONCENTRATED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/AU:N/R:A/V:C/RE:H/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "HIGH"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-693",
                  "description": "CWE-693 Protection Mechanism Failure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T19:12:11.045Z",
            "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
            "shortName": "palo_alto"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.paloaltonetworks.com/CVE-2026-0278"
            }
          ],
          "solutions": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003ctable\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eVersion\u003cbr\u003e\u003c/th\u003e\u003cth\u003eMinor Version\u003cbr\u003e\u003c/th\u003e\u003cth\u003eSuggested Solution\u003cbr\u003e\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\n                                    \u003ctd\u003ePrisma Access Agent   on Windows\u003cbr\u003e\u003c/td\u003e\n                                    \u003ctd\u003e24.0 through 26.2\u003c/td\u003e\n                                    \u003ctd\u003eUpgrade to 26.2.1 or later.\u003c/td\u003e\n                                \u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePrisma Access Agent on macOS\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e"
                }
              ],
              "value": "Version\nMinor Version\nSuggested Solution\n\n                                    Prisma Access Agent   on Windows\n\n                                    24.0 through 26.2\n                                    Upgrade to 26.2.1 or later.\n                                Prisma Access Agent on macOS\nNo action needed."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-08T16:00:00.000Z",
              "value": "Initial Publication"
            }
          ],
          "title": "Prisma Access Agent: Multiple DLP Policy Bypass Vulnerabilities on Windows",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "No known workarounds exist for this issue."
                }
              ],
              "value": "No known workarounds exist for this issue."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "assignerShortName": "palo_alto",
        "cveId": "CVE-2026-0278",
        "datePublished": "2026-07-09T19:12:11.045Z",
        "dateReserved": "2025-11-03T20:44:37.292Z",
        "dateUpdated": "2026-07-11T03:55:14.977Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0279 (GCVE-0-2026-0279)

    Vulnerability from cvelistv5 – Published: 2026-07-09 19:08 – Updated: 2026-07-09 19:23
    VLAI
    Title
    PAN-OS: Multiple Cross-Site Scripting (XSS) Vulnerabilities
    Summary
    Multiple cross site scripting vulnerabilities in the User-ID™ Authentication Portal (aka Captive Portal) service, GlobalProtect™ gateway/portal features and Clientless VPN of Palo Alto Networks PAN-OS® software enables a malicious unauthenticated user to store or execute malicious JavaScript payload. The security risk posed by this issue is minimized when the management interface and access to the User-ID™ Authentication Portal is restricted to only trusted internal IP addresses according to our recommended best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . This issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series). Cloud NGFW is not affected by this vulnerability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Palo Alto Networks Cloud NGFW Unaffected: All (custom)
    Create a notification for this product.
    Palo Alto Networks PAN-OS Affected: 12.1.0 , < 12.1.8 (custom)
    Affected: 11.2.0 , < 11.2.13 (custom)
    Affected: 11.1.0 , < 11.1.16 (custom)
    Affected: 10.2.0 , < 10.2.18-h8 (custom)
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.12:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h16:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h13:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.15:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.14:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h37:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h36:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h31:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h30:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h27:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h26:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h23:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h13:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Palo Alto Networks Prisma Access Affected: 12.1.0 , < 12.1.8 (custom)
    Affected: 11.2.0 (custom)
    Affected: 10.2.0 (custom)
    Create a notification for this product.
    Date Public
    2026-07-08 16:00
    Credits
    our internal security research teams
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0279",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T19:23:35.978278Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T19:23:42.200Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Cloud NGFW",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h16:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h13:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h37:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h36:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h31:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h30:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h27:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h26:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h23:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h13:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "affected",
              "product": "PAN-OS",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "12.1.8",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "12.1.8",
                  "status": "affected",
                  "version": "12.1.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "11.2.13",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "11.2.13",
                  "status": "affected",
                  "version": "11.2.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "11.1.16",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "11.1.16",
                  "status": "affected",
                  "version": "11.1.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "10.2.18-h8",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.16-h9",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.13-h23",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.10-h39",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.7-h36",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "10.2.18-h8",
                  "status": "affected",
                  "version": "10.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "Prisma Access",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "12.1.8",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "12.1.8",
                  "status": "affected",
                  "version": "12.1.0",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "11.2.0",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "10.2.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "configurations": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "No special configuration is required to be affected by this issue."
                }
              ],
              "value": "No special configuration is required to be affected by this issue."
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "12.1.8",
                      "versionStartIncluding": "12.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.2.13",
                      "versionStartIncluding": "11.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.16",
                      "versionStartIncluding": "11.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionStartIncluding": "10.2.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:prisma_access:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "12.1.8",
                      "versionStartIncluding": "12.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:prisma_access:*:*:*:*:*:*:*:*",
                      "versionStartIncluding": "11.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:prisma_access:*:*:*:*:*:*:*:*",
                      "versionStartIncluding": "10.2.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "our internal security research teams"
            }
          ],
          "datePublic": "2026-07-08T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Multiple cross site scripting vulnerabilities in the User-ID\u2122 Authentication Portal (aka Captive Portal) service, GlobalProtect\u2122 gateway/portal features and Clientless VPN of Palo Alto Networks PAN-OS\u00ae software enables a malicious unauthenticated user to store or execute malicious JavaScript payload.\u003cbr\u003e\u003cp\u003e\u003cspan\u003eThe security risk posed by this issue is minimized when the management interface and access to the User-ID\u2122 Authentication Portal is restricted to only trusted internal IP addresses according to our recommended\u003c/span\u003e \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"\u003e\u003cspan\u003ebest practice deployment guidelines\u003c/span\u003e\u003c/a\u003e\u003cspan\u003e.\u003cbr\u003e\u003cbr\u003e\u003c/span\u003e\u003cspan\u003eThis issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series).\u003c/span\u003e\u003cb\u003e\u003cspan\u003e\u003cbr\u003e\u003c/span\u003e\u003cspan\u003e\u003cbr\u003e\u003c/span\u003e\u003c/b\u003e\u003cspan\u003eCloud NGFW is not affected by this vulnerability.\u003c/span\u003e\u003cbr\u003e\u003c/p\u003e"
                }
              ],
              "value": "Multiple cross site scripting vulnerabilities in the User-ID\u2122 Authentication Portal (aka Captive Portal) service, GlobalProtect\u2122 gateway/portal features and Clientless VPN of Palo Alto Networks PAN-OS\u00ae software enables a malicious unauthenticated user to store or execute malicious JavaScript payload.\n\n\nThe security risk posed by this issue is minimized when the management interface and access to the User-ID\u2122 Authentication Portal is restricted to only trusted internal IP addresses according to our recommended  best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .\n\nThis issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series).\n\nCloud NGFW is not affected by this vulnerability."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Palo Alto Networks is not aware of any malicious exploitation of these issues."
                }
              ],
              "value": "Palo Alto Networks is not aware of any malicious exploitation of these issues."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-63",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-63 Cross-Site Scripting (XSS)"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NO",
                "Recovery": "USER",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 1.3,
                "baseSeverity": "LOW",
                "exploitMaturity": "UNREPORTED",
                "privilegesRequired": "NONE",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "The risk is highest when you allow access to the management interface from external IP addresses on the internet."
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NO",
                "Recovery": "USER",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "ADJACENT",
                "baseScore": 1.2,
                "baseSeverity": "LOW",
                "exploitMaturity": "UNREPORTED",
                "privilegesRequired": "NONE",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "You can reduce the risk of exploitation by restricting access to a jump box that is the only system allowed to access the management interface."
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NO",
                "Recovery": "USER",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "ADJACENT",
                "baseScore": 0.4,
                "baseSeverity": "LOW",
                "exploitMaturity": "UNREPORTED",
                "privilegesRequired": "LOW",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "The risk of exploitation is lower for Prisma Access as it requires an authenticated user and the external network access to the management interface is restricted."
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T19:08:41.656Z",
            "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
            "shortName": "palo_alto"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.paloaltonetworks.com/CVE-2026-0279"
            }
          ],
          "solutions": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003ctable\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eVersion\u003cbr\u003e\u003c/th\u003e\u003cth\u003eMinor Version\u003cbr\u003e\u003c/th\u003e\u003cth\u003eSuggested Solution\u003cbr\u003e\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eCloud NGFW\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 12.1\u003c/td\u003e\u003ctd\u003e12.1.2 through 12.1.7-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 12.1.8\u0026nbsp; or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 11.2\u003c/td\u003e\u003ctd\u003e11.2.0 through 11.2.12\u003c/td\u003e\u003ctd\u003eUpgrade to 11.2.13 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 11.1\u003c/td\u003e\u003ctd\u003e11.1.0 through 11.1.15-h*\u003cbr\u003e\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.16\u0026nbsp; or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 10.2\u003c/td\u003e\u003ctd\u003e10.2.0 through 10.2*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.16, 11.2.13, 12.1.8  or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eAll older\u003cbr\u003eunsupported\u003cbr\u003ePAN-OS versions\u003c/td\u003e\u003ctd\u003e\u0026nbsp;\u003c/td\u003e\u003ctd\u003eUpgrade to a supported fixed version.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u0026nbsp;Prisma Access 12.1\u003c/td\u003e\u003ctd\u003e12.1.2 through 12.1.7-h*\u003c/td\u003e\u003ctd\u003e\u0026nbsp;Upgrade to 12.1.8  or later.*\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePrisma Access 11.2\u003c/td\u003e\u003ctd\u003e11.2.0 through 11.2*\u003c/td\u003e\u003ctd\u003eUpgrade to 12.1.8 or later.*\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePrisma Access 10.2\u003c/td\u003e\u003ctd\u003e10.2.0 through 10.2*\u003c/td\u003e\u003ctd\u003eUpgrade to 12.1.8 or later.*\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cbr\u003e* See the note under Product Status for information regarding Prisma Access upgrades."
                }
              ],
              "value": "Version\nMinor Version\nSuggested Solution\nCloud NGFW\nNo action needed.PAN-OS 12.112.1.2 through 12.1.7-h*Upgrade to 12.1.8\u00a0 or later.PAN-OS 11.211.2.0 through 11.2.12Upgrade to 11.2.13 or later.PAN-OS 11.111.1.0 through 11.1.15-h*\nUpgrade to 11.1.16\u00a0 or later.PAN-OS 10.210.2.0 through 10.2*Upgrade to 11.1.16, 11.2.13, 12.1.8  or later.All older\nunsupported\nPAN-OS versions\u00a0Upgrade to a supported fixed version.\u00a0Prisma Access 12.112.1.2 through 12.1.7-h*\u00a0Upgrade to 12.1.8  or later.*Prisma Access 11.211.2.0 through 11.2*Upgrade to 12.1.8 or later.*Prisma Access 10.210.2.0 through 10.2*Upgrade to 12.1.8 or later.*\n* See the note under Product Status for information regarding Prisma Access upgrades."
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-08T20:30:00.000Z",
              "value": "Updated the Unaffected version for Prisma Access."
            },
            {
              "lang": "en",
              "time": "2026-07-08T16:00:00.000Z",
              "value": "Initial publication"
            }
          ],
          "title": "PAN-OS: Multiple Cross-Site Scripting (XSS) Vulnerabilities",
          "workarounds": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eThe vast majority of firewalls already follow Palo Alto Networks\u0027 and industry best practices. However, if you have not already, we strongly recommend that you secure access to your management interface according to our \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"\u003ebest practice deployment guidelines\u003c/a\u003e.\u0026nbsp;Specifically, you should restrict management interface access to only trusted internal IP addresses.\u003c/p\u003e\u003cp\u003eReview information about how to secure management access to your Palo Alto Networks firewalls:\u003c/p\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"\u003e\u003c/a\u003e\u003cul\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"\u003e\u003c/a\u003e\u003cli\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"\u003e\u003c/a\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"\u003ePalo Alto Networks LIVEcommunity article\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices\"\u003ePalo Alto Networks official and detailed technical documentation\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e"
                }
              ],
              "value": "The vast majority of firewalls already follow Palo Alto Networks\u0027 and industry best practices. However, if you have not already, we strongly recommend that you secure access to your management interface according to our  best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .\u00a0Specifically, you should restrict management interface access to only trusted internal IP addresses.\n\n\n\nReview information about how to secure management access to your Palo Alto Networks firewalls:\n\n  https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431   https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431   *    https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431  Palo Alto Networks LIVEcommunity article https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 \n  *   Palo Alto Networks official and detailed technical documentation https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices"
            }
          ],
          "x_affectedList": [
            "PAN-OS 12.1.7",
            "PAN-OS 12.1.6",
            "PAN-OS 12.1.5",
            "PAN-OS 12.1.4-h6",
            "PAN-OS 12.1.4-h5",
            "PAN-OS 12.1.4-h3",
            "PAN-OS 12.1.4-h2",
            "PAN-OS 12.1.4",
            "PAN-OS 12.1.3-h3",
            "PAN-OS 12.1.3-h1",
            "PAN-OS 12.1.3",
            "PAN-OS 12.1.2",
            "PAN-OS 11.2.12",
            "PAN-OS 11.2.11",
            "PAN-OS 11.2.10-h8",
            "PAN-OS 11.2.10-h7",
            "PAN-OS 11.2.10-h6",
            "PAN-OS 11.2.10-h5",
            "PAN-OS 11.2.10-h4",
            "PAN-OS 11.2.10-h3",
            "PAN-OS 11.2.10-h2",
            "PAN-OS 11.2.10-h1",
            "PAN-OS 11.2.10",
            "PAN-OS 11.2.9",
            "PAN-OS 11.2.8",
            "PAN-OS 11.2.7-h15",
            "PAN-OS 11.2.7-h14",
            "PAN-OS 11.2.7-h13",
            "PAN-OS 11.2.7-h12",
            "PAN-OS 11.2.7-h11",
            "PAN-OS 11.2.7-h10",
            "PAN-OS 11.2.7-h8",
            "PAN-OS 11.2.7-h7",
            "PAN-OS 11.2.7-h4",
            "PAN-OS 11.2.7-h3",
            "PAN-OS 11.2.7-h2",
            "PAN-OS 11.2.7-h1",
            "PAN-OS 11.2.7",
            "PAN-OS 11.2.6",
            "PAN-OS 11.2.5",
            "PAN-OS 11.2.4-h17",
            "PAN-OS 11.2.4-h15",
            "PAN-OS 11.2.4-h14",
            "PAN-OS 11.2.4-h12",
            "PAN-OS 11.2.4-h11",
            "PAN-OS 11.2.4-h10",
            "PAN-OS 11.2.4-h9",
            "PAN-OS 11.2.4-h8",
            "PAN-OS 11.2.4-h7",
            "PAN-OS 11.2.4-h6",
            "PAN-OS 11.2.4-h5",
            "PAN-OS 11.2.4-h4",
            "PAN-OS 11.2.4-h3",
            "PAN-OS 11.2.4-h2",
            "PAN-OS 11.2.4-h1",
            "PAN-OS 11.2.4",
            "PAN-OS 11.2.3-h5",
            "PAN-OS 11.2.3-h4",
            "PAN-OS 11.2.3-h3",
            "PAN-OS 11.2.3-h2",
            "PAN-OS 11.2.3-h1",
            "PAN-OS 11.2.3",
            "PAN-OS 11.2.2-h2",
            "PAN-OS 11.2.2-h1",
            "PAN-OS 11.2.1-h1",
            "PAN-OS 11.2.1",
            "PAN-OS 11.2.0-h1",
            "PAN-OS 11.2.0",
            "PAN-OS 11.1.15",
            "PAN-OS 11.1.14",
            "PAN-OS 11.1.13-h6",
            "PAN-OS 11.1.13-h5",
            "PAN-OS 11.1.13-h3",
            "PAN-OS 11.1.13-h2",
            "PAN-OS 11.1.13-h1",
            "PAN-OS 11.1.13",
            "PAN-OS 11.1.12",
            "PAN-OS 11.1.11",
            "PAN-OS 11.1.10-h26",
            "PAN-OS 11.1.10-h25",
            "PAN-OS 11.1.10-h21",
            "PAN-OS 11.1.10-h12",
            "PAN-OS 11.1.10-h10",
            "PAN-OS 11.1.10-h9",
            "PAN-OS 11.1.10-h7",
            "PAN-OS 11.1.10-h5",
            "PAN-OS 11.1.10-h4",
            "PAN-OS 11.1.10-h1",
            "PAN-OS 11.1.10",
            "PAN-OS 11.1.9",
            "PAN-OS 11.1.8",
            "PAN-OS 11.1.6-h32",
            "PAN-OS 11.1.6-h29",
            "PAN-OS 11.1.6-h25",
            "PAN-OS 11.1.6-h23",
            "PAN-OS 11.1.6-h22",
            "PAN-OS 11.1.6-h21",
            "PAN-OS 11.1.6-h20",
            "PAN-OS 11.1.6-h19",
            "PAN-OS 11.1.6-h18",
            "PAN-OS 11.1.6-h17",
            "PAN-OS 11.1.6-h14",
            "PAN-OS 11.1.6-h10",
            "PAN-OS 11.1.6-h7",
            "PAN-OS 11.1.6-h6",
            "PAN-OS 11.1.6-h4",
            "PAN-OS 11.1.6-h3",
            "PAN-OS 11.1.6-h2",
            "PAN-OS 11.1.6-h1",
            "PAN-OS 11.1.6",
            "PAN-OS 11.1.5-h1",
            "PAN-OS 11.1.5",
            "PAN-OS 11.1.4-h33",
            "PAN-OS 11.1.4-h32",
            "PAN-OS 11.1.4-h27",
            "PAN-OS 11.1.4-h25",
            "PAN-OS 11.1.4-h18",
            "PAN-OS 11.1.4-h17",
            "PAN-OS 11.1.4-h15",
            "PAN-OS 11.1.4-h13",
            "PAN-OS 11.1.4-h12",
            "PAN-OS 11.1.4-h11",
            "PAN-OS 11.1.4-h10",
            "PAN-OS 11.1.4-h9",
            "PAN-OS 11.1.4-h8",
            "PAN-OS 11.1.4-h7",
            "PAN-OS 11.1.4-h6",
            "PAN-OS 11.1.4-h5",
            "PAN-OS 11.1.4-h4",
            "PAN-OS 11.1.4-h3",
            "PAN-OS 11.1.4-h2",
            "PAN-OS 11.1.4-h1",
            "PAN-OS 11.1.4",
            "PAN-OS 11.1.3-h13",
            "PAN-OS 11.1.3-h12",
            "PAN-OS 11.1.3-h11",
            "PAN-OS 11.1.3-h10",
            "PAN-OS 11.1.3-h9",
            "PAN-OS 11.1.3-h8",
            "PAN-OS 11.1.3-h7",
            "PAN-OS 11.1.3-h6",
            "PAN-OS 11.1.3-h5",
            "PAN-OS 11.1.3-h4",
            "PAN-OS 11.1.3-h3",
            "PAN-OS 11.1.3-h2",
            "PAN-OS 11.1.3-h1",
            "PAN-OS 11.1.3",
            "PAN-OS 11.1.2-h18",
            "PAN-OS 11.1.2-h17",
            "PAN-OS 11.1.2-h16",
            "PAN-OS 11.1.2-h15",
            "PAN-OS 11.1.2-h14",
            "PAN-OS 11.1.2-h13",
            "PAN-OS 11.1.2-h12",
            "PAN-OS 11.1.2-h11",
            "PAN-OS 11.1.2-h10",
            "PAN-OS 11.1.2-h9",
            "PAN-OS 11.1.2-h8",
            "PAN-OS 11.1.2-h7",
            "PAN-OS 11.1.2-h6",
            "PAN-OS 11.1.2-h5",
            "PAN-OS 11.1.2-h4",
            "PAN-OS 11.1.2-h3",
            "PAN-OS 11.1.2-h2",
            "PAN-OS 11.1.2-h1",
            "PAN-OS 11.1.2",
            "PAN-OS 11.1.1-h2",
            "PAN-OS 11.1.1-h1",
            "PAN-OS 11.1.1",
            "PAN-OS 11.1.0-h4",
            "PAN-OS 11.1.0-h3",
            "PAN-OS 11.1.0-h2",
            "PAN-OS 11.1.0-h1",
            "PAN-OS 11.1.0",
            "PAN-OS 10.2.18-h6",
            "PAN-OS 10.2.18-h5",
            "PAN-OS 10.2.18-h1",
            "PAN-OS 10.2.18",
            "PAN-OS 10.2.17",
            "PAN-OS 10.2.16-h7",
            "PAN-OS 10.2.16-h6",
            "PAN-OS 10.2.16-h4",
            "PAN-OS 10.2.16-h1",
            "PAN-OS 10.2.16",
            "PAN-OS 10.2.15",
            "PAN-OS 10.2.14-h1",
            "PAN-OS 10.2.14",
            "PAN-OS 10.2.13-h21",
            "PAN-OS 10.2.13-h18",
            "PAN-OS 10.2.13-h16",
            "PAN-OS 10.2.13-h15",
            "PAN-OS 10.2.13-h10",
            "PAN-OS 10.2.13-h7",
            "PAN-OS 10.2.13-h5",
            "PAN-OS 10.2.13-h4",
            "PAN-OS 10.2.13-h3",
            "PAN-OS 10.2.13-h2",
            "PAN-OS 10.2.13-h1",
            "PAN-OS 10.2.13",
            "PAN-OS 10.2.12-h6",
            "PAN-OS 10.2.12-h5",
            "PAN-OS 10.2.12-h4",
            "PAN-OS 10.2.12-h3",
            "PAN-OS 10.2.12-h2",
            "PAN-OS 10.2.12-h1",
            "PAN-OS 10.2.12",
            "PAN-OS 10.2.11-h13",
            "PAN-OS 10.2.11-h12",
            "PAN-OS 10.2.11-h11",
            "PAN-OS 10.2.11-h10",
            "PAN-OS 10.2.11-h9",
            "PAN-OS 10.2.11-h8",
            "PAN-OS 10.2.11-h7",
            "PAN-OS 10.2.11-h6",
            "PAN-OS 10.2.11-h5",
            "PAN-OS 10.2.11-h4",
            "PAN-OS 10.2.11-h3",
            "PAN-OS 10.2.11-h2",
            "PAN-OS 10.2.11-h1",
            "PAN-OS 10.2.11",
            "PAN-OS 10.2.10-h36",
            "PAN-OS 10.2.10-h31",
            "PAN-OS 10.2.10-h30",
            "PAN-OS 10.2.10-h27",
            "PAN-OS 10.2.10-h26",
            "PAN-OS 10.2.10-h23",
            "PAN-OS 10.2.10-h21",
            "PAN-OS 10.2.10-h18",
            "PAN-OS 10.2.10-h17",
            "PAN-OS 10.2.10-h14",
            "PAN-OS 10.2.10-h13",
            "PAN-OS 10.2.10-h12",
            "PAN-OS 10.2.10-h11",
            "PAN-OS 10.2.10-h10",
            "PAN-OS 10.2.10-h9",
            "PAN-OS 10.2.10-h8",
            "PAN-OS 10.2.10-h7",
            "PAN-OS 10.2.10-h6",
            "PAN-OS 10.2.10-h5",
            "PAN-OS 10.2.10-h4",
            "PAN-OS 10.2.10-h3",
            "PAN-OS 10.2.10-h2",
            "PAN-OS 10.2.10-h1",
            "PAN-OS 10.2.10",
            "PAN-OS 10.2.9-h21",
            "PAN-OS 10.2.9-h20",
            "PAN-OS 10.2.9-h19",
            "PAN-OS 10.2.9-h18",
            "PAN-OS 10.2.9-h17",
            "PAN-OS 10.2.9-h16",
            "PAN-OS 10.2.9-h15",
            "PAN-OS 10.2.9-h14",
            "PAN-OS 10.2.9-h13",
            "PAN-OS 10.2.9-h12",
            "PAN-OS 10.2.9-h11",
            "PAN-OS 10.2.9-h10",
            "PAN-OS 10.2.9-h9",
            "PAN-OS 10.2.9-h8",
            "PAN-OS 10.2.9-h7",
            "PAN-OS 10.2.9-h6",
            "PAN-OS 10.2.9-h5",
            "PAN-OS 10.2.9-h4",
            "PAN-OS 10.2.9-h3",
            "PAN-OS 10.2.9-h2",
            "PAN-OS 10.2.9-h1",
            "PAN-OS 10.2.9",
            "PAN-OS 10.2.8-h21",
            "PAN-OS 10.2.8-h20",
            "PAN-OS 10.2.8-h19",
            "PAN-OS 10.2.8-h18",
            "PAN-OS 10.2.8-h17",
            "PAN-OS 10.2.8-h16",
            "PAN-OS 10.2.8-h15",
            "PAN-OS 10.2.8-h14",
            "PAN-OS 10.2.8-h13",
            "PAN-OS 10.2.8-h12",
            "PAN-OS 10.2.8-h11",
            "PAN-OS 10.2.8-h10",
            "PAN-OS 10.2.8-h9",
            "PAN-OS 10.2.8-h8",
            "PAN-OS 10.2.8-h7",
            "PAN-OS 10.2.8-h6",
            "PAN-OS 10.2.8-h5",
            "PAN-OS 10.2.8-h4",
            "PAN-OS 10.2.8-h3",
            "PAN-OS 10.2.8-h2",
            "PAN-OS 10.2.8-h1",
            "PAN-OS 10.2.8",
            "PAN-OS 10.2.7-h34",
            "PAN-OS 10.2.7-h32",
            "PAN-OS 10.2.7-h24",
            "PAN-OS 10.2.7-h23",
            "PAN-OS 10.2.7-h22",
            "PAN-OS 10.2.7-h21",
            "PAN-OS 10.2.7-h20",
            "PAN-OS 10.2.7-h19",
            "PAN-OS 10.2.7-h18",
            "PAN-OS 10.2.7-h17",
            "PAN-OS 10.2.7-h16",
            "PAN-OS 10.2.7-h15",
            "PAN-OS 10.2.7-h14",
            "PAN-OS 10.2.7-h13",
            "PAN-OS 10.2.7-h12",
            "PAN-OS 10.2.7-h11",
            "PAN-OS 10.2.7-h10",
            "PAN-OS 10.2.7-h9",
            "PAN-OS 10.2.7-h8",
            "PAN-OS 10.2.7-h7",
            "PAN-OS 10.2.7-h6",
            "PAN-OS 10.2.7-h5",
            "PAN-OS 10.2.7-h4",
            "PAN-OS 10.2.7-h3",
            "PAN-OS 10.2.7-h2",
            "PAN-OS 10.2.7-h1",
            "PAN-OS 10.2.7",
            "PAN-OS 10.2.6-h6",
            "PAN-OS 10.2.6-h5",
            "PAN-OS 10.2.6-h4",
            "PAN-OS 10.2.6-h3",
            "PAN-OS 10.2.6-h2",
            "PAN-OS 10.2.6-h1",
            "PAN-OS 10.2.6",
            "PAN-OS 10.2.5-h9",
            "PAN-OS 10.2.5-h8",
            "PAN-OS 10.2.5-h7",
            "PAN-OS 10.2.5-h6",
            "PAN-OS 10.2.5-h5",
            "PAN-OS 10.2.5-h4",
            "PAN-OS 10.2.5-h3",
            "PAN-OS 10.2.5-h2",
            "PAN-OS 10.2.5-h1",
            "PAN-OS 10.2.5",
            "PAN-OS 10.2.4-h32",
            "PAN-OS 10.2.4-h31",
            "PAN-OS 10.2.4-h30",
            "PAN-OS 10.2.4-h29",
            "PAN-OS 10.2.4-h28",
            "PAN-OS 10.2.4-h27",
            "PAN-OS 10.2.4-h26",
            "PAN-OS 10.2.4-h25",
            "PAN-OS 10.2.4-h24",
            "PAN-OS 10.2.4-h23",
            "PAN-OS 10.2.4-h22",
            "PAN-OS 10.2.4-h21",
            "PAN-OS 10.2.4-h20",
            "PAN-OS 10.2.4-h19",
            "PAN-OS 10.2.4-h18",
            "PAN-OS 10.2.4-h17",
            "PAN-OS 10.2.4-h16",
            "PAN-OS 10.2.4-h15",
            "PAN-OS 10.2.4-h14",
            "PAN-OS 10.2.4-h13",
            "PAN-OS 10.2.4-h12",
            "PAN-OS 10.2.4-h11",
            "PAN-OS 10.2.4-h10",
            "PAN-OS 10.2.4-h9",
            "PAN-OS 10.2.4-h8",
            "PAN-OS 10.2.4-h7",
            "PAN-OS 10.2.4-h6",
            "PAN-OS 10.2.4-h5",
            "PAN-OS 10.2.4-h4",
            "PAN-OS 10.2.4-h3",
            "PAN-OS 10.2.4-h2",
            "PAN-OS 10.2.4-h1",
            "PAN-OS 10.2.4",
            "PAN-OS 10.2.3-h14",
            "PAN-OS 10.2.3-h13",
            "PAN-OS 10.2.3-h12",
            "PAN-OS 10.2.3-h11",
            "PAN-OS 10.2.3-h10",
            "PAN-OS 10.2.3-h9",
            "PAN-OS 10.2.3-h8",
            "PAN-OS 10.2.3-h7",
            "PAN-OS 10.2.3-h6",
            "PAN-OS 10.2.3-h5",
            "PAN-OS 10.2.3-h4",
            "PAN-OS 10.2.3-h3",
            "PAN-OS 10.2.3-h2",
            "PAN-OS 10.2.3-h1",
            "PAN-OS 10.2.3",
            "PAN-OS 10.2.2-h6",
            "PAN-OS 10.2.2-h5",
            "PAN-OS 10.2.2-h4",
            "PAN-OS 10.2.2-h3",
            "PAN-OS 10.2.2-h2",
            "PAN-OS 10.2.2-h1",
            "PAN-OS 10.2.2",
            "PAN-OS 10.2.1-h3",
            "PAN-OS 10.2.1-h2",
            "PAN-OS 10.2.1-h1",
            "PAN-OS 10.2.1",
            "PAN-OS 10.2.0-h4",
            "PAN-OS 10.2.0-h3",
            "PAN-OS 10.2.0-h2",
            "PAN-OS 10.2.0-h1",
            "PAN-OS 10.2.0"
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "assignerShortName": "palo_alto",
        "cveId": "CVE-2026-0279",
        "datePublished": "2026-07-09T19:08:41.656Z",
        "dateReserved": "2025-11-03T20:44:38.280Z",
        "dateUpdated": "2026-07-09T19:23:42.200Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0280 (GCVE-0-2026-0280)

    Vulnerability from cvelistv5 – Published: 2026-07-09 19:05 – Updated: 2026-07-09 19:23
    VLAI
    Title
    PAN-OS: IPv6 Firewall Policy Bypass
    Summary
    An IPv6 packet processing vulnerability in the dataplane of Palo Alto Networks PAN-OS® software enables an unauthenticated attacker to bypass firewall security policy enforcement, allowing network traffic that should be blocked to reach protected services. Cloud NGFW and Panorama are not impacted by this vulnerability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-131 - Incorrect Calculation of Buffer Size
    Assigner
    References
    Impacted products
    Vendor Product Version
    Palo Alto Networks Cloud NGFW Unaffected: All (custom)
    Create a notification for this product.
    Palo Alto Networks PAN-OS Affected: 12.1.0 , < 12.1.8 (custom)
    Affected: 11.2.0 , < 11.2.13 (custom)
    Affected: 11.1.0 , < 11.1.16 (custom)
    Affected: 10.2.0 , < 10.2.18-h8 (custom)
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.12:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h13:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.15:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.14:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h26:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h25:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h32:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h29:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h25:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h23:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h22:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h20:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h19:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h33:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h32:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h27:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h25:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h13:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h16:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h36:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h31:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h30:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h27:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h26:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h23:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h13:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h34:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h32:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h24:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h23:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h22:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h20:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h19:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h16:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h13:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Palo Alto Networks Panorama Unaffected: All (custom)
    Create a notification for this product.
    Palo Alto Networks Prisma Access Affected: 11.2.0 , < 11.2.7-h18 (custom)
    Affected: 10.2.0 , < 10.2.10-h39 (custom)
    Create a notification for this product.
    Date Public
    2026-07-08 16:00
    Credits
    Curious of TRAPA Security
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0280",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T19:23:50.545835Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T19:23:56.125Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Cloud NGFW",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h13:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h26:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h25:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h32:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h29:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h25:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h23:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h22:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h20:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h19:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h33:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h32:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h27:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h25:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h13:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h16:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h36:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h31:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h30:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h27:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h26:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h23:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h13:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h34:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h32:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h24:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h23:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h22:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h20:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h19:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h16:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h13:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "PAN-OS",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "12.1.8",
                      "status": "unaffected"
                    },
                    {
                      "at": "12.1.7-h2",
                      "status": "unaffected"
                    },
                    {
                      "at": "12.1.4-h8",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "12.1.8",
                  "status": "affected",
                  "version": "12.1.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "11.2.13",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.2.10-h11",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.2.7-h18",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.2.4-h20",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "11.2.13",
                  "status": "affected",
                  "version": "11.2.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "11.1.16",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.13-h9",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.10-h30",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.7-h8",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.6-h35",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.4-h35",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "11.1.16",
                  "status": "affected",
                  "version": "11.1.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "10.2.18-h8",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.16-h9",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.13-h23",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.10-h39",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.7-h36",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "10.2.18-h8",
                  "status": "affected",
                  "version": "10.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Panorama",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Prisma Access",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "11.2.7-h18",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "11.2.7-h18",
                  "status": "affected",
                  "version": "11.2.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "10.2.10-h39",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "10.2.10-h39",
                  "status": "affected",
                  "version": "10.2.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "configurations": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "This issue applies to PAN-OS firewalls with IPv6 enabled on one or more interfaces.\u003cbr\u003e\u003cbr\u003eYou can verify IPv6 is enabled by checking:\u003cbr\u003e\u2003Network -\u0026gt; Interfaces -\u0026gt; [Interface with Layer3 type] -\u0026gt; IPv6 \u0026gt; Enable IPv6 on the interface"
                }
              ],
              "value": "This issue applies to PAN-OS firewalls with IPv6 enabled on one or more interfaces.\n\nYou can verify IPv6 is enabled by checking:\n\u2003Network -\u003e Interfaces -\u003e [Interface with Layer3 type] -\u003e IPv6 \u003e Enable IPv6 on the interface"
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "12.1.8",
                      "versionStartIncluding": "12.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "12.1.7-h2",
                      "versionStartIncluding": "12.1.7",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "12.1.4-h8",
                      "versionStartIncluding": "12.1.4",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.2.13",
                      "versionStartIncluding": "11.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.2.10-h11",
                      "versionStartIncluding": "11.2.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.2.7-h18",
                      "versionStartIncluding": "11.2.7",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.2.4-h20",
                      "versionStartIncluding": "11.2.4",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.16",
                      "versionStartIncluding": "11.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.13-h9",
                      "versionStartIncluding": "11.1.13",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.10-h30",
                      "versionStartIncluding": "11.1.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.7-h8",
                      "versionStartIncluding": "11.1.7",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.6-h35",
                      "versionStartIncluding": "11.1.6",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.4-h35",
                      "versionStartIncluding": "11.1.4",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.18-h8",
                      "versionStartIncluding": "10.2.18",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.16-h9",
                      "versionStartIncluding": "10.2.16",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.13-h23",
                      "versionStartIncluding": "10.2.13",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.10-h39",
                      "versionStartIncluding": "10.2.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.7-h36",
                      "versionStartIncluding": "10.2.7",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:prisma_access:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.2.7-h18",
                      "versionStartIncluding": "11.2.7",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:prisma_access:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.10-h39",
                      "versionStartIncluding": "10.2.10",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Curious of TRAPA Security"
            }
          ],
          "datePublic": "2026-07-08T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An IPv6 packet processing vulnerability in the dataplane of Palo Alto Networks PAN-OS\u00ae software enables an unauthenticated attacker to bypass firewall security policy enforcement, allowing network traffic that should be blocked to reach protected services.\u003cbr\u003e\u003cbr\u003eCloud NGFW and Panorama are not impacted by this vulnerability."
                }
              ],
              "value": "An IPv6 packet processing vulnerability in the dataplane of Palo Alto Networks PAN-OS\u00ae software enables an unauthenticated attacker to bypass firewall security policy enforcement, allowing network traffic that should be blocked to reach protected services.\n\nCloud NGFW and Panorama are not impacted by this vulnerability."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
                }
              ],
              "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-153",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-153 Input Data Manipulation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 1.7,
                "baseSeverity": "LOW",
                "exploitMaturity": "UNREPORTED",
                "privilegesRequired": "NONE",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "LOW",
                "userInteraction": "NONE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/AU:Y/V:D/RE:M/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-131",
                  "description": "CWE-131 Incorrect Calculation of Buffer Size",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T19:05:24.367Z",
            "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
            "shortName": "palo_alto"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.paloaltonetworks.com/CVE-2026-0280"
            }
          ],
          "solutions": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003ctable\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eVersion\u003cbr\u003e\u003c/th\u003e\u003cth\u003eMinor Version\u003cbr\u003e\u003c/th\u003e\u003cth\u003eSuggested Solution\u003cbr\u003e\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eCloud NGFW\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003ePAN-OS 12.1\u003cbr\u003e\u003c/td\u003e\n                                \u003ctd\u003e12.1.5 through 12.1.7\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 12.1.7-h2 or 12.1.8 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e12.1.2 through 12.1.4\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 12.1.4-h8 or 12.1.8 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003ePAN-OS 11.2\u003cbr\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.2.11 through 11.2.12\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.2.13 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.2.8 through 11.2.10\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.2.10-h11 or 11.2.13 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.2.5 through 11.2.7\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.2.7-h18 or 11.2.13 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.2.0 through 11.2.4\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.2.4-h20 or 11.2.13 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003ePAN-OS 11.1\u003cbr\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.1.14 through 11.1.15\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.1.16 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.1.11 through 11.1.13\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.1.13-h9 or 11.1.16 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.1.8 through 11.1.10\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.1.10-h30 or 11.1.16 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.1.7 through 11.1.7\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.1.7-h8 or 11.1.16 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.1.5 through 11.1.6\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.1.6-h35 or 11.1.16 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.1.0 through 11.1.4\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.1.4-h35 or 11.1.16 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003ePAN-OS 10.2\u003cbr\u003e\u003c/td\u003e\n                                \u003ctd\u003e10.2.17 through 10.2.18\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 10.2.18-h8 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e10.2.14 through 10.2.16\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 10.2.16-h9 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e10.2.11 through 10.2.13\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 10.2.13-h23 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e10.2.8 through 10.2.10\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 10.2.10-h39 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e10.2.0 through 10.2.7\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 10.2.7-h36 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eAll older\u003cbr\u003eunsupported\u003cbr\u003ePAN-OS versions\u003c/td\u003e\u003ctd\u003e\u0026nbsp;\u003c/td\u003e\u003ctd\u003eUpgrade to a supported fixed version.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePrisma Access 11.2\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.2.0 through 11.2.7\u003c/td\u003e\u003ctd\u003eUpgrade to 11.2.7-h18 or later.*\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePrisma Access 10.2\u003c/td\u003e\u003ctd\u003e10.2.0 through 10.2.10\u003c/td\u003e\u003ctd\u003eUpgrade to 10.2.10-h39 or later.*\u003cbr\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cbr\u003e* See the note under Product Status for information regarding Prisma Access upgrades."
                }
              ],
              "value": "Version\nMinor Version\nSuggested Solution\nCloud NGFW\nNo action needed.\n                                PAN-OS 12.1\n\n                                12.1.5 through 12.1.7-h*\n                                Upgrade to 12.1.7-h2 or 12.1.8 or later.\n                            \n                                \n                                12.1.2 through 12.1.4-h*\n                                Upgrade to 12.1.4-h8 or 12.1.8 or later.\n                            \n                                PAN-OS 11.2\n\n                                11.2.11 through 11.2.12\n                                Upgrade to 11.2.13 or later.\n                            \n                                \n                                11.2.8 through 11.2.10-h*\n                                Upgrade to 11.2.10-h11 or 11.2.13 or later.\n                            \n                                \n                                11.2.5 through 11.2.7-h*\n                                Upgrade to 11.2.7-h18 or 11.2.13 or later.\n                            \n                                \n                                11.2.0 through 11.2.4-h*\n                                Upgrade to 11.2.4-h20 or 11.2.13 or later.\n                            \n                                PAN-OS 11.1\n\n                                11.1.14 through 11.1.15\n                                Upgrade to 11.1.16 or later.\n                            \n                                \n                                11.1.11 through 11.1.13-h*\n                                Upgrade to 11.1.13-h9 or 11.1.16 or later.\n                            \n                                \n                                11.1.8 through 11.1.10-h*\n                                Upgrade to 11.1.10-h30 or 11.1.16 or later.\n                            \n                                \n                                11.1.7 through 11.1.7-h*\n                                Upgrade to 11.1.7-h8 or 11.1.16 or later.\n                            \n                                \n                                11.1.5 through 11.1.6-h*\n                                Upgrade to 11.1.6-h35 or 11.1.16 or later.\n                            \n                                \n                                11.1.0 through 11.1.4-h*\n                                Upgrade to 11.1.4-h35 or 11.1.16 or later.\n                            \n                                PAN-OS 10.2\n\n                                10.2.17 through 10.2.18-h*\n                                Upgrade to 10.2.18-h8 or later.\n                            \n                                \n                                10.2.14 through 10.2.16-h*\n                                Upgrade to 10.2.16-h9 or later.\n                            \n                                \n                                10.2.11 through 10.2.13-h*\n                                Upgrade to 10.2.13-h23 or later.\n                            \n                                \n                                10.2.8 through 10.2.10-h*\n                                Upgrade to 10.2.10-h39 or later.\n                            \n                                \n                                10.2.0 through 10.2.7-h*\n                                Upgrade to 10.2.7-h36 or later.\n                            All older\nunsupported\nPAN-OS versions\u00a0Upgrade to a supported fixed version.Prisma Access 11.2\n11.2.0 through 11.2.7Upgrade to 11.2.7-h18 or later.*Prisma Access 10.210.2.0 through 10.2.10Upgrade to 10.2.10-h39 or later.*\n\n* See the note under Product Status for information regarding Prisma Access upgrades."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-08T16:00:00.000Z",
              "value": "Initial Publication"
            }
          ],
          "title": "PAN-OS: IPv6 Firewall Policy Bypass",
          "workarounds": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eThe only way to completely address this vulnerability is to upgrade to a fixed version. However, if operationally feasible for your environment, risk can be mitigated by enabling the default \"Non SYN TCP Reject\" setting via the following command:\u2003\u003c/p\u003e\u2003set deviceconfig setting session tcp-reject-non-syn yes"
                }
              ],
              "value": "The only way to completely address this vulnerability is to upgrade to a fixed version. However, if operationally feasible for your environment, risk can be mitigated by enabling the default \"Non SYN TCP Reject\" setting via the following command:\u2003\n\n\u2003set deviceconfig setting session tcp-reject-non-syn yes"
            }
          ],
          "x_affectedList": [
            "PAN-OS 12.1.7",
            "PAN-OS 12.1.6",
            "PAN-OS 12.1.5",
            "PAN-OS 12.1.4-h6",
            "PAN-OS 12.1.4-h5",
            "PAN-OS 12.1.4-h3",
            "PAN-OS 12.1.4-h2",
            "PAN-OS 12.1.4",
            "PAN-OS 12.1.3-h3",
            "PAN-OS 12.1.3-h1",
            "PAN-OS 12.1.3",
            "PAN-OS 12.1.2",
            "PAN-OS 11.2.12",
            "PAN-OS 11.2.11",
            "PAN-OS 11.2.10-h8",
            "PAN-OS 11.2.10-h7",
            "PAN-OS 11.2.10-h6",
            "PAN-OS 11.2.10-h5",
            "PAN-OS 11.2.10-h4",
            "PAN-OS 11.2.10-h3",
            "PAN-OS 11.2.10-h2",
            "PAN-OS 11.2.10-h1",
            "PAN-OS 11.2.10",
            "PAN-OS 11.2.9",
            "PAN-OS 11.2.8",
            "PAN-OS 11.2.7-h15",
            "PAN-OS 11.2.7-h14",
            "PAN-OS 11.2.7-h13",
            "PAN-OS 11.2.7-h12",
            "PAN-OS 11.2.7-h11",
            "PAN-OS 11.2.7-h10",
            "PAN-OS 11.2.7-h8",
            "PAN-OS 11.2.7-h7",
            "PAN-OS 11.2.7-h4",
            "PAN-OS 11.2.7-h3",
            "PAN-OS 11.2.7-h2",
            "PAN-OS 11.2.7-h1",
            "PAN-OS 11.2.7",
            "PAN-OS 11.2.6",
            "PAN-OS 11.2.5",
            "PAN-OS 11.2.4-h17",
            "PAN-OS 11.2.4-h15",
            "PAN-OS 11.2.4-h14",
            "PAN-OS 11.2.4-h12",
            "PAN-OS 11.2.4-h11",
            "PAN-OS 11.2.4-h10",
            "PAN-OS 11.2.4-h9",
            "PAN-OS 11.2.4-h8",
            "PAN-OS 11.2.4-h7",
            "PAN-OS 11.2.4-h6",
            "PAN-OS 11.2.4-h5",
            "PAN-OS 11.2.4-h4",
            "PAN-OS 11.2.4-h3",
            "PAN-OS 11.2.4-h2",
            "PAN-OS 11.2.4-h1",
            "PAN-OS 11.2.4",
            "PAN-OS 11.2.3-h5",
            "PAN-OS 11.2.3-h4",
            "PAN-OS 11.2.3-h3",
            "PAN-OS 11.2.3-h2",
            "PAN-OS 11.2.3-h1",
            "PAN-OS 11.2.3",
            "PAN-OS 11.2.2-h2",
            "PAN-OS 11.2.2-h1",
            "PAN-OS 11.2.1-h1",
            "PAN-OS 11.2.1",
            "PAN-OS 11.2.0-h1",
            "PAN-OS 11.2.0",
            "PAN-OS 11.1.15",
            "PAN-OS 11.1.14",
            "PAN-OS 11.1.13-h6",
            "PAN-OS 11.1.13-h5",
            "PAN-OS 11.1.13-h3",
            "PAN-OS 11.1.13-h2",
            "PAN-OS 11.1.13-h1",
            "PAN-OS 11.1.13",
            "PAN-OS 11.1.12",
            "PAN-OS 11.1.11",
            "PAN-OS 11.1.10-h26",
            "PAN-OS 11.1.10-h25",
            "PAN-OS 11.1.10-h21",
            "PAN-OS 11.1.10-h12",
            "PAN-OS 11.1.10-h10",
            "PAN-OS 11.1.10-h9",
            "PAN-OS 11.1.10-h7",
            "PAN-OS 11.1.10-h5",
            "PAN-OS 11.1.10-h4",
            "PAN-OS 11.1.10-h1",
            "PAN-OS 11.1.10",
            "PAN-OS 11.1.9",
            "PAN-OS 11.1.8",
            "PAN-OS 11.1.6-h32",
            "PAN-OS 11.1.6-h29",
            "PAN-OS 11.1.6-h25",
            "PAN-OS 11.1.6-h23",
            "PAN-OS 11.1.6-h22",
            "PAN-OS 11.1.6-h21",
            "PAN-OS 11.1.6-h20",
            "PAN-OS 11.1.6-h19",
            "PAN-OS 11.1.6-h18",
            "PAN-OS 11.1.6-h17",
            "PAN-OS 11.1.6-h14",
            "PAN-OS 11.1.6-h10",
            "PAN-OS 11.1.6-h7",
            "PAN-OS 11.1.6-h6",
            "PAN-OS 11.1.6-h4",
            "PAN-OS 11.1.6-h3",
            "PAN-OS 11.1.6-h2",
            "PAN-OS 11.1.6-h1",
            "PAN-OS 11.1.6",
            "PAN-OS 11.1.5-h1",
            "PAN-OS 11.1.5",
            "PAN-OS 11.1.4-h33",
            "PAN-OS 11.1.4-h32",
            "PAN-OS 11.1.4-h27",
            "PAN-OS 11.1.4-h25",
            "PAN-OS 11.1.4-h18",
            "PAN-OS 11.1.4-h17",
            "PAN-OS 11.1.4-h15",
            "PAN-OS 11.1.4-h13",
            "PAN-OS 11.1.4-h12",
            "PAN-OS 11.1.4-h11",
            "PAN-OS 11.1.4-h10",
            "PAN-OS 11.1.4-h9",
            "PAN-OS 11.1.4-h8",
            "PAN-OS 11.1.4-h7",
            "PAN-OS 11.1.4-h6",
            "PAN-OS 11.1.4-h5",
            "PAN-OS 11.1.4-h4",
            "PAN-OS 11.1.4-h3",
            "PAN-OS 11.1.4-h2",
            "PAN-OS 11.1.4-h1",
            "PAN-OS 11.1.4",
            "PAN-OS 11.1.3-h13",
            "PAN-OS 11.1.3-h12",
            "PAN-OS 11.1.3-h11",
            "PAN-OS 11.1.3-h10",
            "PAN-OS 11.1.3-h9",
            "PAN-OS 11.1.3-h8",
            "PAN-OS 11.1.3-h7",
            "PAN-OS 11.1.3-h6",
            "PAN-OS 11.1.3-h5",
            "PAN-OS 11.1.3-h4",
            "PAN-OS 11.1.3-h3",
            "PAN-OS 11.1.3-h2",
            "PAN-OS 11.1.3-h1",
            "PAN-OS 11.1.3",
            "PAN-OS 11.1.2-h18",
            "PAN-OS 11.1.2-h17",
            "PAN-OS 11.1.2-h16",
            "PAN-OS 11.1.2-h15",
            "PAN-OS 11.1.2-h14",
            "PAN-OS 11.1.2-h13",
            "PAN-OS 11.1.2-h12",
            "PAN-OS 11.1.2-h11",
            "PAN-OS 11.1.2-h10",
            "PAN-OS 11.1.2-h9",
            "PAN-OS 11.1.2-h8",
            "PAN-OS 11.1.2-h7",
            "PAN-OS 11.1.2-h6",
            "PAN-OS 11.1.2-h5",
            "PAN-OS 11.1.2-h4",
            "PAN-OS 11.1.2-h3",
            "PAN-OS 11.1.2-h2",
            "PAN-OS 11.1.2-h1",
            "PAN-OS 11.1.2",
            "PAN-OS 11.1.1-h2",
            "PAN-OS 11.1.1-h1",
            "PAN-OS 11.1.1",
            "PAN-OS 11.1.0-h4",
            "PAN-OS 11.1.0-h3",
            "PAN-OS 11.1.0-h2",
            "PAN-OS 11.1.0-h1",
            "PAN-OS 11.1.0",
            "PAN-OS 10.2.18-h6",
            "PAN-OS 10.2.18-h5",
            "PAN-OS 10.2.18-h1",
            "PAN-OS 10.2.18",
            "PAN-OS 10.2.17",
            "PAN-OS 10.2.16-h7",
            "PAN-OS 10.2.16-h6",
            "PAN-OS 10.2.16-h4",
            "PAN-OS 10.2.16-h1",
            "PAN-OS 10.2.16",
            "PAN-OS 10.2.15",
            "PAN-OS 10.2.14-h1",
            "PAN-OS 10.2.14",
            "PAN-OS 10.2.13-h21",
            "PAN-OS 10.2.13-h18",
            "PAN-OS 10.2.13-h16",
            "PAN-OS 10.2.13-h15",
            "PAN-OS 10.2.13-h10",
            "PAN-OS 10.2.13-h7",
            "PAN-OS 10.2.13-h5",
            "PAN-OS 10.2.13-h4",
            "PAN-OS 10.2.13-h3",
            "PAN-OS 10.2.13-h2",
            "PAN-OS 10.2.13-h1",
            "PAN-OS 10.2.13",
            "PAN-OS 10.2.12-h6",
            "PAN-OS 10.2.12-h5",
            "PAN-OS 10.2.12-h4",
            "PAN-OS 10.2.12-h3",
            "PAN-OS 10.2.12-h2",
            "PAN-OS 10.2.12-h1",
            "PAN-OS 10.2.12",
            "PAN-OS 10.2.11-h13",
            "PAN-OS 10.2.11-h12",
            "PAN-OS 10.2.11-h11",
            "PAN-OS 10.2.11-h10",
            "PAN-OS 10.2.11-h9",
            "PAN-OS 10.2.11-h8",
            "PAN-OS 10.2.11-h7",
            "PAN-OS 10.2.11-h6",
            "PAN-OS 10.2.11-h5",
            "PAN-OS 10.2.11-h4",
            "PAN-OS 10.2.11-h3",
            "PAN-OS 10.2.11-h2",
            "PAN-OS 10.2.11-h1",
            "PAN-OS 10.2.11",
            "PAN-OS 10.2.10-h36",
            "PAN-OS 10.2.10-h31",
            "PAN-OS 10.2.10-h30",
            "PAN-OS 10.2.10-h27",
            "PAN-OS 10.2.10-h26",
            "PAN-OS 10.2.10-h23",
            "PAN-OS 10.2.10-h21",
            "PAN-OS 10.2.10-h18",
            "PAN-OS 10.2.10-h17",
            "PAN-OS 10.2.10-h14",
            "PAN-OS 10.2.10-h13",
            "PAN-OS 10.2.10-h12",
            "PAN-OS 10.2.10-h11",
            "PAN-OS 10.2.10-h10",
            "PAN-OS 10.2.10-h9",
            "PAN-OS 10.2.10-h8",
            "PAN-OS 10.2.10-h7",
            "PAN-OS 10.2.10-h6",
            "PAN-OS 10.2.10-h5",
            "PAN-OS 10.2.10-h4",
            "PAN-OS 10.2.10-h3",
            "PAN-OS 10.2.10-h2",
            "PAN-OS 10.2.10-h1",
            "PAN-OS 10.2.10",
            "PAN-OS 10.2.9-h21",
            "PAN-OS 10.2.9-h20",
            "PAN-OS 10.2.9-h19",
            "PAN-OS 10.2.9-h18",
            "PAN-OS 10.2.9-h17",
            "PAN-OS 10.2.9-h16",
            "PAN-OS 10.2.9-h15",
            "PAN-OS 10.2.9-h14",
            "PAN-OS 10.2.9-h13",
            "PAN-OS 10.2.9-h12",
            "PAN-OS 10.2.9-h11",
            "PAN-OS 10.2.9-h10",
            "PAN-OS 10.2.9-h9",
            "PAN-OS 10.2.9-h8",
            "PAN-OS 10.2.9-h7",
            "PAN-OS 10.2.9-h6",
            "PAN-OS 10.2.9-h5",
            "PAN-OS 10.2.9-h4",
            "PAN-OS 10.2.9-h3",
            "PAN-OS 10.2.9-h2",
            "PAN-OS 10.2.9-h1",
            "PAN-OS 10.2.9",
            "PAN-OS 10.2.8-h21",
            "PAN-OS 10.2.8-h20",
            "PAN-OS 10.2.8-h19",
            "PAN-OS 10.2.8-h18",
            "PAN-OS 10.2.8-h17",
            "PAN-OS 10.2.8-h16",
            "PAN-OS 10.2.8-h15",
            "PAN-OS 10.2.8-h14",
            "PAN-OS 10.2.8-h13",
            "PAN-OS 10.2.8-h12",
            "PAN-OS 10.2.8-h11",
            "PAN-OS 10.2.8-h10",
            "PAN-OS 10.2.8-h9",
            "PAN-OS 10.2.8-h8",
            "PAN-OS 10.2.8-h7",
            "PAN-OS 10.2.8-h6",
            "PAN-OS 10.2.8-h5",
            "PAN-OS 10.2.8-h4",
            "PAN-OS 10.2.8-h3",
            "PAN-OS 10.2.8-h2",
            "PAN-OS 10.2.8-h1",
            "PAN-OS 10.2.8",
            "PAN-OS 10.2.7-h34",
            "PAN-OS 10.2.7-h32",
            "PAN-OS 10.2.7-h24",
            "PAN-OS 10.2.7-h23",
            "PAN-OS 10.2.7-h22",
            "PAN-OS 10.2.7-h21",
            "PAN-OS 10.2.7-h20",
            "PAN-OS 10.2.7-h19",
            "PAN-OS 10.2.7-h18",
            "PAN-OS 10.2.7-h17",
            "PAN-OS 10.2.7-h16",
            "PAN-OS 10.2.7-h15",
            "PAN-OS 10.2.7-h14",
            "PAN-OS 10.2.7-h13",
            "PAN-OS 10.2.7-h12",
            "PAN-OS 10.2.7-h11",
            "PAN-OS 10.2.7-h10",
            "PAN-OS 10.2.7-h9",
            "PAN-OS 10.2.7-h8",
            "PAN-OS 10.2.7-h7",
            "PAN-OS 10.2.7-h6",
            "PAN-OS 10.2.7-h5",
            "PAN-OS 10.2.7-h4",
            "PAN-OS 10.2.7-h3",
            "PAN-OS 10.2.7-h2",
            "PAN-OS 10.2.7-h1",
            "PAN-OS 10.2.7",
            "PAN-OS 10.2.6-h6",
            "PAN-OS 10.2.6-h5",
            "PAN-OS 10.2.6-h4",
            "PAN-OS 10.2.6-h3",
            "PAN-OS 10.2.6-h2",
            "PAN-OS 10.2.6-h1",
            "PAN-OS 10.2.6",
            "PAN-OS 10.2.5-h9",
            "PAN-OS 10.2.5-h8",
            "PAN-OS 10.2.5-h7",
            "PAN-OS 10.2.5-h6",
            "PAN-OS 10.2.5-h5",
            "PAN-OS 10.2.5-h4",
            "PAN-OS 10.2.5-h3",
            "PAN-OS 10.2.5-h2",
            "PAN-OS 10.2.5-h1",
            "PAN-OS 10.2.5",
            "PAN-OS 10.2.4-h32",
            "PAN-OS 10.2.4-h31",
            "PAN-OS 10.2.4-h30",
            "PAN-OS 10.2.4-h29",
            "PAN-OS 10.2.4-h28",
            "PAN-OS 10.2.4-h27",
            "PAN-OS 10.2.4-h26",
            "PAN-OS 10.2.4-h25",
            "PAN-OS 10.2.4-h24",
            "PAN-OS 10.2.4-h23",
            "PAN-OS 10.2.4-h22",
            "PAN-OS 10.2.4-h21",
            "PAN-OS 10.2.4-h20",
            "PAN-OS 10.2.4-h19",
            "PAN-OS 10.2.4-h18",
            "PAN-OS 10.2.4-h17",
            "PAN-OS 10.2.4-h16",
            "PAN-OS 10.2.4-h15",
            "PAN-OS 10.2.4-h14",
            "PAN-OS 10.2.4-h13",
            "PAN-OS 10.2.4-h12",
            "PAN-OS 10.2.4-h11",
            "PAN-OS 10.2.4-h10",
            "PAN-OS 10.2.4-h9",
            "PAN-OS 10.2.4-h8",
            "PAN-OS 10.2.4-h7",
            "PAN-OS 10.2.4-h6",
            "PAN-OS 10.2.4-h5",
            "PAN-OS 10.2.4-h4",
            "PAN-OS 10.2.4-h3",
            "PAN-OS 10.2.4-h2",
            "PAN-OS 10.2.4-h1",
            "PAN-OS 10.2.4",
            "PAN-OS 10.2.3-h14",
            "PAN-OS 10.2.3-h13",
            "PAN-OS 10.2.3-h12",
            "PAN-OS 10.2.3-h11",
            "PAN-OS 10.2.3-h10",
            "PAN-OS 10.2.3-h9",
            "PAN-OS 10.2.3-h8",
            "PAN-OS 10.2.3-h7",
            "PAN-OS 10.2.3-h6",
            "PAN-OS 10.2.3-h5",
            "PAN-OS 10.2.3-h4",
            "PAN-OS 10.2.3-h3",
            "PAN-OS 10.2.3-h2",
            "PAN-OS 10.2.3-h1",
            "PAN-OS 10.2.3",
            "PAN-OS 10.2.2-h6",
            "PAN-OS 10.2.2-h5",
            "PAN-OS 10.2.2-h4",
            "PAN-OS 10.2.2-h3",
            "PAN-OS 10.2.2-h2",
            "PAN-OS 10.2.2-h1",
            "PAN-OS 10.2.2",
            "PAN-OS 10.2.1-h3",
            "PAN-OS 10.2.1-h2",
            "PAN-OS 10.2.1-h1",
            "PAN-OS 10.2.1",
            "PAN-OS 10.2.0-h4",
            "PAN-OS 10.2.0-h3",
            "PAN-OS 10.2.0-h2",
            "PAN-OS 10.2.0-h1",
            "PAN-OS 10.2.0"
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "assignerShortName": "palo_alto",
        "cveId": "CVE-2026-0280",
        "datePublished": "2026-07-09T19:05:24.367Z",
        "dateReserved": "2025-11-03T20:44:39.119Z",
        "dateUpdated": "2026-07-09T19:23:56.125Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0281 (GCVE-0-2026-0281)

    Vulnerability from cvelistv5 – Published: 2026-07-09 19:03 – Updated: 2026-07-09 19:24
    VLAI
    Title
    PAN-OS: Information Disclosure Vulnerability in Management Web Interface
    Summary
    An information disclosure vulnerability in Palo Alto Networks PAN-OS® software enables an unauthenticated attacker with network access to the management web interface to obtain web session tokens. This requires a legitimate user to first click on a malicious link provided by the attacker. The security risk posed by this issue is minimized by restricting access to the management web interface to only trusted internal IP addresses according to our recommended best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . This issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series). Cloud NGFW and Prisma® Access are not impacted by this vulnerability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-524 - Use of Cache Containing Sensitive Information
    Assigner
    References
    Impacted products
    Vendor Product Version
    Palo Alto Networks Cloud NGFW Unaffected: All (custom)
    Create a notification for this product.
    Palo Alto Networks PAN-OS Affected: 12.1.0 , < 12.1.8 (custom)
    Affected: 11.2.0 , < 11.2.13 (custom)
    Affected: 11.1.0 , < 11.1.16 (custom)
    Affected: 10.2.0 , < 10.2.18-h8 (custom)
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.12:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.15:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.14:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Palo Alto Networks Prisma Access Unaffected: All (custom)
    Create a notification for this product.
    Date Public
    2026-07-08 16:00
    Credits
    our internal security research teams
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0281",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T19:24:10.424243Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T19:24:18.136Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Cloud NGFW",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "PAN-OS",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "12.1.8",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "12.1.8",
                  "status": "affected",
                  "version": "12.1.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "11.2.13",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "11.2.13",
                  "status": "affected",
                  "version": "11.2.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "11.1.16",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "11.1.16",
                  "status": "affected",
                  "version": "11.1.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "10.2.18-h8",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.16-h9",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.13-h23",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.10-h39",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.7-h36",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "10.2.18-h8",
                  "status": "affected",
                  "version": "10.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Prisma Access",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "configurations": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "No special configuration is required to be affected by this issue."
                }
              ],
              "value": "No special configuration is required to be affected by this issue."
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "12.1.8",
                      "versionStartIncluding": "12.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.2.13",
                      "versionStartIncluding": "11.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.16",
                      "versionStartIncluding": "11.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionStartIncluding": "10.2.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "our internal security research teams"
            }
          ],
          "datePublic": "2026-07-08T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An information disclosure vulnerability in Palo Alto Networks PAN-OS\u00ae software enables an unauthenticated attacker with network access to the management web interface to obtain web session tokens. This requires a legitimate user to first click on a malicious link provided by the attacker.\u003cbr\u003e\u003cbr\u003eThe security risk posed by this issue is minimized by restricting access to the management web interface to only trusted internal IP addresses according to our recommended \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"\u003ebest practice deployment guidelines\u003c/a\u003e.\u003cbr\u003e\u003cbr\u003eThis issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series).\u003cbr\u003e\u003cbr\u003eCloud NGFW and Prisma\u00ae Access are not impacted by this vulnerability."
                }
              ],
              "value": "An information disclosure vulnerability in Palo Alto Networks PAN-OS\u00ae software enables an unauthenticated attacker with network access to the management web interface to obtain web session tokens. This requires a legitimate user to first click on a malicious link provided by the attacker.\n\nThe security risk posed by this issue is minimized by restricting access to the management web interface to only trusted internal IP addresses according to our recommended  best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .\n\nThis issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series).\n\nCloud NGFW and Prisma\u00ae Access are not impacted by this vulnerability."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
                }
              ],
              "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-141",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-141 Cache Poisoning"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NO",
                "Recovery": "AUTOMATIC",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 2.1,
                "baseSeverity": "LOW",
                "exploitMaturity": "UNREPORTED",
                "privilegesRequired": "NONE",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/AU:N/R:A/V:D/RE:M/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "The risk is highest when you allow access to the management interface from external IP addresses on the internet."
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NO",
                "Recovery": "AUTOMATIC",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 1.7,
                "baseSeverity": "LOW",
                "exploitMaturity": "UNREPORTED",
                "privilegesRequired": "NONE",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/AU:N/R:A/V:D/RE:M/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "You can reduce the risk of exploitation by restricting access to a jump box that is the only system allowed to access the management interface."
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-524",
                  "description": "CWE-524 Use of Cache Containing Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T19:03:44.381Z",
            "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
            "shortName": "palo_alto"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.paloaltonetworks.com/CVE-2026-0281"
            }
          ],
          "solutions": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003ctable\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eVersion\u003c/th\u003e\u003cth\u003eMinor Version Range\u003c/th\u003e\u003cth\u003eSuggested Solution\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eCloud NGFW\u003c/td\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 12.1\u003c/td\u003e\u003ctd\u003e12.1.2 through 12.1.7-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 12.1.8 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 11.2\u003c/td\u003e\u003ctd\u003e11.2.0 through 11.2.12\u003c/td\u003e\u003ctd\u003eUpgrade to 11.2.13 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 11.1\u003c/td\u003e\u003ctd\u003e11.1.0 through 11.1.15-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.16 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 10.2\u003c/td\u003e\u003ctd\u003e10.2.0 through 10.2*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.16, 11.2.13, 12.1.8 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eAll older\u003cbr\u003eunsupported\u003cbr\u003ePAN-OS versions\u003c/td\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003eUpgrade to a supported fixed version.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePrisma Access\u003c/td\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e"
                }
              ],
              "value": "VersionMinor Version RangeSuggested SolutionCloud NGFW\nNo action needed.PAN-OS 12.112.1.2 through 12.1.7-h*Upgrade to 12.1.8 or later.PAN-OS 11.211.2.0 through 11.2.12Upgrade to 11.2.13 or later.PAN-OS 11.111.1.0 through 11.1.15-h*Upgrade to 11.1.16 or later.PAN-OS 10.210.2.0 through 10.2*Upgrade to 11.1.16, 11.2.13, 12.1.8 or later.All older\nunsupported\nPAN-OS versions\nUpgrade to a supported fixed version.Prisma Access\nNo action needed."
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-08T16:00:00.000Z",
              "value": "Initial publication."
            }
          ],
          "title": "PAN-OS: Information Disclosure Vulnerability in Management Web Interface",
          "workarounds": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The vast majority of firewalls already follow Palo Alto Networks\u0027 and industry best practices. However, if you have not already, we strongly recommend that you secure access to your management interface according to our \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"\u003ebest practice deployment guidelines\u003c/a\u003e. Specifically, you should restrict management interface access to only trusted internal IP addresses.\u003cbr\u003e\u003cbr\u003eReview information about how to secure management access to your Palo Alto Networks firewalls:\u003cul\u003e\u003cli\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"\u003ePalo Alto Networks LIVEcommunity article\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices\"\u003ePalo Alto Networks official and detailed technical documentation\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e"
                }
              ],
              "value": "The vast majority of firewalls already follow Palo Alto Networks\u0027 and industry best practices. However, if you have not already, we strongly recommend that you secure access to your management interface according to our best practice deployment guidelines (https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431). Specifically, you should restrict management interface access to only trusted internal IP addresses.\n\nReview information about how to secure management access to your Palo Alto Networks firewalls:\n * Palo Alto Networks LIVEcommunity article (https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431)\n * Palo Alto Networks official and detailed technical documentation (https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices)"
            }
          ],
          "x_affectedList": [
            "PAN-OS 12.1.7",
            "PAN-OS 12.1.6",
            "PAN-OS 12.1.5",
            "PAN-OS 12.1.4-h6",
            "PAN-OS 12.1.4-h5",
            "PAN-OS 12.1.4-h3",
            "PAN-OS 12.1.4-h2",
            "PAN-OS 12.1.4",
            "PAN-OS 12.1.3-h3",
            "PAN-OS 12.1.3-h1",
            "PAN-OS 12.1.3",
            "PAN-OS 12.1.2",
            "PAN-OS 11.2.12",
            "PAN-OS 11.2.11",
            "PAN-OS 11.2.10-h8",
            "PAN-OS 11.2.10-h7",
            "PAN-OS 11.2.10-h6",
            "PAN-OS 11.2.10-h5",
            "PAN-OS 11.2.10-h4",
            "PAN-OS 11.2.10-h3",
            "PAN-OS 11.2.10-h2",
            "PAN-OS 11.2.10-h1",
            "PAN-OS 11.2.10",
            "PAN-OS 11.2.9",
            "PAN-OS 11.2.8",
            "PAN-OS 11.2.7-h15",
            "PAN-OS 11.2.7-h14",
            "PAN-OS 11.2.7-h13",
            "PAN-OS 11.2.7-h12",
            "PAN-OS 11.2.7-h11",
            "PAN-OS 11.2.7-h10",
            "PAN-OS 11.2.7-h8",
            "PAN-OS 11.2.7-h7",
            "PAN-OS 11.2.7-h4",
            "PAN-OS 11.2.7-h3",
            "PAN-OS 11.2.7-h2",
            "PAN-OS 11.2.7-h1",
            "PAN-OS 11.2.7",
            "PAN-OS 11.2.6",
            "PAN-OS 11.2.5",
            "PAN-OS 11.2.4-h17",
            "PAN-OS 11.2.4-h15",
            "PAN-OS 11.2.4-h14",
            "PAN-OS 11.2.4-h12",
            "PAN-OS 11.2.4-h11",
            "PAN-OS 11.2.4-h10",
            "PAN-OS 11.2.4-h9",
            "PAN-OS 11.2.4-h8",
            "PAN-OS 11.2.4-h7",
            "PAN-OS 11.2.4-h6",
            "PAN-OS 11.2.4-h5",
            "PAN-OS 11.2.4-h4",
            "PAN-OS 11.2.4-h3",
            "PAN-OS 11.2.4-h2",
            "PAN-OS 11.2.4-h1",
            "PAN-OS 11.2.4",
            "PAN-OS 11.2.3-h5",
            "PAN-OS 11.2.3-h4",
            "PAN-OS 11.2.3-h3",
            "PAN-OS 11.2.3-h2",
            "PAN-OS 11.2.3-h1",
            "PAN-OS 11.2.3",
            "PAN-OS 11.2.2-h2",
            "PAN-OS 11.2.2-h1",
            "PAN-OS 11.2.1-h1",
            "PAN-OS 11.2.1",
            "PAN-OS 11.2.0-h1",
            "PAN-OS 11.2.0",
            "PAN-OS 11.1.15",
            "PAN-OS 11.1.14",
            "PAN-OS 11.1.13-h6",
            "PAN-OS 11.1.13-h5",
            "PAN-OS 11.1.13-h3",
            "PAN-OS 11.1.13-h2",
            "PAN-OS 11.1.13-h1",
            "PAN-OS 11.1.13",
            "PAN-OS 11.1.12",
            "PAN-OS 11.1.11",
            "PAN-OS 11.1.10-h26",
            "PAN-OS 11.1.10-h25",
            "PAN-OS 11.1.10-h21",
            "PAN-OS 11.1.10-h12",
            "PAN-OS 11.1.10-h10",
            "PAN-OS 11.1.10-h9",
            "PAN-OS 11.1.10-h7",
            "PAN-OS 11.1.10-h5",
            "PAN-OS 11.1.10-h4",
            "PAN-OS 11.1.10-h1",
            "PAN-OS 11.1.10",
            "PAN-OS 11.1.9",
            "PAN-OS 11.1.8",
            "PAN-OS 11.1.6-h32",
            "PAN-OS 11.1.6-h29",
            "PAN-OS 11.1.6-h25",
            "PAN-OS 11.1.6-h23",
            "PAN-OS 11.1.6-h22",
            "PAN-OS 11.1.6-h21",
            "PAN-OS 11.1.6-h20",
            "PAN-OS 11.1.6-h19",
            "PAN-OS 11.1.6-h18",
            "PAN-OS 11.1.6-h17",
            "PAN-OS 11.1.6-h14",
            "PAN-OS 11.1.6-h10",
            "PAN-OS 11.1.6-h7",
            "PAN-OS 11.1.6-h6",
            "PAN-OS 11.1.6-h4",
            "PAN-OS 11.1.6-h3",
            "PAN-OS 11.1.6-h2",
            "PAN-OS 11.1.6-h1",
            "PAN-OS 11.1.6",
            "PAN-OS 11.1.5-h1",
            "PAN-OS 11.1.5",
            "PAN-OS 11.1.4-h33",
            "PAN-OS 11.1.4-h32",
            "PAN-OS 11.1.4-h27",
            "PAN-OS 11.1.4-h25",
            "PAN-OS 11.1.4-h18",
            "PAN-OS 11.1.4-h17",
            "PAN-OS 11.1.4-h15",
            "PAN-OS 11.1.4-h13",
            "PAN-OS 11.1.4-h12",
            "PAN-OS 11.1.4-h11",
            "PAN-OS 11.1.4-h10",
            "PAN-OS 11.1.4-h9",
            "PAN-OS 11.1.4-h8",
            "PAN-OS 11.1.4-h7",
            "PAN-OS 11.1.4-h6",
            "PAN-OS 11.1.4-h5",
            "PAN-OS 11.1.4-h4",
            "PAN-OS 11.1.4-h3",
            "PAN-OS 11.1.4-h2",
            "PAN-OS 11.1.4-h1",
            "PAN-OS 11.1.4",
            "PAN-OS 11.1.3-h13",
            "PAN-OS 11.1.3-h12",
            "PAN-OS 11.1.3-h11",
            "PAN-OS 11.1.3-h10",
            "PAN-OS 11.1.3-h9",
            "PAN-OS 11.1.3-h8",
            "PAN-OS 11.1.3-h7",
            "PAN-OS 11.1.3-h6",
            "PAN-OS 11.1.3-h5",
            "PAN-OS 11.1.3-h4",
            "PAN-OS 11.1.3-h3",
            "PAN-OS 11.1.3-h2",
            "PAN-OS 11.1.3-h1",
            "PAN-OS 11.1.3",
            "PAN-OS 11.1.2-h18",
            "PAN-OS 11.1.2-h17",
            "PAN-OS 11.1.2-h16",
            "PAN-OS 11.1.2-h15",
            "PAN-OS 11.1.2-h14",
            "PAN-OS 11.1.2-h13",
            "PAN-OS 11.1.2-h12",
            "PAN-OS 11.1.2-h11",
            "PAN-OS 11.1.2-h10",
            "PAN-OS 11.1.2-h9",
            "PAN-OS 11.1.2-h8",
            "PAN-OS 11.1.2-h7",
            "PAN-OS 11.1.2-h6",
            "PAN-OS 11.1.2-h5",
            "PAN-OS 11.1.2-h4",
            "PAN-OS 11.1.2-h3",
            "PAN-OS 11.1.2-h2",
            "PAN-OS 11.1.2-h1",
            "PAN-OS 11.1.2",
            "PAN-OS 11.1.1-h2",
            "PAN-OS 11.1.1-h1",
            "PAN-OS 11.1.1",
            "PAN-OS 11.1.0-h4",
            "PAN-OS 11.1.0-h3",
            "PAN-OS 11.1.0-h2",
            "PAN-OS 11.1.0-h1",
            "PAN-OS 11.1.0",
            "PAN-OS 10.2.18-h6",
            "PAN-OS 10.2.18-h5",
            "PAN-OS 10.2.18-h1",
            "PAN-OS 10.2.18",
            "PAN-OS 10.2.17",
            "PAN-OS 10.2.16-h7",
            "PAN-OS 10.2.16-h6",
            "PAN-OS 10.2.16-h4",
            "PAN-OS 10.2.16-h1",
            "PAN-OS 10.2.16",
            "PAN-OS 10.2.15",
            "PAN-OS 10.2.14-h1",
            "PAN-OS 10.2.14",
            "PAN-OS 10.2.13-h21",
            "PAN-OS 10.2.13-h18",
            "PAN-OS 10.2.13-h16",
            "PAN-OS 10.2.13-h15",
            "PAN-OS 10.2.13-h10",
            "PAN-OS 10.2.13-h7",
            "PAN-OS 10.2.13-h5",
            "PAN-OS 10.2.13-h4",
            "PAN-OS 10.2.13-h3",
            "PAN-OS 10.2.13-h2",
            "PAN-OS 10.2.13-h1",
            "PAN-OS 10.2.13",
            "PAN-OS 10.2.12-h6",
            "PAN-OS 10.2.12-h5",
            "PAN-OS 10.2.12-h4",
            "PAN-OS 10.2.12-h3",
            "PAN-OS 10.2.12-h2",
            "PAN-OS 10.2.12-h1",
            "PAN-OS 10.2.12",
            "PAN-OS 10.2.11-h13",
            "PAN-OS 10.2.11-h12",
            "PAN-OS 10.2.11-h11",
            "PAN-OS 10.2.11-h10",
            "PAN-OS 10.2.11-h9",
            "PAN-OS 10.2.11-h8",
            "PAN-OS 10.2.11-h7",
            "PAN-OS 10.2.11-h6",
            "PAN-OS 10.2.11-h5",
            "PAN-OS 10.2.11-h4",
            "PAN-OS 10.2.11-h3",
            "PAN-OS 10.2.11-h2",
            "PAN-OS 10.2.11-h1",
            "PAN-OS 10.2.11",
            "PAN-OS 10.2.10-h36",
            "PAN-OS 10.2.10-h31",
            "PAN-OS 10.2.10-h30",
            "PAN-OS 10.2.10-h27",
            "PAN-OS 10.2.10-h26",
            "PAN-OS 10.2.10-h23",
            "PAN-OS 10.2.10-h21",
            "PAN-OS 10.2.10-h18",
            "PAN-OS 10.2.10-h17",
            "PAN-OS 10.2.10-h14",
            "PAN-OS 10.2.10-h13",
            "PAN-OS 10.2.10-h12",
            "PAN-OS 10.2.10-h11",
            "PAN-OS 10.2.10-h10",
            "PAN-OS 10.2.10-h9",
            "PAN-OS 10.2.10-h8",
            "PAN-OS 10.2.10-h7",
            "PAN-OS 10.2.10-h6",
            "PAN-OS 10.2.10-h5",
            "PAN-OS 10.2.10-h4",
            "PAN-OS 10.2.10-h3",
            "PAN-OS 10.2.10-h2",
            "PAN-OS 10.2.10-h1",
            "PAN-OS 10.2.10",
            "PAN-OS 10.2.9-h21",
            "PAN-OS 10.2.9-h20",
            "PAN-OS 10.2.9-h19",
            "PAN-OS 10.2.9-h18",
            "PAN-OS 10.2.9-h17",
            "PAN-OS 10.2.9-h16",
            "PAN-OS 10.2.9-h15",
            "PAN-OS 10.2.9-h14",
            "PAN-OS 10.2.9-h13",
            "PAN-OS 10.2.9-h12",
            "PAN-OS 10.2.9-h11",
            "PAN-OS 10.2.9-h10",
            "PAN-OS 10.2.9-h9",
            "PAN-OS 10.2.9-h8",
            "PAN-OS 10.2.9-h7",
            "PAN-OS 10.2.9-h6",
            "PAN-OS 10.2.9-h5",
            "PAN-OS 10.2.9-h4",
            "PAN-OS 10.2.9-h3",
            "PAN-OS 10.2.9-h2",
            "PAN-OS 10.2.9-h1",
            "PAN-OS 10.2.9",
            "PAN-OS 10.2.8-h21",
            "PAN-OS 10.2.8-h20",
            "PAN-OS 10.2.8-h19",
            "PAN-OS 10.2.8-h18",
            "PAN-OS 10.2.8-h17",
            "PAN-OS 10.2.8-h16",
            "PAN-OS 10.2.8-h15",
            "PAN-OS 10.2.8-h14",
            "PAN-OS 10.2.8-h13",
            "PAN-OS 10.2.8-h12",
            "PAN-OS 10.2.8-h11",
            "PAN-OS 10.2.8-h10",
            "PAN-OS 10.2.8-h9",
            "PAN-OS 10.2.8-h8",
            "PAN-OS 10.2.8-h7",
            "PAN-OS 10.2.8-h6",
            "PAN-OS 10.2.8-h5",
            "PAN-OS 10.2.8-h4",
            "PAN-OS 10.2.8-h3",
            "PAN-OS 10.2.8-h2",
            "PAN-OS 10.2.8-h1",
            "PAN-OS 10.2.8",
            "PAN-OS 10.2.7-h34",
            "PAN-OS 10.2.7-h32",
            "PAN-OS 10.2.7-h24",
            "PAN-OS 10.2.7-h23",
            "PAN-OS 10.2.7-h22",
            "PAN-OS 10.2.7-h21",
            "PAN-OS 10.2.7-h20",
            "PAN-OS 10.2.7-h19",
            "PAN-OS 10.2.7-h18",
            "PAN-OS 10.2.7-h17",
            "PAN-OS 10.2.7-h16",
            "PAN-OS 10.2.7-h15",
            "PAN-OS 10.2.7-h14",
            "PAN-OS 10.2.7-h13",
            "PAN-OS 10.2.7-h12",
            "PAN-OS 10.2.7-h11",
            "PAN-OS 10.2.7-h10",
            "PAN-OS 10.2.7-h9",
            "PAN-OS 10.2.7-h8",
            "PAN-OS 10.2.7-h7",
            "PAN-OS 10.2.7-h6",
            "PAN-OS 10.2.7-h5",
            "PAN-OS 10.2.7-h4",
            "PAN-OS 10.2.7-h3",
            "PAN-OS 10.2.7-h2",
            "PAN-OS 10.2.7-h1",
            "PAN-OS 10.2.7",
            "PAN-OS 10.2.6-h6",
            "PAN-OS 10.2.6-h5",
            "PAN-OS 10.2.6-h4",
            "PAN-OS 10.2.6-h3",
            "PAN-OS 10.2.6-h2",
            "PAN-OS 10.2.6-h1",
            "PAN-OS 10.2.6",
            "PAN-OS 10.2.5-h9",
            "PAN-OS 10.2.5-h8",
            "PAN-OS 10.2.5-h7",
            "PAN-OS 10.2.5-h6",
            "PAN-OS 10.2.5-h5",
            "PAN-OS 10.2.5-h4",
            "PAN-OS 10.2.5-h3",
            "PAN-OS 10.2.5-h2",
            "PAN-OS 10.2.5-h1",
            "PAN-OS 10.2.5",
            "PAN-OS 10.2.4-h32",
            "PAN-OS 10.2.4-h31",
            "PAN-OS 10.2.4-h30",
            "PAN-OS 10.2.4-h29",
            "PAN-OS 10.2.4-h28",
            "PAN-OS 10.2.4-h27",
            "PAN-OS 10.2.4-h26",
            "PAN-OS 10.2.4-h25",
            "PAN-OS 10.2.4-h24",
            "PAN-OS 10.2.4-h23",
            "PAN-OS 10.2.4-h22",
            "PAN-OS 10.2.4-h21",
            "PAN-OS 10.2.4-h20",
            "PAN-OS 10.2.4-h19",
            "PAN-OS 10.2.4-h18",
            "PAN-OS 10.2.4-h17",
            "PAN-OS 10.2.4-h16",
            "PAN-OS 10.2.4-h15",
            "PAN-OS 10.2.4-h14",
            "PAN-OS 10.2.4-h13",
            "PAN-OS 10.2.4-h12",
            "PAN-OS 10.2.4-h11",
            "PAN-OS 10.2.4-h10",
            "PAN-OS 10.2.4-h9",
            "PAN-OS 10.2.4-h8",
            "PAN-OS 10.2.4-h7",
            "PAN-OS 10.2.4-h6",
            "PAN-OS 10.2.4-h5",
            "PAN-OS 10.2.4-h4",
            "PAN-OS 10.2.4-h3",
            "PAN-OS 10.2.4-h2",
            "PAN-OS 10.2.4-h1",
            "PAN-OS 10.2.4",
            "PAN-OS 10.2.3-h14",
            "PAN-OS 10.2.3-h13",
            "PAN-OS 10.2.3-h12",
            "PAN-OS 10.2.3-h11",
            "PAN-OS 10.2.3-h10",
            "PAN-OS 10.2.3-h9",
            "PAN-OS 10.2.3-h8",
            "PAN-OS 10.2.3-h7",
            "PAN-OS 10.2.3-h6",
            "PAN-OS 10.2.3-h5",
            "PAN-OS 10.2.3-h4",
            "PAN-OS 10.2.3-h3",
            "PAN-OS 10.2.3-h2",
            "PAN-OS 10.2.3-h1",
            "PAN-OS 10.2.3",
            "PAN-OS 10.2.2-h6",
            "PAN-OS 10.2.2-h5",
            "PAN-OS 10.2.2-h4",
            "PAN-OS 10.2.2-h3",
            "PAN-OS 10.2.2-h2",
            "PAN-OS 10.2.2-h1",
            "PAN-OS 10.2.2",
            "PAN-OS 10.2.1-h3",
            "PAN-OS 10.2.1-h2",
            "PAN-OS 10.2.1-h1",
            "PAN-OS 10.2.1",
            "PAN-OS 10.2.0-h4",
            "PAN-OS 10.2.0-h3",
            "PAN-OS 10.2.0-h2",
            "PAN-OS 10.2.0-h1",
            "PAN-OS 10.2.0"
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "assignerShortName": "palo_alto",
        "cveId": "CVE-2026-0281",
        "datePublished": "2026-07-09T19:03:44.381Z",
        "dateReserved": "2025-11-03T20:44:40.071Z",
        "dateUpdated": "2026-07-09T19:24:18.136Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0282 (GCVE-0-2026-0282)

    Vulnerability from cvelistv5 – Published: 2026-07-09 19:02 – Updated: 2026-07-09 19:24
    VLAI
    Title
    PAN-OS: File Deletion Vulnerability in Management Web Interface
    Summary
    A file deletion vulnerability in Palo Alto Networks PAN-OS® software enables an unauthenticated attacker with network access to the management web interface to delete files from a temporary directory. The security risk posed by this issue is minimized by restricting access to the management web interface to only trusted internal IP addresses according to our recommended best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . This issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series). Cloud NGFW and Prisma® Access are not impacted by this vulnerability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    References
    Impacted products
    Vendor Product Version
    Palo Alto Networks Cloud NGFW Unaffected: All (custom)
    Create a notification for this product.
    Palo Alto Networks PAN-OS Affected: 12.1.0 , < 12.1.8 (custom)
    Affected: 11.2.0 , < 11.2.13 (custom)
    Affected: 11.1.0 , < 11.1.16 (custom)
    Affected: 10.2.0 , < 10.2.18-h8 (custom)
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.12:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.15:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.14:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Palo Alto Networks Prisma Access Unaffected: All (custom)
    Create a notification for this product.
    Date Public
    2026-07-08 16:00
    Credits
    our internal security research teams
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0282",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T19:24:34.179840Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T19:24:40.688Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Cloud NGFW",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "PAN-OS",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "12.1.8",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "12.1.8",
                  "status": "affected",
                  "version": "12.1.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "11.2.13",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "11.2.13",
                  "status": "affected",
                  "version": "11.2.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "11.1.16",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "11.1.16",
                  "status": "affected",
                  "version": "11.1.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "10.2.18-h8",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.16-h9",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.13-h23",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.10-h39",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.7-h36",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "10.2.18-h8",
                  "status": "affected",
                  "version": "10.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Prisma Access",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "configurations": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "No special configuration is required to be affected by this issue."
                }
              ],
              "value": "No special configuration is required to be affected by this issue."
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "12.1.8",
                      "versionStartIncluding": "12.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.2.13",
                      "versionStartIncluding": "11.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.16",
                      "versionStartIncluding": "11.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionStartIncluding": "10.2.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "our internal security research teams"
            }
          ],
          "datePublic": "2026-07-08T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A file deletion vulnerability in Palo Alto Networks PAN-OS\u00ae software enables an unauthenticated attacker with network access to the management web interface to delete files from a temporary directory.\u003cbr\u003e\u003cbr\u003eThe security risk posed by this issue is minimized by restricting access to the management web interface to only trusted internal IP addresses according to our recommended \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"\u003ebest practice deployment guidelines\u003c/a\u003e.\u003cbr\u003e\u003cbr\u003eThis issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series).\u003cbr\u003e\u003cbr\u003eCloud NGFW and Prisma\u00ae Access are not impacted by this vulnerability."
                }
              ],
              "value": "A file deletion vulnerability in Palo Alto Networks PAN-OS\u00ae software enables an unauthenticated attacker with network access to the management web interface to delete files from a temporary directory.\n\nThe security risk posed by this issue is minimized by restricting access to the management web interface to only trusted internal IP addresses according to our recommended  best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .\n\nThis issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series).\n\nCloud NGFW and Prisma\u00ae Access are not impacted by this vulnerability."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
                }
              ],
              "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-165",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-165 File Manipulation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NO",
                "Recovery": "USER",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 2.7,
                "baseSeverity": "LOW",
                "exploitMaturity": "UNREPORTED",
                "privilegesRequired": "NONE",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "The risk is highest when you allow access to the management interface from external IP addresses on the internet."
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NO",
                "Recovery": "USER",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 1.2,
                "baseSeverity": "LOW",
                "exploitMaturity": "UNREPORTED",
                "privilegesRequired": "NONE",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "You can reduce the risk of exploitation by restricting management access to a jump box that is the only system allowed to access the management interface."
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T19:02:26.722Z",
            "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
            "shortName": "palo_alto"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.paloaltonetworks.com/CVE-2026-0282"
            }
          ],
          "solutions": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003ctable\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eVersion\u003cbr\u003e\u003c/th\u003e\u003cth\u003eMinor Version Range\u003cbr\u003e\u003c/th\u003e\u003cth\u003eSuggested Solution\u003cbr\u003e\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eCloud NGFW All\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003ePAN-OS 12.1\u003cbr\u003e\u003c/td\u003e\n                                \u003ctd\u003e12.1.0 through 12.1.7-h*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 12.1.8 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003ePAN-OS 11.2\u003cbr\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.2.0 through 11.2.12\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.2.13 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003ePAN-OS 11.1\u003cbr\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.1.0 through 11.1.15-h*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.1.16 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 10.2\u003c/td\u003e\u003ctd\u003e10.2.0 through 10.2*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.16 or 11.2.13 or 12.1.8 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eAll older\u003cbr\u003eunsupported\u003cbr\u003ePAN-OS versions\u003c/td\u003e\u003ctd\u003e\u0026nbsp;\u003c/td\u003e\u003ctd\u003eUpgrade to a supported fixed version.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePrisma Access All\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e"
                }
              ],
              "value": "Version\nMinor Version Range\nSuggested Solution\nCloud NGFW All\nNo action needed.\n                                PAN-OS 12.1\n\n                                12.1.0 through 12.1.7-h*\n                                Upgrade to 12.1.8 or later.\n                            \n                                PAN-OS 11.2\n\n                                11.2.0 through 11.2.12\n                                Upgrade to 11.2.13 or later.\n                            \n                                PAN-OS 11.1\n\n                                11.1.0 through 11.1.15-h*\n                                Upgrade to 11.1.16 or later.\n                            PAN-OS 10.210.2.0 through 10.2*Upgrade to 11.1.16 or 11.2.13 or 12.1.8 or later.All older\nunsupported\nPAN-OS versions\u00a0Upgrade to a supported fixed version.Prisma Access All\nNo action needed."
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-08T16:00:00.000Z",
              "value": "Initial publication"
            }
          ],
          "title": "PAN-OS: File Deletion Vulnerability in Management Web Interface",
          "workarounds": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The vast majority of firewalls already follow Palo Alto Networks\u0027 and industry best practices. However, if you have not already, we strongly recommend that you secure access to your management interface according to our \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"\u003ebest practice deployment guidelines\u003c/a\u003e. Specifically, you should restrict management interface access to only trusted internal IP addresses.\u003cbr\u003e\u003cbr\u003eReview information about how to secure management access to your Palo Alto Networks firewalls:\u003cul\u003e\u003cli\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"\u003ePalo Alto Networks LIVEcommunity article\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices\"\u003ePalo Alto Networks official and detailed technical documentation\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e"
                }
              ],
              "value": "The vast majority of firewalls already follow Palo Alto Networks\u0027 and industry best practices. However, if you have not already, we strongly recommend that you secure access to your management interface according to our  best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . Specifically, you should restrict management interface access to only trusted internal IP addresses.\n\nReview information about how to secure management access to your Palo Alto Networks firewalls:  *   Palo Alto Networks LIVEcommunity article https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 \n  *   Palo Alto Networks official and detailed technical documentation https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices"
            }
          ],
          "x_affectedList": [
            "PAN-OS 12.1.7",
            "PAN-OS 12.1.6",
            "PAN-OS 12.1.5",
            "PAN-OS 12.1.4-h6",
            "PAN-OS 12.1.4-h5",
            "PAN-OS 12.1.4-h3",
            "PAN-OS 12.1.4-h2",
            "PAN-OS 12.1.4",
            "PAN-OS 12.1.3-h3",
            "PAN-OS 12.1.3-h1",
            "PAN-OS 12.1.3",
            "PAN-OS 12.1.2",
            "PAN-OS 11.2.12",
            "PAN-OS 11.2.11",
            "PAN-OS 11.2.10-h8",
            "PAN-OS 11.2.10-h7",
            "PAN-OS 11.2.10-h6",
            "PAN-OS 11.2.10-h5",
            "PAN-OS 11.2.10-h4",
            "PAN-OS 11.2.10-h3",
            "PAN-OS 11.2.10-h2",
            "PAN-OS 11.2.10-h1",
            "PAN-OS 11.2.10",
            "PAN-OS 11.2.9",
            "PAN-OS 11.2.8",
            "PAN-OS 11.2.7-h15",
            "PAN-OS 11.2.7-h14",
            "PAN-OS 11.2.7-h13",
            "PAN-OS 11.2.7-h12",
            "PAN-OS 11.2.7-h11",
            "PAN-OS 11.2.7-h10",
            "PAN-OS 11.2.7-h8",
            "PAN-OS 11.2.7-h7",
            "PAN-OS 11.2.7-h4",
            "PAN-OS 11.2.7-h3",
            "PAN-OS 11.2.7-h2",
            "PAN-OS 11.2.7-h1",
            "PAN-OS 11.2.7",
            "PAN-OS 11.2.6",
            "PAN-OS 11.2.5",
            "PAN-OS 11.2.4-h17",
            "PAN-OS 11.2.4-h15",
            "PAN-OS 11.2.4-h14",
            "PAN-OS 11.2.4-h12",
            "PAN-OS 11.2.4-h11",
            "PAN-OS 11.2.4-h10",
            "PAN-OS 11.2.4-h9",
            "PAN-OS 11.2.4-h8",
            "PAN-OS 11.2.4-h7",
            "PAN-OS 11.2.4-h6",
            "PAN-OS 11.2.4-h5",
            "PAN-OS 11.2.4-h4",
            "PAN-OS 11.2.4-h3",
            "PAN-OS 11.2.4-h2",
            "PAN-OS 11.2.4-h1",
            "PAN-OS 11.2.4",
            "PAN-OS 11.2.3-h5",
            "PAN-OS 11.2.3-h4",
            "PAN-OS 11.2.3-h3",
            "PAN-OS 11.2.3-h2",
            "PAN-OS 11.2.3-h1",
            "PAN-OS 11.2.3",
            "PAN-OS 11.2.2-h2",
            "PAN-OS 11.2.2-h1",
            "PAN-OS 11.2.1-h1",
            "PAN-OS 11.2.1",
            "PAN-OS 11.2.0-h1",
            "PAN-OS 11.2.0",
            "PAN-OS 11.1.15",
            "PAN-OS 11.1.14",
            "PAN-OS 11.1.13-h6",
            "PAN-OS 11.1.13-h5",
            "PAN-OS 11.1.13-h3",
            "PAN-OS 11.1.13-h2",
            "PAN-OS 11.1.13-h1",
            "PAN-OS 11.1.13",
            "PAN-OS 11.1.12",
            "PAN-OS 11.1.11",
            "PAN-OS 11.1.10-h26",
            "PAN-OS 11.1.10-h25",
            "PAN-OS 11.1.10-h21",
            "PAN-OS 11.1.10-h12",
            "PAN-OS 11.1.10-h10",
            "PAN-OS 11.1.10-h9",
            "PAN-OS 11.1.10-h7",
            "PAN-OS 11.1.10-h5",
            "PAN-OS 11.1.10-h4",
            "PAN-OS 11.1.10-h1",
            "PAN-OS 11.1.10",
            "PAN-OS 11.1.9",
            "PAN-OS 11.1.8",
            "PAN-OS 11.1.6-h32",
            "PAN-OS 11.1.6-h29",
            "PAN-OS 11.1.6-h25",
            "PAN-OS 11.1.6-h23",
            "PAN-OS 11.1.6-h22",
            "PAN-OS 11.1.6-h21",
            "PAN-OS 11.1.6-h20",
            "PAN-OS 11.1.6-h19",
            "PAN-OS 11.1.6-h18",
            "PAN-OS 11.1.6-h17",
            "PAN-OS 11.1.6-h14",
            "PAN-OS 11.1.6-h10",
            "PAN-OS 11.1.6-h7",
            "PAN-OS 11.1.6-h6",
            "PAN-OS 11.1.6-h4",
            "PAN-OS 11.1.6-h3",
            "PAN-OS 11.1.6-h2",
            "PAN-OS 11.1.6-h1",
            "PAN-OS 11.1.6",
            "PAN-OS 11.1.5-h1",
            "PAN-OS 11.1.5",
            "PAN-OS 11.1.4-h33",
            "PAN-OS 11.1.4-h32",
            "PAN-OS 11.1.4-h27",
            "PAN-OS 11.1.4-h25",
            "PAN-OS 11.1.4-h18",
            "PAN-OS 11.1.4-h17",
            "PAN-OS 11.1.4-h15",
            "PAN-OS 11.1.4-h13",
            "PAN-OS 11.1.4-h12",
            "PAN-OS 11.1.4-h11",
            "PAN-OS 11.1.4-h10",
            "PAN-OS 11.1.4-h9",
            "PAN-OS 11.1.4-h8",
            "PAN-OS 11.1.4-h7",
            "PAN-OS 11.1.4-h6",
            "PAN-OS 11.1.4-h5",
            "PAN-OS 11.1.4-h4",
            "PAN-OS 11.1.4-h3",
            "PAN-OS 11.1.4-h2",
            "PAN-OS 11.1.4-h1",
            "PAN-OS 11.1.4",
            "PAN-OS 11.1.3-h13",
            "PAN-OS 11.1.3-h12",
            "PAN-OS 11.1.3-h11",
            "PAN-OS 11.1.3-h10",
            "PAN-OS 11.1.3-h9",
            "PAN-OS 11.1.3-h8",
            "PAN-OS 11.1.3-h7",
            "PAN-OS 11.1.3-h6",
            "PAN-OS 11.1.3-h5",
            "PAN-OS 11.1.3-h4",
            "PAN-OS 11.1.3-h3",
            "PAN-OS 11.1.3-h2",
            "PAN-OS 11.1.3-h1",
            "PAN-OS 11.1.3",
            "PAN-OS 11.1.2-h18",
            "PAN-OS 11.1.2-h17",
            "PAN-OS 11.1.2-h16",
            "PAN-OS 11.1.2-h15",
            "PAN-OS 11.1.2-h14",
            "PAN-OS 11.1.2-h13",
            "PAN-OS 11.1.2-h12",
            "PAN-OS 11.1.2-h11",
            "PAN-OS 11.1.2-h10",
            "PAN-OS 11.1.2-h9",
            "PAN-OS 11.1.2-h8",
            "PAN-OS 11.1.2-h7",
            "PAN-OS 11.1.2-h6",
            "PAN-OS 11.1.2-h5",
            "PAN-OS 11.1.2-h4",
            "PAN-OS 11.1.2-h3",
            "PAN-OS 11.1.2-h2",
            "PAN-OS 11.1.2-h1",
            "PAN-OS 11.1.2",
            "PAN-OS 11.1.1-h2",
            "PAN-OS 11.1.1-h1",
            "PAN-OS 11.1.1",
            "PAN-OS 11.1.0-h4",
            "PAN-OS 11.1.0-h3",
            "PAN-OS 11.1.0-h2",
            "PAN-OS 11.1.0-h1",
            "PAN-OS 11.1.0",
            "PAN-OS 10.2.18-h6",
            "PAN-OS 10.2.18-h5",
            "PAN-OS 10.2.18-h1",
            "PAN-OS 10.2.18",
            "PAN-OS 10.2.17",
            "PAN-OS 10.2.16-h7",
            "PAN-OS 10.2.16-h6",
            "PAN-OS 10.2.16-h4",
            "PAN-OS 10.2.16-h1",
            "PAN-OS 10.2.16",
            "PAN-OS 10.2.15",
            "PAN-OS 10.2.14-h1",
            "PAN-OS 10.2.14",
            "PAN-OS 10.2.13-h21",
            "PAN-OS 10.2.13-h18",
            "PAN-OS 10.2.13-h16",
            "PAN-OS 10.2.13-h15",
            "PAN-OS 10.2.13-h10",
            "PAN-OS 10.2.13-h7",
            "PAN-OS 10.2.13-h5",
            "PAN-OS 10.2.13-h4",
            "PAN-OS 10.2.13-h3",
            "PAN-OS 10.2.13-h2",
            "PAN-OS 10.2.13-h1",
            "PAN-OS 10.2.13",
            "PAN-OS 10.2.12-h6",
            "PAN-OS 10.2.12-h5",
            "PAN-OS 10.2.12-h4",
            "PAN-OS 10.2.12-h3",
            "PAN-OS 10.2.12-h2",
            "PAN-OS 10.2.12-h1",
            "PAN-OS 10.2.12",
            "PAN-OS 10.2.11-h13",
            "PAN-OS 10.2.11-h12",
            "PAN-OS 10.2.11-h11",
            "PAN-OS 10.2.11-h10",
            "PAN-OS 10.2.11-h9",
            "PAN-OS 10.2.11-h8",
            "PAN-OS 10.2.11-h7",
            "PAN-OS 10.2.11-h6",
            "PAN-OS 10.2.11-h5",
            "PAN-OS 10.2.11-h4",
            "PAN-OS 10.2.11-h3",
            "PAN-OS 10.2.11-h2",
            "PAN-OS 10.2.11-h1",
            "PAN-OS 10.2.11",
            "PAN-OS 10.2.10-h36",
            "PAN-OS 10.2.10-h31",
            "PAN-OS 10.2.10-h30",
            "PAN-OS 10.2.10-h27",
            "PAN-OS 10.2.10-h26",
            "PAN-OS 10.2.10-h23",
            "PAN-OS 10.2.10-h21",
            "PAN-OS 10.2.10-h18",
            "PAN-OS 10.2.10-h17",
            "PAN-OS 10.2.10-h14",
            "PAN-OS 10.2.10-h13",
            "PAN-OS 10.2.10-h12",
            "PAN-OS 10.2.10-h11",
            "PAN-OS 10.2.10-h10",
            "PAN-OS 10.2.10-h9",
            "PAN-OS 10.2.10-h8",
            "PAN-OS 10.2.10-h7",
            "PAN-OS 10.2.10-h6",
            "PAN-OS 10.2.10-h5",
            "PAN-OS 10.2.10-h4",
            "PAN-OS 10.2.10-h3",
            "PAN-OS 10.2.10-h2",
            "PAN-OS 10.2.10-h1",
            "PAN-OS 10.2.10",
            "PAN-OS 10.2.9-h21",
            "PAN-OS 10.2.9-h20",
            "PAN-OS 10.2.9-h19",
            "PAN-OS 10.2.9-h18",
            "PAN-OS 10.2.9-h17",
            "PAN-OS 10.2.9-h16",
            "PAN-OS 10.2.9-h15",
            "PAN-OS 10.2.9-h14",
            "PAN-OS 10.2.9-h13",
            "PAN-OS 10.2.9-h12",
            "PAN-OS 10.2.9-h11",
            "PAN-OS 10.2.9-h10",
            "PAN-OS 10.2.9-h9",
            "PAN-OS 10.2.9-h8",
            "PAN-OS 10.2.9-h7",
            "PAN-OS 10.2.9-h6",
            "PAN-OS 10.2.9-h5",
            "PAN-OS 10.2.9-h4",
            "PAN-OS 10.2.9-h3",
            "PAN-OS 10.2.9-h2",
            "PAN-OS 10.2.9-h1",
            "PAN-OS 10.2.9",
            "PAN-OS 10.2.8-h21",
            "PAN-OS 10.2.8-h20",
            "PAN-OS 10.2.8-h19",
            "PAN-OS 10.2.8-h18",
            "PAN-OS 10.2.8-h17",
            "PAN-OS 10.2.8-h16",
            "PAN-OS 10.2.8-h15",
            "PAN-OS 10.2.8-h14",
            "PAN-OS 10.2.8-h13",
            "PAN-OS 10.2.8-h12",
            "PAN-OS 10.2.8-h11",
            "PAN-OS 10.2.8-h10",
            "PAN-OS 10.2.8-h9",
            "PAN-OS 10.2.8-h8",
            "PAN-OS 10.2.8-h7",
            "PAN-OS 10.2.8-h6",
            "PAN-OS 10.2.8-h5",
            "PAN-OS 10.2.8-h4",
            "PAN-OS 10.2.8-h3",
            "PAN-OS 10.2.8-h2",
            "PAN-OS 10.2.8-h1",
            "PAN-OS 10.2.8",
            "PAN-OS 10.2.7-h34",
            "PAN-OS 10.2.7-h32",
            "PAN-OS 10.2.7-h24",
            "PAN-OS 10.2.7-h23",
            "PAN-OS 10.2.7-h22",
            "PAN-OS 10.2.7-h21",
            "PAN-OS 10.2.7-h20",
            "PAN-OS 10.2.7-h19",
            "PAN-OS 10.2.7-h18",
            "PAN-OS 10.2.7-h17",
            "PAN-OS 10.2.7-h16",
            "PAN-OS 10.2.7-h15",
            "PAN-OS 10.2.7-h14",
            "PAN-OS 10.2.7-h13",
            "PAN-OS 10.2.7-h12",
            "PAN-OS 10.2.7-h11",
            "PAN-OS 10.2.7-h10",
            "PAN-OS 10.2.7-h9",
            "PAN-OS 10.2.7-h8",
            "PAN-OS 10.2.7-h7",
            "PAN-OS 10.2.7-h6",
            "PAN-OS 10.2.7-h5",
            "PAN-OS 10.2.7-h4",
            "PAN-OS 10.2.7-h3",
            "PAN-OS 10.2.7-h2",
            "PAN-OS 10.2.7-h1",
            "PAN-OS 10.2.7",
            "PAN-OS 10.2.6-h6",
            "PAN-OS 10.2.6-h5",
            "PAN-OS 10.2.6-h4",
            "PAN-OS 10.2.6-h3",
            "PAN-OS 10.2.6-h2",
            "PAN-OS 10.2.6-h1",
            "PAN-OS 10.2.6",
            "PAN-OS 10.2.5-h9",
            "PAN-OS 10.2.5-h8",
            "PAN-OS 10.2.5-h7",
            "PAN-OS 10.2.5-h6",
            "PAN-OS 10.2.5-h5",
            "PAN-OS 10.2.5-h4",
            "PAN-OS 10.2.5-h3",
            "PAN-OS 10.2.5-h2",
            "PAN-OS 10.2.5-h1",
            "PAN-OS 10.2.5",
            "PAN-OS 10.2.4-h32",
            "PAN-OS 10.2.4-h31",
            "PAN-OS 10.2.4-h30",
            "PAN-OS 10.2.4-h29",
            "PAN-OS 10.2.4-h28",
            "PAN-OS 10.2.4-h27",
            "PAN-OS 10.2.4-h26",
            "PAN-OS 10.2.4-h25",
            "PAN-OS 10.2.4-h24",
            "PAN-OS 10.2.4-h23",
            "PAN-OS 10.2.4-h22",
            "PAN-OS 10.2.4-h21",
            "PAN-OS 10.2.4-h20",
            "PAN-OS 10.2.4-h19",
            "PAN-OS 10.2.4-h18",
            "PAN-OS 10.2.4-h17",
            "PAN-OS 10.2.4-h16",
            "PAN-OS 10.2.4-h15",
            "PAN-OS 10.2.4-h14",
            "PAN-OS 10.2.4-h13",
            "PAN-OS 10.2.4-h12",
            "PAN-OS 10.2.4-h11",
            "PAN-OS 10.2.4-h10",
            "PAN-OS 10.2.4-h9",
            "PAN-OS 10.2.4-h8",
            "PAN-OS 10.2.4-h7",
            "PAN-OS 10.2.4-h6",
            "PAN-OS 10.2.4-h5",
            "PAN-OS 10.2.4-h4",
            "PAN-OS 10.2.4-h3",
            "PAN-OS 10.2.4-h2",
            "PAN-OS 10.2.4-h1",
            "PAN-OS 10.2.4",
            "PAN-OS 10.2.3-h14",
            "PAN-OS 10.2.3-h13",
            "PAN-OS 10.2.3-h12",
            "PAN-OS 10.2.3-h11",
            "PAN-OS 10.2.3-h10",
            "PAN-OS 10.2.3-h9",
            "PAN-OS 10.2.3-h8",
            "PAN-OS 10.2.3-h7",
            "PAN-OS 10.2.3-h6",
            "PAN-OS 10.2.3-h5",
            "PAN-OS 10.2.3-h4",
            "PAN-OS 10.2.3-h3",
            "PAN-OS 10.2.3-h2",
            "PAN-OS 10.2.3-h1",
            "PAN-OS 10.2.3",
            "PAN-OS 10.2.2-h6",
            "PAN-OS 10.2.2-h5",
            "PAN-OS 10.2.2-h4",
            "PAN-OS 10.2.2-h3",
            "PAN-OS 10.2.2-h2",
            "PAN-OS 10.2.2-h1",
            "PAN-OS 10.2.2",
            "PAN-OS 10.2.1-h3",
            "PAN-OS 10.2.1-h2",
            "PAN-OS 10.2.1-h1",
            "PAN-OS 10.2.1",
            "PAN-OS 10.2.0-h4",
            "PAN-OS 10.2.0-h3",
            "PAN-OS 10.2.0-h2",
            "PAN-OS 10.2.0-h1",
            "PAN-OS 10.2.0"
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "assignerShortName": "palo_alto",
        "cveId": "CVE-2026-0282",
        "datePublished": "2026-07-09T19:02:26.722Z",
        "dateReserved": "2025-11-03T20:44:41.184Z",
        "dateUpdated": "2026-07-09T19:24:40.688Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0283 (GCVE-0-2026-0283)

    Vulnerability from cvelistv5 – Published: 2026-07-09 19:01 – Updated: 2026-07-09 19:25
    VLAI
    Title
    PAN-OS: Authentication Bypass Vulnerability in Large Scale VPN (LSVPN)
    Summary
    An authentication bypass vulnerability in Large Scale VPN ( LSVPN) functionality of Palo Alto Networks PAN-OS software allows an attacker with network access to bypass security restrictions and establish an unauthorized site-to-site VPN connection. Panorama, Cloud NGFW, and Prisma® Access are not impacted by this vulnerability.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    References
    Impacted products
    Vendor Product Version
    Palo Alto Networks Cloud NGFW Unaffected: All (custom)
    Create a notification for this product.
    Palo Alto Networks PAN-OS Affected: 12.1.0 , < 12.1.8 (custom)
    Affected: 11.2.0 , < 11.2.13 (custom)
    Affected: 11.1.0 , < 11.1.16 (custom)
    Affected: 10.2.0 , < 10.2.18-h8 (custom)
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.12:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h16:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h13:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.15:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.14:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h28:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h27:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h26:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h25:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h34:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h33:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h32:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h29:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h25:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h23:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h22:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h20:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h19:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h34:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h33:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h32:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h27:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h25:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h13:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h22:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h16:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h37:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h36:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h31:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h30:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h27:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h26:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h23:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h13:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h35:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h34:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h32:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h24:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h23:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h22:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h20:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h19:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h16:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h13:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Palo Alto Networks Prisma Access Unaffected: All (custom)
    Create a notification for this product.
    Date Public
    2026-07-08 16:00
    Credits
    Vaibhav Nagar (internal reporter) and our internal security research teams
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0283",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T19:24:57.850143Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T19:25:07.889Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Cloud NGFW",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h16:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h13:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h28:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h27:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h26:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h25:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h34:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h33:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h32:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h29:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h25:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h23:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h22:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h20:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h19:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h34:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h33:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h32:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h27:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h25:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h13:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h22:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h16:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h37:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h36:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h31:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h30:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h27:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h26:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h23:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h13:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h35:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h34:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h32:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h24:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h23:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h22:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h20:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h19:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h16:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h13:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "PAN-OS",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "12.1.8",
                      "status": "unaffected"
                    },
                    {
                      "at": "12.1.7-h2",
                      "status": "unaffected"
                    },
                    {
                      "at": "12.1.4-h8",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "12.1.8",
                  "status": "affected",
                  "version": "12.1.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "11.2.13",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.2.10-h12",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.2.7-h18",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.2.4-h20",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "11.2.13",
                  "status": "affected",
                  "version": "11.2.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "11.1.16",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.13-h9",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.10-h30",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.7-h8",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.6-h35",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.4-h35",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "11.1.16",
                  "status": "affected",
                  "version": "11.1.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "10.2.18-h8",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.16-h9",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.13-h23",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.10-h39",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.7-h36",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "10.2.18-h8",
                  "status": "affected",
                  "version": "10.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Prisma Access",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "configurations": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eThis issue is applicable only to firewalls using Large Scale VPN (LSVPN) with configured satellites.\u003cbr\u003e\u003c/p\u003e\u003cp\u003eTo check if your firewall has LSVPN satellites configured, run the following from the PAN-OS CLI:\u003cbr\u003e\u003c/p\u003eshow config running | match satellite\u003cp\u003eIf output is returned, LSVPN is in use.\u003c/p\u003e\u003cp\u003eYou can also verify in the web interface by navigating to\u0026nbsp;\u003cb\u003eNetwork\u003c/b\u003e\u003cb\u003e \u0026gt; \u003c/b\u003e\u003cb\u003eGlobalProtect\u003c/b\u003e\u003cb\u003e \u0026gt; \u003c/b\u003e\u003cb\u003ePortals\u003c/b\u003e, selecting each portal, and checking whether the Satellite tab contains any\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/ngfw/administration/large-scale-vpn-lsvpn/configure-the-globalprotect-portal-for-lsvpn/define-the-satellite-configurations\"\u003econfigured satellites\u003c/a\u003e.\u003c/p\u003e"
                }
              ],
              "value": "This issue is applicable only to firewalls using Large Scale VPN (LSVPN) with configured satellites.\n\n\n\n\nTo check if your firewall has LSVPN satellites configured, run the following from the PAN-OS CLI:\n\n\nshow config running | match satellite\n\nIf output is returned, LSVPN is in use.\n\n\n\nYou can also verify in the web interface by navigating to\u00a0Network \u003e GlobalProtect \u003e Portals, selecting each portal, and checking whether the Satellite tab contains any\u00a0 configured satellites https://docs.paloaltonetworks.com/ngfw/administration/large-scale-vpn-lsvpn/configure-the-globalprotect-portal-for-lsvpn/define-the-satellite-configurations ."
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "12.1.8",
                      "versionStartIncluding": "12.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "12.1.7-h2",
                      "versionStartIncluding": "12.1.7",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "12.1.4-h8",
                      "versionStartIncluding": "12.1.4",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.2.13",
                      "versionStartIncluding": "11.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.2.10-h12",
                      "versionStartIncluding": "11.2.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.2.7-h18",
                      "versionStartIncluding": "11.2.7",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.2.4-h20",
                      "versionStartIncluding": "11.2.4",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.16",
                      "versionStartIncluding": "11.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.13-h9",
                      "versionStartIncluding": "11.1.13",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.10-h30",
                      "versionStartIncluding": "11.1.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.7-h8",
                      "versionStartIncluding": "11.1.7",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.6-h35",
                      "versionStartIncluding": "11.1.6",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.4-h35",
                      "versionStartIncluding": "11.1.4",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.18-h8",
                      "versionStartIncluding": "10.2.18",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.16-h9",
                      "versionStartIncluding": "10.2.16",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.13-h23",
                      "versionStartIncluding": "10.2.13",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.10-h39",
                      "versionStartIncluding": "10.2.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.7-h36",
                      "versionStartIncluding": "10.2.7",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Vaibhav Nagar (internal reporter)  and our internal security research teams"
            }
          ],
          "datePublic": "2026-07-08T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An authentication bypass vulnerability in Large Scale VPN ( LSVPN) functionality of Palo Alto Networks PAN-OS software allows an attacker with network access to bypass security restrictions and establish an unauthorized site-to-site VPN connection.\u003cbr\u003e\u003cbr\u003ePanorama, Cloud NGFW, and Prisma\u00ae Access are not impacted by this vulnerability."
                }
              ],
              "value": "An authentication bypass vulnerability in Large Scale VPN ( LSVPN) functionality of Palo Alto Networks PAN-OS software allows an attacker with network access to bypass security restrictions and establish an unauthorized site-to-site VPN connection.\n\nPanorama, Cloud NGFW, and Prisma\u00ae Access are not impacted by this vulnerability."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
                }
              ],
              "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-115",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-115 Authentication Bypass"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NO",
                "Recovery": "USER",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 4.5,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "UNREPORTED",
                "privilegesRequired": "NONE",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "LOW",
                "userInteraction": "NONE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:H/SI:L/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "The risk is highest when you allow access to the management interface from external IP addresses on the internet."
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306 Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T19:01:34.210Z",
            "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
            "shortName": "palo_alto"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.paloaltonetworks.com/CVE-2026-0283"
            }
          ],
          "solutions": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003ctable\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eVersion\u003cbr\u003e\u003c/th\u003e\u003cth\u003eMinor Version\u003cbr\u003e\u003c/th\u003e\u003cth\u003eSuggested Solution\u003cbr\u003e\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eCloud NGFW All\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003ePAN-OS 12.1\u003cbr\u003e\u003c/td\u003e\n                                \u003ctd\u003e12.1.5 through 12.1.7-h*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 12.1.7-h2 or 12.1.8 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e12.1.2 through 12.1.4-h*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 12.1.4-h8 or 12.1.8 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003ePAN-OS 11.2\u003cbr\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.2.11 through 11.2.12\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.2.13 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.2.8 through 11.2.10-h*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.2.10-h12 or 11.2.13 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.2.5 through 11.2.7-h*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.2.7-h18 or 11.2.13 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.2.0 through 11.2.4-h*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.2.4-h20 or 11.2.13 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003ePAN-OS 11.1\u003cbr\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.1.14 through 11.1.15\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.1.16 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.1.11 through 11.1.13-h*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.1.13-h9 or 11.1.16 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.1.8 through 11.1.10-h*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.1.10-h30 or 11.1.16 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.1.7 through 11.1.7-h*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.1.7-h8 or 11.1.16 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.1.5 through 11.1.6-h*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.1.6-h35 or 11.1.16 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.1.0 through 11.1.4-h*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.1.4-h35 or 11.1.16 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003ePAN-OS 10.2\u003cbr\u003e\u003c/td\u003e\n                                \u003ctd\u003e10.2.17 through 10.2.18-h*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 10.2.18-h8 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e10.2.14 through 10.2.16-h*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 10.2.16-h9 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e10.2.11 through 10.2.13-h*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 10.2.13-h23 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e10.2.8 through 10.2.10-h*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 10.2.10-h39 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e10.2.0 through 10.2.7-h*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 10.2.7-h36 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eAll older\u003cbr\u003eunsupported\u003cbr\u003ePAN-OS versions\u003c/td\u003e\u003ctd\u003e\u0026nbsp;\u003c/td\u003e\u003ctd\u003eUpgrade to a supported fixed version.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePrisma Access All\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e"
                }
              ],
              "value": "Version\nMinor Version\nSuggested Solution\nCloud NGFW All\nNo action needed.\n                                PAN-OS 12.1\n\n                                12.1.5 through 12.1.7-h*\n                                Upgrade to 12.1.7-h2 or 12.1.8 or later.\n                            \n                                \n                                12.1.2 through 12.1.4-h*\n                                Upgrade to 12.1.4-h8 or 12.1.8 or later.\n                            \n                                PAN-OS 11.2\n\n                                11.2.11 through 11.2.12\n                                Upgrade to 11.2.13 or later.\n                            \n                                \n                                11.2.8 through 11.2.10-h*\n                                Upgrade to 11.2.10-h12 or 11.2.13 or later.\n                            \n                                \n                                11.2.5 through 11.2.7-h*\n                                Upgrade to 11.2.7-h18 or 11.2.13 or later.\n                            \n                                \n                                11.2.0 through 11.2.4-h*\n                                Upgrade to 11.2.4-h20 or 11.2.13 or later.\n                            \n                                PAN-OS 11.1\n\n                                11.1.14 through 11.1.15\n                                Upgrade to 11.1.16 or later.\n                            \n                                \n                                11.1.11 through 11.1.13-h*\n                                Upgrade to 11.1.13-h9 or 11.1.16 or later.\n                            \n                                \n                                11.1.8 through 11.1.10-h*\n                                Upgrade to 11.1.10-h30 or 11.1.16 or later.\n                            \n                                \n                                11.1.7 through 11.1.7-h*\n                                Upgrade to 11.1.7-h8 or 11.1.16 or later.\n                            \n                                \n                                11.1.5 through 11.1.6-h*\n                                Upgrade to 11.1.6-h35 or 11.1.16 or later.\n                            \n                                \n                                11.1.0 through 11.1.4-h*\n                                Upgrade to 11.1.4-h35 or 11.1.16 or later.\n                            \n                                PAN-OS 10.2\n\n                                10.2.17 through 10.2.18-h*\n                                Upgrade to 10.2.18-h8 or later.\n                            \n                                \n                                10.2.14 through 10.2.16-h*\n                                Upgrade to 10.2.16-h9 or later.\n                            \n                                \n                                10.2.11 through 10.2.13-h*\n                                Upgrade to 10.2.13-h23 or later.\n                            \n                                \n                                10.2.8 through 10.2.10-h*\n                                Upgrade to 10.2.10-h39 or later.\n                            \n                                \n                                10.2.0 through 10.2.7-h*\n                                Upgrade to 10.2.7-h36 or later.\n                            All older\nunsupported\nPAN-OS versions\u00a0Upgrade to a supported fixed version.Prisma Access All\nNo action needed."
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-08T16:00:00.000Z",
              "value": "Initial publication"
            }
          ],
          "title": "PAN-OS: Authentication Bypass Vulnerability in Large Scale VPN (LSVPN)",
          "workarounds": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eCustomers with a Threat Prevention subscription are provided with limited coverage against this vulnerability when enabling Threat ID 510032 (from Applications and Threats content version\u0026nbsp;9122-10145 and later).\u0026nbsp;\u003cbr\u003e\u003cbr\u003eTo ensure the Threat ID provides effective protection against this vulnerability, ensure that \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/globalprotect-articles/applying-vulnerability-protection-to-globalprotect-interfaces/ta-p/340184\"\u003evulnerability protection security profile is applied to your GlobalProtect interface\u003c/a\u003e.\u003c/p\u003e"
                }
              ],
              "value": "Customers with a Threat Prevention subscription are provided with limited coverage against this vulnerability when enabling Threat ID 510032 (from Applications and Threats content version\u00a09122-10145 and later).\u00a0\n\nTo ensure the Threat ID provides effective protection against this vulnerability, ensure that  vulnerability protection security profile is applied to your GlobalProtect interface https://live.paloaltonetworks.com/t5/globalprotect-articles/applying-vulnerability-protection-to-globalprotect-interfaces/ta-p/340184 ."
            }
          ],
          "x_affectedList": [
            "PAN-OS 12.1.7-h1",
            "PAN-OS 12.1.7",
            "PAN-OS 12.1.6",
            "PAN-OS 12.1.5",
            "PAN-OS 12.1.4-h7",
            "PAN-OS 12.1.4-h6",
            "PAN-OS 12.1.4-h5",
            "PAN-OS 12.1.4-h3",
            "PAN-OS 12.1.4-h2",
            "PAN-OS 12.1.4",
            "PAN-OS 12.1.3-h3",
            "PAN-OS 12.1.3-h1",
            "PAN-OS 12.1.3",
            "PAN-OS 12.1.2",
            "PAN-OS 11.2.12",
            "PAN-OS 11.2.11",
            "PAN-OS 11.2.10-h10",
            "PAN-OS 11.2.10-h9",
            "PAN-OS 11.2.10-h8",
            "PAN-OS 11.2.10-h7",
            "PAN-OS 11.2.10-h6",
            "PAN-OS 11.2.10-h5",
            "PAN-OS 11.2.10-h4",
            "PAN-OS 11.2.10-h3",
            "PAN-OS 11.2.10-h2",
            "PAN-OS 11.2.10-h1",
            "PAN-OS 11.2.10",
            "PAN-OS 11.2.9",
            "PAN-OS 11.2.8",
            "PAN-OS 11.2.7-h17",
            "PAN-OS 11.2.7-h16",
            "PAN-OS 11.2.7-h15",
            "PAN-OS 11.2.7-h14",
            "PAN-OS 11.2.7-h13",
            "PAN-OS 11.2.7-h12",
            "PAN-OS 11.2.7-h11",
            "PAN-OS 11.2.7-h10",
            "PAN-OS 11.2.7-h8",
            "PAN-OS 11.2.7-h7",
            "PAN-OS 11.2.7-h4",
            "PAN-OS 11.2.7-h3",
            "PAN-OS 11.2.7-h2",
            "PAN-OS 11.2.7-h1",
            "PAN-OS 11.2.7",
            "PAN-OS 11.2.6",
            "PAN-OS 11.2.5",
            "PAN-OS 11.2.4-h18",
            "PAN-OS 11.2.4-h17",
            "PAN-OS 11.2.4-h15",
            "PAN-OS 11.2.4-h14",
            "PAN-OS 11.2.4-h12",
            "PAN-OS 11.2.4-h11",
            "PAN-OS 11.2.4-h10",
            "PAN-OS 11.2.4-h9",
            "PAN-OS 11.2.4-h8",
            "PAN-OS 11.2.4-h7",
            "PAN-OS 11.2.4-h6",
            "PAN-OS 11.2.4-h5",
            "PAN-OS 11.2.4-h4",
            "PAN-OS 11.2.4-h3",
            "PAN-OS 11.2.4-h2",
            "PAN-OS 11.2.4-h1",
            "PAN-OS 11.2.4",
            "PAN-OS 11.2.3-h5",
            "PAN-OS 11.2.3-h4",
            "PAN-OS 11.2.3-h3",
            "PAN-OS 11.2.3-h2",
            "PAN-OS 11.2.3-h1",
            "PAN-OS 11.2.3",
            "PAN-OS 11.2.2-h2",
            "PAN-OS 11.2.2-h1",
            "PAN-OS 11.2.1-h1",
            "PAN-OS 11.2.1",
            "PAN-OS 11.2.0-h1",
            "PAN-OS 11.2.0",
            "PAN-OS 11.1.15",
            "PAN-OS 11.1.14",
            "PAN-OS 11.1.13-h8",
            "PAN-OS 11.1.13-h7",
            "PAN-OS 11.1.13-h6",
            "PAN-OS 11.1.13-h5",
            "PAN-OS 11.1.13-h3",
            "PAN-OS 11.1.13-h2",
            "PAN-OS 11.1.13-h1",
            "PAN-OS 11.1.13",
            "PAN-OS 11.1.12",
            "PAN-OS 11.1.11",
            "PAN-OS 11.1.10-h28",
            "PAN-OS 11.1.10-h27",
            "PAN-OS 11.1.10-h26",
            "PAN-OS 11.1.10-h25",
            "PAN-OS 11.1.10-h21",
            "PAN-OS 11.1.10-h12",
            "PAN-OS 11.1.10-h10",
            "PAN-OS 11.1.10-h9",
            "PAN-OS 11.1.10-h7",
            "PAN-OS 11.1.10-h5",
            "PAN-OS 11.1.10-h4",
            "PAN-OS 11.1.10-h1",
            "PAN-OS 11.1.10",
            "PAN-OS 11.1.9",
            "PAN-OS 11.1.8",
            "PAN-OS 11.1.6-h34",
            "PAN-OS 11.1.6-h33",
            "PAN-OS 11.1.6-h32",
            "PAN-OS 11.1.6-h29",
            "PAN-OS 11.1.6-h25",
            "PAN-OS 11.1.6-h23",
            "PAN-OS 11.1.6-h22",
            "PAN-OS 11.1.6-h21",
            "PAN-OS 11.1.6-h20",
            "PAN-OS 11.1.6-h19",
            "PAN-OS 11.1.6-h18",
            "PAN-OS 11.1.6-h17",
            "PAN-OS 11.1.6-h14",
            "PAN-OS 11.1.6-h10",
            "PAN-OS 11.1.6-h7",
            "PAN-OS 11.1.6-h6",
            "PAN-OS 11.1.6-h4",
            "PAN-OS 11.1.6-h3",
            "PAN-OS 11.1.6-h2",
            "PAN-OS 11.1.6-h1",
            "PAN-OS 11.1.6",
            "PAN-OS 11.1.5-h1",
            "PAN-OS 11.1.5",
            "PAN-OS 11.1.4-h34",
            "PAN-OS 11.1.4-h33",
            "PAN-OS 11.1.4-h32",
            "PAN-OS 11.1.4-h27",
            "PAN-OS 11.1.4-h25",
            "PAN-OS 11.1.4-h18",
            "PAN-OS 11.1.4-h17",
            "PAN-OS 11.1.4-h15",
            "PAN-OS 11.1.4-h13",
            "PAN-OS 11.1.4-h12",
            "PAN-OS 11.1.4-h11",
            "PAN-OS 11.1.4-h10",
            "PAN-OS 11.1.4-h9",
            "PAN-OS 11.1.4-h8",
            "PAN-OS 11.1.4-h7",
            "PAN-OS 11.1.4-h6",
            "PAN-OS 11.1.4-h5",
            "PAN-OS 11.1.4-h4",
            "PAN-OS 11.1.4-h3",
            "PAN-OS 11.1.4-h2",
            "PAN-OS 11.1.4-h1",
            "PAN-OS 11.1.4",
            "PAN-OS 11.1.3-h13",
            "PAN-OS 11.1.3-h12",
            "PAN-OS 11.1.3-h11",
            "PAN-OS 11.1.3-h10",
            "PAN-OS 11.1.3-h9",
            "PAN-OS 11.1.3-h8",
            "PAN-OS 11.1.3-h7",
            "PAN-OS 11.1.3-h6",
            "PAN-OS 11.1.3-h5",
            "PAN-OS 11.1.3-h4",
            "PAN-OS 11.1.3-h3",
            "PAN-OS 11.1.3-h2",
            "PAN-OS 11.1.3-h1",
            "PAN-OS 11.1.3",
            "PAN-OS 11.1.2-h18",
            "PAN-OS 11.1.2-h17",
            "PAN-OS 11.1.2-h16",
            "PAN-OS 11.1.2-h15",
            "PAN-OS 11.1.2-h14",
            "PAN-OS 11.1.2-h13",
            "PAN-OS 11.1.2-h12",
            "PAN-OS 11.1.2-h11",
            "PAN-OS 11.1.2-h10",
            "PAN-OS 11.1.2-h9",
            "PAN-OS 11.1.2-h8",
            "PAN-OS 11.1.2-h7",
            "PAN-OS 11.1.2-h6",
            "PAN-OS 11.1.2-h5",
            "PAN-OS 11.1.2-h4",
            "PAN-OS 11.1.2-h3",
            "PAN-OS 11.1.2-h2",
            "PAN-OS 11.1.2-h1",
            "PAN-OS 11.1.2",
            "PAN-OS 11.1.1-h2",
            "PAN-OS 11.1.1-h1",
            "PAN-OS 11.1.1",
            "PAN-OS 11.1.0-h4",
            "PAN-OS 11.1.0-h3",
            "PAN-OS 11.1.0-h2",
            "PAN-OS 11.1.0-h1",
            "PAN-OS 11.1.0",
            "PAN-OS 10.2.18-h7",
            "PAN-OS 10.2.18-h6",
            "PAN-OS 10.2.18-h5",
            "PAN-OS 10.2.18-h1",
            "PAN-OS 10.2.18",
            "PAN-OS 10.2.17",
            "PAN-OS 10.2.16-h8",
            "PAN-OS 10.2.16-h7",
            "PAN-OS 10.2.16-h6",
            "PAN-OS 10.2.16-h4",
            "PAN-OS 10.2.16-h1",
            "PAN-OS 10.2.16",
            "PAN-OS 10.2.15",
            "PAN-OS 10.2.14-h1",
            "PAN-OS 10.2.14",
            "PAN-OS 10.2.13-h22",
            "PAN-OS 10.2.13-h21",
            "PAN-OS 10.2.13-h18",
            "PAN-OS 10.2.13-h16",
            "PAN-OS 10.2.13-h15",
            "PAN-OS 10.2.13-h10",
            "PAN-OS 10.2.13-h7",
            "PAN-OS 10.2.13-h5",
            "PAN-OS 10.2.13-h4",
            "PAN-OS 10.2.13-h3",
            "PAN-OS 10.2.13-h2",
            "PAN-OS 10.2.13-h1",
            "PAN-OS 10.2.13",
            "PAN-OS 10.2.12-h6",
            "PAN-OS 10.2.12-h5",
            "PAN-OS 10.2.12-h4",
            "PAN-OS 10.2.12-h3",
            "PAN-OS 10.2.12-h2",
            "PAN-OS 10.2.12-h1",
            "PAN-OS 10.2.12",
            "PAN-OS 10.2.11-h13",
            "PAN-OS 10.2.11-h12",
            "PAN-OS 10.2.11-h11",
            "PAN-OS 10.2.11-h10",
            "PAN-OS 10.2.11-h9",
            "PAN-OS 10.2.11-h8",
            "PAN-OS 10.2.11-h7",
            "PAN-OS 10.2.11-h6",
            "PAN-OS 10.2.11-h5",
            "PAN-OS 10.2.11-h4",
            "PAN-OS 10.2.11-h3",
            "PAN-OS 10.2.11-h2",
            "PAN-OS 10.2.11-h1",
            "PAN-OS 10.2.11",
            "PAN-OS 10.2.10-h37",
            "PAN-OS 10.2.10-h36",
            "PAN-OS 10.2.10-h31",
            "PAN-OS 10.2.10-h30",
            "PAN-OS 10.2.10-h27",
            "PAN-OS 10.2.10-h26",
            "PAN-OS 10.2.10-h23",
            "PAN-OS 10.2.10-h21",
            "PAN-OS 10.2.10-h18",
            "PAN-OS 10.2.10-h17",
            "PAN-OS 10.2.10-h14",
            "PAN-OS 10.2.10-h13",
            "PAN-OS 10.2.10-h12",
            "PAN-OS 10.2.10-h11",
            "PAN-OS 10.2.10-h10",
            "PAN-OS 10.2.10-h9",
            "PAN-OS 10.2.10-h8",
            "PAN-OS 10.2.10-h7",
            "PAN-OS 10.2.10-h6",
            "PAN-OS 10.2.10-h5",
            "PAN-OS 10.2.10-h4",
            "PAN-OS 10.2.10-h3",
            "PAN-OS 10.2.10-h2",
            "PAN-OS 10.2.10-h1",
            "PAN-OS 10.2.10",
            "PAN-OS 10.2.9-h21",
            "PAN-OS 10.2.9-h20",
            "PAN-OS 10.2.9-h19",
            "PAN-OS 10.2.9-h18",
            "PAN-OS 10.2.9-h17",
            "PAN-OS 10.2.9-h16",
            "PAN-OS 10.2.9-h15",
            "PAN-OS 10.2.9-h14",
            "PAN-OS 10.2.9-h13",
            "PAN-OS 10.2.9-h12",
            "PAN-OS 10.2.9-h11",
            "PAN-OS 10.2.9-h10",
            "PAN-OS 10.2.9-h9",
            "PAN-OS 10.2.9-h8",
            "PAN-OS 10.2.9-h7",
            "PAN-OS 10.2.9-h6",
            "PAN-OS 10.2.9-h5",
            "PAN-OS 10.2.9-h4",
            "PAN-OS 10.2.9-h3",
            "PAN-OS 10.2.9-h2",
            "PAN-OS 10.2.9-h1",
            "PAN-OS 10.2.9",
            "PAN-OS 10.2.8-h21",
            "PAN-OS 10.2.8-h20",
            "PAN-OS 10.2.8-h19",
            "PAN-OS 10.2.8-h18",
            "PAN-OS 10.2.8-h17",
            "PAN-OS 10.2.8-h16",
            "PAN-OS 10.2.8-h15",
            "PAN-OS 10.2.8-h14",
            "PAN-OS 10.2.8-h13",
            "PAN-OS 10.2.8-h12",
            "PAN-OS 10.2.8-h11",
            "PAN-OS 10.2.8-h10",
            "PAN-OS 10.2.8-h9",
            "PAN-OS 10.2.8-h8",
            "PAN-OS 10.2.8-h7",
            "PAN-OS 10.2.8-h6",
            "PAN-OS 10.2.8-h5",
            "PAN-OS 10.2.8-h4",
            "PAN-OS 10.2.8-h3",
            "PAN-OS 10.2.8-h2",
            "PAN-OS 10.2.8-h1",
            "PAN-OS 10.2.8",
            "PAN-OS 10.2.7-h35",
            "PAN-OS 10.2.7-h34",
            "PAN-OS 10.2.7-h32",
            "PAN-OS 10.2.7-h24",
            "PAN-OS 10.2.7-h23",
            "PAN-OS 10.2.7-h22",
            "PAN-OS 10.2.7-h21",
            "PAN-OS 10.2.7-h20",
            "PAN-OS 10.2.7-h19",
            "PAN-OS 10.2.7-h18",
            "PAN-OS 10.2.7-h17",
            "PAN-OS 10.2.7-h16",
            "PAN-OS 10.2.7-h15",
            "PAN-OS 10.2.7-h14",
            "PAN-OS 10.2.7-h13",
            "PAN-OS 10.2.7-h12",
            "PAN-OS 10.2.7-h11",
            "PAN-OS 10.2.7-h10",
            "PAN-OS 10.2.7-h9",
            "PAN-OS 10.2.7-h8",
            "PAN-OS 10.2.7-h7",
            "PAN-OS 10.2.7-h6",
            "PAN-OS 10.2.7-h5",
            "PAN-OS 10.2.7-h4",
            "PAN-OS 10.2.7-h3",
            "PAN-OS 10.2.7-h2",
            "PAN-OS 10.2.7-h1",
            "PAN-OS 10.2.7",
            "PAN-OS 10.2.6-h6",
            "PAN-OS 10.2.6-h5",
            "PAN-OS 10.2.6-h4",
            "PAN-OS 10.2.6-h3",
            "PAN-OS 10.2.6-h2",
            "PAN-OS 10.2.6-h1",
            "PAN-OS 10.2.6",
            "PAN-OS 10.2.5-h9",
            "PAN-OS 10.2.5-h8",
            "PAN-OS 10.2.5-h7",
            "PAN-OS 10.2.5-h6",
            "PAN-OS 10.2.5-h5",
            "PAN-OS 10.2.5-h4",
            "PAN-OS 10.2.5-h3",
            "PAN-OS 10.2.5-h2",
            "PAN-OS 10.2.5-h1",
            "PAN-OS 10.2.5",
            "PAN-OS 10.2.4-h32",
            "PAN-OS 10.2.4-h31",
            "PAN-OS 10.2.4-h30",
            "PAN-OS 10.2.4-h29",
            "PAN-OS 10.2.4-h28",
            "PAN-OS 10.2.4-h27",
            "PAN-OS 10.2.4-h26",
            "PAN-OS 10.2.4-h25",
            "PAN-OS 10.2.4-h24",
            "PAN-OS 10.2.4-h23",
            "PAN-OS 10.2.4-h22",
            "PAN-OS 10.2.4-h21",
            "PAN-OS 10.2.4-h20",
            "PAN-OS 10.2.4-h19",
            "PAN-OS 10.2.4-h18",
            "PAN-OS 10.2.4-h17",
            "PAN-OS 10.2.4-h16",
            "PAN-OS 10.2.4-h15",
            "PAN-OS 10.2.4-h14",
            "PAN-OS 10.2.4-h13",
            "PAN-OS 10.2.4-h12",
            "PAN-OS 10.2.4-h11",
            "PAN-OS 10.2.4-h10",
            "PAN-OS 10.2.4-h9",
            "PAN-OS 10.2.4-h8",
            "PAN-OS 10.2.4-h7",
            "PAN-OS 10.2.4-h6",
            "PAN-OS 10.2.4-h5",
            "PAN-OS 10.2.4-h4",
            "PAN-OS 10.2.4-h3",
            "PAN-OS 10.2.4-h2",
            "PAN-OS 10.2.4-h1",
            "PAN-OS 10.2.4",
            "PAN-OS 10.2.3-h14",
            "PAN-OS 10.2.3-h13",
            "PAN-OS 10.2.3-h12",
            "PAN-OS 10.2.3-h11",
            "PAN-OS 10.2.3-h10",
            "PAN-OS 10.2.3-h9",
            "PAN-OS 10.2.3-h8",
            "PAN-OS 10.2.3-h7",
            "PAN-OS 10.2.3-h6",
            "PAN-OS 10.2.3-h5",
            "PAN-OS 10.2.3-h4",
            "PAN-OS 10.2.3-h3",
            "PAN-OS 10.2.3-h2",
            "PAN-OS 10.2.3-h1",
            "PAN-OS 10.2.3",
            "PAN-OS 10.2.2-h6",
            "PAN-OS 10.2.2-h5",
            "PAN-OS 10.2.2-h4",
            "PAN-OS 10.2.2-h3",
            "PAN-OS 10.2.2-h2",
            "PAN-OS 10.2.2-h1",
            "PAN-OS 10.2.2",
            "PAN-OS 10.2.1-h3",
            "PAN-OS 10.2.1-h2",
            "PAN-OS 10.2.1-h1",
            "PAN-OS 10.2.1",
            "PAN-OS 10.2.0-h4",
            "PAN-OS 10.2.0-h3",
            "PAN-OS 10.2.0-h2",
            "PAN-OS 10.2.0-h1",
            "PAN-OS 10.2.0"
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "assignerShortName": "palo_alto",
        "cveId": "CVE-2026-0283",
        "datePublished": "2026-07-09T19:01:34.210Z",
        "dateReserved": "2025-11-03T20:44:41.929Z",
        "dateUpdated": "2026-07-09T19:25:07.889Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0284 (GCVE-0-2026-0284)

    Vulnerability from cvelistv5 – Published: 2026-07-09 18:59 – Updated: 2026-07-09 19:25
    VLAI
    Title
    PAN-OS: XML Injection Vulnerability in Large Scale VPN (LSVPN)
    Summary
    An XML injection vulnerability in the Large Scale VPN (LSVPN) functionality of Palo Alto Networks PAN-OS® software enables an unauthenticated attacker with network access to inject malicious XML content, potentially leading to information disclosure or corruption of internal LSVPN satellite data. Panorama, Cloud NGFW, and Prisma® Access are not impacted by this vulnerability.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Palo Alto Networks Cloud NGFW Unaffected: All (custom)
    Create a notification for this product.
    Palo Alto Networks PAN-OS Affected: 12.1.0 , < 12.1.4-h8 (custom)
    Affected: 11.2.0 , < 11.2.4-h20 (custom)
    Affected: 11.1.0 , < 11.1.4-h35 (custom)
    Affected: 10.2.0 , < 10.2.7-h36 (custom)
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.12:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h13:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.15:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.14:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h26:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h25:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h32:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h29:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h25:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h23:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h22:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h20:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h19:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h33:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h32:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h27:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h25:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h13:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h16:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h36:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h31:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h30:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h27:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h26:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h23:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h13:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h34:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h32:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h24:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h23:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h22:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h20:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h19:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h16:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h13:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Palo Alto Networks Prisma Access Unaffected: All (custom)
    Create a notification for this product.
    Date Public
    2026-07-08 16:00
    Credits
    our internal security research teams
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0284",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T19:25:21.473868Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T19:25:27.319Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Cloud NGFW",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h13:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h26:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h25:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h32:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h29:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h25:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h23:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h22:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h20:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h19:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h33:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h32:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h27:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h25:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h13:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h16:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h36:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h31:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h30:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h27:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h26:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h23:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h13:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h34:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h32:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h24:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h23:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h22:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h20:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h19:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h16:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h13:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "PAN-OS",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "12.1.4-h8",
                      "status": "unaffected"
                    },
                    {
                      "at": "12.1.7-h2",
                      "status": "unaffected"
                    },
                    {
                      "at": "12.1.8",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "12.1.4-h8",
                  "status": "affected",
                  "version": "12.1.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "11.2.4-h20",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.2.7-h18",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.2.10-h12",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.2.13",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "11.2.4-h20",
                  "status": "affected",
                  "version": "11.2.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "11.1.4-h35",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.6-h35",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.7-h8",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.10-h30",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.13-h9",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.16",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "11.1.4-h35",
                  "status": "affected",
                  "version": "11.1.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "10.2.7-h36",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.10-h39",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.13-h23",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.16-h9",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.18-h8",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "10.2.7-h36",
                  "status": "affected",
                  "version": "10.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Prisma Access",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "configurations": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "This issue is applicable only to firewalls using Large Scale VPN (LSVPN) with configured satellites.\u003cbr\u003e\u003cbr\u003eTo check if your firewall has LSVPN satellites configured, run the following from the PAN-OS CLI:\u003cbr\u003e\u003ccode\u003eshow config running | match satellite\u003c/code\u003e\u003cbr\u003e\u003cbr\u003eIf output is returned, LSVPN is in use.\u003cbr\u003e\u003cp\u003eYou can also verify in the web interface by navigating to \u003cb\u003eNetwork \u0026gt; GlobalProtect \u0026gt; Portals\u003c/b\u003e, selecting each portal, and checking whether the \u003cb\u003eSatellite\u003c/b\u003e tab contains any \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/ngfw/administration/large-scale-vpn-lsvpn/configure-the-globalprotect-portal-for-lsvpn/define-the-satellite-configurations\"\u003econfigured satellites\u003c/a\u003e.\u003c/p\u003e"
                }
              ],
              "value": "This issue is applicable only to firewalls using Large Scale VPN (LSVPN) with configured satellites.\n\nTo check if your firewall has LSVPN satellites configured, run the following from the PAN-OS CLI:\nshow config running | match satellite\n\nIf output is returned, LSVPN is in use.\n\n\nYou can also verify in the web interface by navigating to Network \u003e GlobalProtect \u003e Portals, selecting each portal, and checking whether the Satellite tab contains any  configured satellites https://docs.paloaltonetworks.com/ngfw/administration/large-scale-vpn-lsvpn/configure-the-globalprotect-portal-for-lsvpn/define-the-satellite-configurations ."
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "12.1.4-h8",
                      "versionStartIncluding": "12.1.4",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "12.1.7-h2",
                      "versionStartIncluding": "12.1.7",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "12.1.8",
                      "versionStartIncluding": "12.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.2.4-h20",
                      "versionStartIncluding": "11.2.4",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.2.7-h18",
                      "versionStartIncluding": "11.2.7",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.2.10-h12",
                      "versionStartIncluding": "11.2.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.2.13",
                      "versionStartIncluding": "11.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.4-h35",
                      "versionStartIncluding": "11.1.4",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.6-h35",
                      "versionStartIncluding": "11.1.6",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.7-h8",
                      "versionStartIncluding": "11.1.7",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.10-h30",
                      "versionStartIncluding": "11.1.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.13-h9",
                      "versionStartIncluding": "11.1.13",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.16",
                      "versionStartIncluding": "11.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.7-h36",
                      "versionStartIncluding": "10.2.7",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.10-h39",
                      "versionStartIncluding": "10.2.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.13-h23",
                      "versionStartIncluding": "10.2.13",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.16-h9",
                      "versionStartIncluding": "10.2.16",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.18-h8",
                      "versionStartIncluding": "10.2.18",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "our internal security research teams"
            }
          ],
          "datePublic": "2026-07-08T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An XML injection vulnerability in the Large Scale VPN (LSVPN) functionality of Palo Alto Networks PAN-OS\u00ae software enables an unauthenticated attacker with network access to inject malicious XML content, potentially leading to information disclosure or corruption of internal LSVPN satellite data.\u003cbr\u003e\u003cbr\u003ePanorama, Cloud NGFW, and Prisma\u00ae Access are not impacted by this vulnerability."
                }
              ],
              "value": "An XML injection vulnerability in the Large Scale VPN (LSVPN) functionality of Palo Alto Networks PAN-OS\u00ae software enables an unauthenticated attacker with network access to inject malicious XML content, potentially leading to information disclosure or corruption of internal LSVPN satellite data.\n\nPanorama, Cloud NGFW, and Prisma\u00ae Access are not impacted by this vulnerability."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
                }
              ],
              "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-250",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-250 XML Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NO",
                "Recovery": "AUTOMATIC",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "UNREPORTED",
                "privilegesRequired": "NONE",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "LOW",
                "userInteraction": "NONE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:H/SI:L/SA:L/E:U/AU:N/R:A/V:D/RE:M/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T18:59:57.586Z",
            "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
            "shortName": "palo_alto"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.paloaltonetworks.com/CVE-2026-0284"
            }
          ],
          "solutions": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003ctable\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eVersion\u003c/th\u003e\u003cth\u003eMinor Version Range\u003c/th\u003e\u003cth\u003eSuggested Solution\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eCloud NGFW\u003c/td\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 12.1\u003c/td\u003e\u003ctd\u003e12.1.5 through 12.1.7-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 12.1.7-h2 or 12.1.8 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e12.1.2 through 12.1.4-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 12.1.4-h8 or 12.1.8 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 11.2\u003c/td\u003e\u003ctd\u003e11.2.11 through 11.2.12\u003c/td\u003e\u003ctd\u003eUpgrade to 11.2.13 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.2.8 through 11.2.10-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.2.10-h12 or 11.2.13 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.2.5 through 11.2.7-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.2.7-h18 or 11.2.13 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.2.0 through 11.2.4-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.2.4-h20 or 11.2.13 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 11.1\u003c/td\u003e\u003ctd\u003e11.1.14 through 11.1.15\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.16 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.1.11 through 11.1.13-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.13-h9 or 11.1.16 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.1.8 through 11.1.10-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.10-h30 or 11.1.16 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.1.7 through 11.1.7-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.7-h8 or 11.1.16 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.1.5 through 11.1.6-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.6-h35 or 11.1.16 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.1.0 through 11.1.4-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.4-h35 or 11.1.16 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 10.2\u003c/td\u003e\u003ctd\u003e10.2.17 through 10.2.18-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 10.2.18-h8 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e10.2.14 through 10.2.16-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 10.2.16-h9 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e10.2.11 through 10.2.13-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 10.2.13-h23 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e10.2.8 through 10.2.10-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 10.2.10-h39 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e10.2.0 through 10.2.7-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 10.2.7-h36 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eAll other older\u003cbr\u003eunsupported\u003cbr\u003ePAN-OS versions\u003c/td\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003eUpgrade to a supported fixed version.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePrisma Access\u003c/td\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e"
                }
              ],
              "value": "VersionMinor Version RangeSuggested SolutionCloud NGFW\nNo action needed.PAN-OS 12.112.1.5 through 12.1.7-h*Upgrade to 12.1.7-h2 or 12.1.8 or later.\n12.1.2 through 12.1.4-h*Upgrade to 12.1.4-h8 or 12.1.8 or later.PAN-OS 11.211.2.11 through 11.2.12Upgrade to 11.2.13 or later.\n11.2.8 through 11.2.10-h*Upgrade to 11.2.10-h12 or 11.2.13 or later.\n11.2.5 through 11.2.7-h*Upgrade to 11.2.7-h18 or 11.2.13 or later.\n11.2.0 through 11.2.4-h*Upgrade to 11.2.4-h20 or 11.2.13 or later.PAN-OS 11.111.1.14 through 11.1.15Upgrade to 11.1.16 or later.\n11.1.11 through 11.1.13-h*Upgrade to 11.1.13-h9 or 11.1.16 or later.\n11.1.8 through 11.1.10-h*Upgrade to 11.1.10-h30 or 11.1.16 or later.\n11.1.7 through 11.1.7-h*Upgrade to 11.1.7-h8 or 11.1.16 or later.\n11.1.5 through 11.1.6-h*Upgrade to 11.1.6-h35 or 11.1.16 or later.\n11.1.0 through 11.1.4-h*Upgrade to 11.1.4-h35 or 11.1.16 or later.PAN-OS 10.210.2.17 through 10.2.18-h*Upgrade to 10.2.18-h8 or later.\n10.2.14 through 10.2.16-h*Upgrade to 10.2.16-h9 or later.\n10.2.11 through 10.2.13-h*Upgrade to 10.2.13-h23 or later.\n10.2.8 through 10.2.10-h*Upgrade to 10.2.10-h39 or later.\n10.2.0 through 10.2.7-h*Upgrade to 10.2.7-h36 or later.All other older\nunsupported\nPAN-OS versions\nUpgrade to a supported fixed version.Prisma Access\nNo action needed."
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-08T16:00:00.000Z",
              "value": "Initial publication"
            }
          ],
          "title": "PAN-OS: XML Injection Vulnerability in Large Scale VPN (LSVPN)",
          "workarounds": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "No known workarounds exist for this issue.\u003cbr\u003e\u003cbr\u003eCustomers with a Threat Prevention subscription are provided with limited coverage against this vulnerability by enabling Threat ID 510031 (from Applications and Threats content version\u0026nbsp;9122-10145 and later).\u003cbr\u003e\u003cp\u003eTo ensure the Threat ID provides effective protection against this vulnerability, ensure that \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/globalprotect-articles/applying-vulnerability-protection-to-globalprotect-interfaces/ta-p/340184\"\u003evulnerability protection security profile is applied to your GlobalProtect interface\u003c/a\u003e.\u003c/p\u003e"
                }
              ],
              "value": "No known workarounds exist for this issue.\n\nCustomers with a Threat Prevention subscription are provided with limited coverage against this vulnerability by enabling Threat ID 510031 (from Applications and Threats content version\u00a09122-10145 and later).\n\n\nTo ensure the Threat ID provides effective protection against this vulnerability, ensure that  vulnerability protection security profile is applied to your GlobalProtect interface https://live.paloaltonetworks.com/t5/globalprotect-articles/applying-vulnerability-protection-to-globalprotect-interfaces/ta-p/340184 ."
            }
          ],
          "x_affectedList": [
            "PAN-OS 12.1.7",
            "PAN-OS 12.1.6",
            "PAN-OS 12.1.5",
            "PAN-OS 12.1.4-h6",
            "PAN-OS 12.1.4-h5",
            "PAN-OS 12.1.4-h3",
            "PAN-OS 12.1.4-h2",
            "PAN-OS 12.1.4",
            "PAN-OS 12.1.3-h3",
            "PAN-OS 12.1.3-h1",
            "PAN-OS 12.1.3",
            "PAN-OS 12.1.2",
            "PAN-OS 11.2.12",
            "PAN-OS 11.2.11",
            "PAN-OS 11.2.10-h8",
            "PAN-OS 11.2.10-h7",
            "PAN-OS 11.2.10-h6",
            "PAN-OS 11.2.10-h5",
            "PAN-OS 11.2.10-h4",
            "PAN-OS 11.2.10-h3",
            "PAN-OS 11.2.10-h2",
            "PAN-OS 11.2.10-h1",
            "PAN-OS 11.2.10",
            "PAN-OS 11.2.9",
            "PAN-OS 11.2.8",
            "PAN-OS 11.2.7-h15",
            "PAN-OS 11.2.7-h14",
            "PAN-OS 11.2.7-h13",
            "PAN-OS 11.2.7-h12",
            "PAN-OS 11.2.7-h11",
            "PAN-OS 11.2.7-h10",
            "PAN-OS 11.2.7-h8",
            "PAN-OS 11.2.7-h7",
            "PAN-OS 11.2.7-h4",
            "PAN-OS 11.2.7-h3",
            "PAN-OS 11.2.7-h2",
            "PAN-OS 11.2.7-h1",
            "PAN-OS 11.2.7",
            "PAN-OS 11.2.6",
            "PAN-OS 11.2.5",
            "PAN-OS 11.2.4-h17",
            "PAN-OS 11.2.4-h15",
            "PAN-OS 11.2.4-h14",
            "PAN-OS 11.2.4-h12",
            "PAN-OS 11.2.4-h11",
            "PAN-OS 11.2.4-h10",
            "PAN-OS 11.2.4-h9",
            "PAN-OS 11.2.4-h8",
            "PAN-OS 11.2.4-h7",
            "PAN-OS 11.2.4-h6",
            "PAN-OS 11.2.4-h5",
            "PAN-OS 11.2.4-h4",
            "PAN-OS 11.2.4-h3",
            "PAN-OS 11.2.4-h2",
            "PAN-OS 11.2.4-h1",
            "PAN-OS 11.2.4",
            "PAN-OS 11.2.3-h5",
            "PAN-OS 11.2.3-h4",
            "PAN-OS 11.2.3-h3",
            "PAN-OS 11.2.3-h2",
            "PAN-OS 11.2.3-h1",
            "PAN-OS 11.2.3",
            "PAN-OS 11.2.2-h2",
            "PAN-OS 11.2.2-h1",
            "PAN-OS 11.2.1-h1",
            "PAN-OS 11.2.1",
            "PAN-OS 11.2.0-h1",
            "PAN-OS 11.2.0",
            "PAN-OS 11.1.15",
            "PAN-OS 11.1.14",
            "PAN-OS 11.1.13-h6",
            "PAN-OS 11.1.13-h5",
            "PAN-OS 11.1.13-h3",
            "PAN-OS 11.1.13-h2",
            "PAN-OS 11.1.13-h1",
            "PAN-OS 11.1.13",
            "PAN-OS 11.1.12",
            "PAN-OS 11.1.11",
            "PAN-OS 11.1.10-h26",
            "PAN-OS 11.1.10-h25",
            "PAN-OS 11.1.10-h21",
            "PAN-OS 11.1.10-h12",
            "PAN-OS 11.1.10-h10",
            "PAN-OS 11.1.10-h9",
            "PAN-OS 11.1.10-h7",
            "PAN-OS 11.1.10-h5",
            "PAN-OS 11.1.10-h4",
            "PAN-OS 11.1.10-h1",
            "PAN-OS 11.1.10",
            "PAN-OS 11.1.9",
            "PAN-OS 11.1.8",
            "PAN-OS 11.1.6-h32",
            "PAN-OS 11.1.6-h29",
            "PAN-OS 11.1.6-h25",
            "PAN-OS 11.1.6-h23",
            "PAN-OS 11.1.6-h22",
            "PAN-OS 11.1.6-h21",
            "PAN-OS 11.1.6-h20",
            "PAN-OS 11.1.6-h19",
            "PAN-OS 11.1.6-h18",
            "PAN-OS 11.1.6-h17",
            "PAN-OS 11.1.6-h14",
            "PAN-OS 11.1.6-h10",
            "PAN-OS 11.1.6-h7",
            "PAN-OS 11.1.6-h6",
            "PAN-OS 11.1.6-h4",
            "PAN-OS 11.1.6-h3",
            "PAN-OS 11.1.6-h2",
            "PAN-OS 11.1.6-h1",
            "PAN-OS 11.1.6",
            "PAN-OS 11.1.5-h1",
            "PAN-OS 11.1.5",
            "PAN-OS 11.1.4-h33",
            "PAN-OS 11.1.4-h32",
            "PAN-OS 11.1.4-h27",
            "PAN-OS 11.1.4-h25",
            "PAN-OS 11.1.4-h18",
            "PAN-OS 11.1.4-h17",
            "PAN-OS 11.1.4-h15",
            "PAN-OS 11.1.4-h13",
            "PAN-OS 11.1.4-h12",
            "PAN-OS 11.1.4-h11",
            "PAN-OS 11.1.4-h10",
            "PAN-OS 11.1.4-h9",
            "PAN-OS 11.1.4-h8",
            "PAN-OS 11.1.4-h7",
            "PAN-OS 11.1.4-h6",
            "PAN-OS 11.1.4-h5",
            "PAN-OS 11.1.4-h4",
            "PAN-OS 11.1.4-h3",
            "PAN-OS 11.1.4-h2",
            "PAN-OS 11.1.4-h1",
            "PAN-OS 11.1.4",
            "PAN-OS 11.1.3-h13",
            "PAN-OS 11.1.3-h12",
            "PAN-OS 11.1.3-h11",
            "PAN-OS 11.1.3-h10",
            "PAN-OS 11.1.3-h9",
            "PAN-OS 11.1.3-h8",
            "PAN-OS 11.1.3-h7",
            "PAN-OS 11.1.3-h6",
            "PAN-OS 11.1.3-h5",
            "PAN-OS 11.1.3-h4",
            "PAN-OS 11.1.3-h3",
            "PAN-OS 11.1.3-h2",
            "PAN-OS 11.1.3-h1",
            "PAN-OS 11.1.3",
            "PAN-OS 11.1.2-h18",
            "PAN-OS 11.1.2-h17",
            "PAN-OS 11.1.2-h16",
            "PAN-OS 11.1.2-h15",
            "PAN-OS 11.1.2-h14",
            "PAN-OS 11.1.2-h13",
            "PAN-OS 11.1.2-h12",
            "PAN-OS 11.1.2-h11",
            "PAN-OS 11.1.2-h10",
            "PAN-OS 11.1.2-h9",
            "PAN-OS 11.1.2-h8",
            "PAN-OS 11.1.2-h7",
            "PAN-OS 11.1.2-h6",
            "PAN-OS 11.1.2-h5",
            "PAN-OS 11.1.2-h4",
            "PAN-OS 11.1.2-h3",
            "PAN-OS 11.1.2-h2",
            "PAN-OS 11.1.2-h1",
            "PAN-OS 11.1.2",
            "PAN-OS 11.1.1-h2",
            "PAN-OS 11.1.1-h1",
            "PAN-OS 11.1.1",
            "PAN-OS 11.1.0-h4",
            "PAN-OS 11.1.0-h3",
            "PAN-OS 11.1.0-h2",
            "PAN-OS 11.1.0-h1",
            "PAN-OS 11.1.0",
            "PAN-OS 10.2.18-h6",
            "PAN-OS 10.2.18-h5",
            "PAN-OS 10.2.18-h1",
            "PAN-OS 10.2.18",
            "PAN-OS 10.2.17",
            "PAN-OS 10.2.16-h7",
            "PAN-OS 10.2.16-h6",
            "PAN-OS 10.2.16-h4",
            "PAN-OS 10.2.16-h1",
            "PAN-OS 10.2.16",
            "PAN-OS 10.2.15",
            "PAN-OS 10.2.14-h1",
            "PAN-OS 10.2.14",
            "PAN-OS 10.2.13-h21",
            "PAN-OS 10.2.13-h18",
            "PAN-OS 10.2.13-h16",
            "PAN-OS 10.2.13-h15",
            "PAN-OS 10.2.13-h10",
            "PAN-OS 10.2.13-h7",
            "PAN-OS 10.2.13-h5",
            "PAN-OS 10.2.13-h4",
            "PAN-OS 10.2.13-h3",
            "PAN-OS 10.2.13-h2",
            "PAN-OS 10.2.13-h1",
            "PAN-OS 10.2.13",
            "PAN-OS 10.2.12-h6",
            "PAN-OS 10.2.12-h5",
            "PAN-OS 10.2.12-h4",
            "PAN-OS 10.2.12-h3",
            "PAN-OS 10.2.12-h2",
            "PAN-OS 10.2.12-h1",
            "PAN-OS 10.2.12",
            "PAN-OS 10.2.11-h13",
            "PAN-OS 10.2.11-h12",
            "PAN-OS 10.2.11-h11",
            "PAN-OS 10.2.11-h10",
            "PAN-OS 10.2.11-h9",
            "PAN-OS 10.2.11-h8",
            "PAN-OS 10.2.11-h7",
            "PAN-OS 10.2.11-h6",
            "PAN-OS 10.2.11-h5",
            "PAN-OS 10.2.11-h4",
            "PAN-OS 10.2.11-h3",
            "PAN-OS 10.2.11-h2",
            "PAN-OS 10.2.11-h1",
            "PAN-OS 10.2.11",
            "PAN-OS 10.2.10-h36",
            "PAN-OS 10.2.10-h31",
            "PAN-OS 10.2.10-h30",
            "PAN-OS 10.2.10-h27",
            "PAN-OS 10.2.10-h26",
            "PAN-OS 10.2.10-h23",
            "PAN-OS 10.2.10-h21",
            "PAN-OS 10.2.10-h18",
            "PAN-OS 10.2.10-h17",
            "PAN-OS 10.2.10-h14",
            "PAN-OS 10.2.10-h13",
            "PAN-OS 10.2.10-h12",
            "PAN-OS 10.2.10-h11",
            "PAN-OS 10.2.10-h10",
            "PAN-OS 10.2.10-h9",
            "PAN-OS 10.2.10-h8",
            "PAN-OS 10.2.10-h7",
            "PAN-OS 10.2.10-h6",
            "PAN-OS 10.2.10-h5",
            "PAN-OS 10.2.10-h4",
            "PAN-OS 10.2.10-h3",
            "PAN-OS 10.2.10-h2",
            "PAN-OS 10.2.10-h1",
            "PAN-OS 10.2.10",
            "PAN-OS 10.2.9-h21",
            "PAN-OS 10.2.9-h20",
            "PAN-OS 10.2.9-h19",
            "PAN-OS 10.2.9-h18",
            "PAN-OS 10.2.9-h17",
            "PAN-OS 10.2.9-h16",
            "PAN-OS 10.2.9-h15",
            "PAN-OS 10.2.9-h14",
            "PAN-OS 10.2.9-h13",
            "PAN-OS 10.2.9-h12",
            "PAN-OS 10.2.9-h11",
            "PAN-OS 10.2.9-h10",
            "PAN-OS 10.2.9-h9",
            "PAN-OS 10.2.9-h8",
            "PAN-OS 10.2.9-h7",
            "PAN-OS 10.2.9-h6",
            "PAN-OS 10.2.9-h5",
            "PAN-OS 10.2.9-h4",
            "PAN-OS 10.2.9-h3",
            "PAN-OS 10.2.9-h2",
            "PAN-OS 10.2.9-h1",
            "PAN-OS 10.2.9",
            "PAN-OS 10.2.8-h21",
            "PAN-OS 10.2.8-h20",
            "PAN-OS 10.2.8-h19",
            "PAN-OS 10.2.8-h18",
            "PAN-OS 10.2.8-h17",
            "PAN-OS 10.2.8-h16",
            "PAN-OS 10.2.8-h15",
            "PAN-OS 10.2.8-h14",
            "PAN-OS 10.2.8-h13",
            "PAN-OS 10.2.8-h12",
            "PAN-OS 10.2.8-h11",
            "PAN-OS 10.2.8-h10",
            "PAN-OS 10.2.8-h9",
            "PAN-OS 10.2.8-h8",
            "PAN-OS 10.2.8-h7",
            "PAN-OS 10.2.8-h6",
            "PAN-OS 10.2.8-h5",
            "PAN-OS 10.2.8-h4",
            "PAN-OS 10.2.8-h3",
            "PAN-OS 10.2.8-h2",
            "PAN-OS 10.2.8-h1",
            "PAN-OS 10.2.8",
            "PAN-OS 10.2.7-h34",
            "PAN-OS 10.2.7-h32",
            "PAN-OS 10.2.7-h24",
            "PAN-OS 10.2.7-h23",
            "PAN-OS 10.2.7-h22",
            "PAN-OS 10.2.7-h21",
            "PAN-OS 10.2.7-h20",
            "PAN-OS 10.2.7-h19",
            "PAN-OS 10.2.7-h18",
            "PAN-OS 10.2.7-h17",
            "PAN-OS 10.2.7-h16",
            "PAN-OS 10.2.7-h15",
            "PAN-OS 10.2.7-h14",
            "PAN-OS 10.2.7-h13",
            "PAN-OS 10.2.7-h12",
            "PAN-OS 10.2.7-h11",
            "PAN-OS 10.2.7-h10",
            "PAN-OS 10.2.7-h9",
            "PAN-OS 10.2.7-h8",
            "PAN-OS 10.2.7-h7",
            "PAN-OS 10.2.7-h6",
            "PAN-OS 10.2.7-h5",
            "PAN-OS 10.2.7-h4",
            "PAN-OS 10.2.7-h3",
            "PAN-OS 10.2.7-h2",
            "PAN-OS 10.2.7-h1",
            "PAN-OS 10.2.7",
            "PAN-OS 10.2.6-h6",
            "PAN-OS 10.2.6-h5",
            "PAN-OS 10.2.6-h4",
            "PAN-OS 10.2.6-h3",
            "PAN-OS 10.2.6-h2",
            "PAN-OS 10.2.6-h1",
            "PAN-OS 10.2.6",
            "PAN-OS 10.2.5-h9",
            "PAN-OS 10.2.5-h8",
            "PAN-OS 10.2.5-h7",
            "PAN-OS 10.2.5-h6",
            "PAN-OS 10.2.5-h5",
            "PAN-OS 10.2.5-h4",
            "PAN-OS 10.2.5-h3",
            "PAN-OS 10.2.5-h2",
            "PAN-OS 10.2.5-h1",
            "PAN-OS 10.2.5",
            "PAN-OS 10.2.4-h32",
            "PAN-OS 10.2.4-h31",
            "PAN-OS 10.2.4-h30",
            "PAN-OS 10.2.4-h29",
            "PAN-OS 10.2.4-h28",
            "PAN-OS 10.2.4-h27",
            "PAN-OS 10.2.4-h26",
            "PAN-OS 10.2.4-h25",
            "PAN-OS 10.2.4-h24",
            "PAN-OS 10.2.4-h23",
            "PAN-OS 10.2.4-h22",
            "PAN-OS 10.2.4-h21",
            "PAN-OS 10.2.4-h20",
            "PAN-OS 10.2.4-h19",
            "PAN-OS 10.2.4-h18",
            "PAN-OS 10.2.4-h17",
            "PAN-OS 10.2.4-h16",
            "PAN-OS 10.2.4-h15",
            "PAN-OS 10.2.4-h14",
            "PAN-OS 10.2.4-h13",
            "PAN-OS 10.2.4-h12",
            "PAN-OS 10.2.4-h11",
            "PAN-OS 10.2.4-h10",
            "PAN-OS 10.2.4-h9",
            "PAN-OS 10.2.4-h8",
            "PAN-OS 10.2.4-h7",
            "PAN-OS 10.2.4-h6",
            "PAN-OS 10.2.4-h5",
            "PAN-OS 10.2.4-h4",
            "PAN-OS 10.2.4-h3",
            "PAN-OS 10.2.4-h2",
            "PAN-OS 10.2.4-h1",
            "PAN-OS 10.2.4",
            "PAN-OS 10.2.3-h14",
            "PAN-OS 10.2.3-h13",
            "PAN-OS 10.2.3-h12",
            "PAN-OS 10.2.3-h11",
            "PAN-OS 10.2.3-h10",
            "PAN-OS 10.2.3-h9",
            "PAN-OS 10.2.3-h8",
            "PAN-OS 10.2.3-h7",
            "PAN-OS 10.2.3-h6",
            "PAN-OS 10.2.3-h5",
            "PAN-OS 10.2.3-h4",
            "PAN-OS 10.2.3-h3",
            "PAN-OS 10.2.3-h2",
            "PAN-OS 10.2.3-h1",
            "PAN-OS 10.2.3",
            "PAN-OS 10.2.2-h6",
            "PAN-OS 10.2.2-h5",
            "PAN-OS 10.2.2-h4",
            "PAN-OS 10.2.2-h3",
            "PAN-OS 10.2.2-h2",
            "PAN-OS 10.2.2-h1",
            "PAN-OS 10.2.2",
            "PAN-OS 10.2.1-h3",
            "PAN-OS 10.2.1-h2",
            "PAN-OS 10.2.1-h1",
            "PAN-OS 10.2.1",
            "PAN-OS 10.2.0-h4",
            "PAN-OS 10.2.0-h3",
            "PAN-OS 10.2.0-h2",
            "PAN-OS 10.2.0-h1",
            "PAN-OS 10.2.0"
          ],
          "x_faq": [
            {
              "answer": "Limited coverage in Threat Prevention means that while known attack patterns can be identified using the current Threat ID, variations may exist that cannot currently be detected. If this CVE and Required Configuration for Exposure impact your environment, we recommend upgrading to an unaffected version.",
              "question": "Why do Threat Prevention signatures provide limited coverage?"
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "assignerShortName": "palo_alto",
        "cveId": "CVE-2026-0284",
        "datePublished": "2026-07-09T18:59:57.586Z",
        "dateReserved": "2025-11-03T20:44:42.748Z",
        "dateUpdated": "2026-07-09T19:25:27.319Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0285 (GCVE-0-2026-0285)

    Vulnerability from cvelistv5 – Published: 2026-07-09 18:58 – Updated: 2026-07-09 19:25
    VLAI
    Title
    PAN-OS: Server-Side Request Forgery Vulnerability in Management Web Interface
    Summary
    A server-side request forgery (SSRF) vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator with network access to the management web interface to make unauthorized requests from the firewall to internal services. The security risk posed by this issue is minimized when the management interface is restricted to only trusted internal IP addresses according to our recommended  best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .  Panorama, Cloud NGFW, and Prisma® Access are not impacted by this vulnerability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-918 - Server-Side Request Forgery (SSRF)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Palo Alto Networks Cloud NGFW Unaffected: All (custom)
    Create a notification for this product.
    Palo Alto Networks PAN-OS Affected: 12.1.0 , < 12.1.8 (custom)
    Affected: 11.2.0 , < 11.2.13 (custom)
    Affected: 11.1.0 , < 11.1.16 (custom)
    Affected: 10.2.0 , < 10.2.18-h8 (custom)
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.12:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h13:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.15:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.14:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h26:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h25:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h32:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h29:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h25:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h23:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h22:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h20:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h19:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h33:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h32:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h27:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h25:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h13:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h16:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h36:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h31:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h30:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h27:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h26:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h23:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h13:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h34:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h32:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h24:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h23:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h22:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h20:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h19:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h16:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h13:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Palo Alto Networks Prisma Access Unaffected: All (custom)
    Create a notification for this product.
    Date Public
    2026-07-08 16:00
    Credits
    our internal security research teams
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0285",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T19:25:38.612302Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T19:25:44.255Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Cloud NGFW",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h13:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h26:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h25:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h32:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h29:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h25:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h23:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h22:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h20:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h19:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h33:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h32:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h27:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h25:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h13:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h16:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h36:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h31:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h30:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h27:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h26:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h23:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h13:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h34:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h32:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h24:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h23:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h22:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h20:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h19:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h16:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h13:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "PAN-OS",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "12.1.8",
                      "status": "unaffected"
                    },
                    {
                      "at": "12.1.7-h2",
                      "status": "unaffected"
                    },
                    {
                      "at": "12.1.4-h8",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "12.1.8",
                  "status": "affected",
                  "version": "12.1.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "11.2.13",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.2.10-h11",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.2.7-h18",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.2.4-h20",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "11.2.13",
                  "status": "affected",
                  "version": "11.2.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "11.1.16",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.13-h9",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.10-h30",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.7-h8",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.6-h35",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.4-h35",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "11.1.16",
                  "status": "affected",
                  "version": "11.1.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "10.2.18-h8",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.16-h9",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.13-h23",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.10-h39",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.7-h36",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "10.2.18-h8",
                  "status": "affected",
                  "version": "10.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Prisma Access",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "configurations": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003e\u003c/p\u003e\u003cp\u003eThe risk is greatest if you enabled access to the management interface from the internet or any untrusted network either:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003col\u003e\u003cli\u003eDirectly; or\u003c/li\u003e\u003cli\u003eThrough a dataplane interface that includes a management interface profile.\u003c/li\u003e\u003c/ol\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eYou reduce the risk if you ensure that you allow only trusted internal IP addresses to access the management interface.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e"
                }
              ],
              "value": "The risk is greatest if you enabled access to the management interface from the internet or any untrusted network either:\n\n\n\n\n\n  *  Directly; or\n  *  Through a dataplane interface that includes a management interface profile.\n\n\n\n\n\n\nYou reduce the risk if you ensure that you allow only trusted internal IP addresses to access the management interface."
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "12.1.4-h8",
                      "versionStartIncluding": "12.1.4",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "12.1.7-h2",
                      "versionStartIncluding": "12.1.7",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "12.1.8",
                      "versionStartIncluding": "12.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.2.4-h20",
                      "versionStartIncluding": "11.2.4",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.2.7-h18",
                      "versionStartIncluding": "11.2.7",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.2.10-h11",
                      "versionStartIncluding": "11.2.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.2.13",
                      "versionStartIncluding": "11.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.4-h35",
                      "versionStartIncluding": "11.1.4",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.6-h35",
                      "versionStartIncluding": "11.1.6",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.7-h8",
                      "versionStartIncluding": "11.1.7",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.10-h30",
                      "versionStartIncluding": "11.1.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.13-h9",
                      "versionStartIncluding": "11.1.13",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.16",
                      "versionStartIncluding": "11.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.7-h36",
                      "versionStartIncluding": "10.2.7",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.10-h39",
                      "versionStartIncluding": "10.2.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.13-h23",
                      "versionStartIncluding": "10.2.13",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.16-h9",
                      "versionStartIncluding": "10.2.16",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.18-h8",
                      "versionStartIncluding": "10.2.18",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "our internal security research teams"
            }
          ],
          "datePublic": "2026-07-08T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003e\u003cspan\u003eA server-side request forgery (SSRF) vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator with network access to the management web interface to make unauthorized requests from the firewall to internal services.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan\u003eThe security risk posed by this issue is minimized when the management interface is restricted to only trusted internal IP addresses according to our recommended\u0026nbsp;\u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"\u003e\u003cspan\u003ebest practice deployment guidelines\u003c/span\u003e\u003c/a\u003e\u003cspan\u003e.\u0026nbsp;\u003cbr\u003e\u003c/span\u003e\u003cspan\u003e\u003cbr\u003ePanorama, Cloud NGFW, and Prisma\u00ae Access are not impacted by this vulnerability.\u003c/span\u003e\u003c/p\u003e"
                }
              ],
              "value": "A server-side request forgery (SSRF) vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator with network access to the management web interface to make unauthorized requests from the firewall to internal services.\n\n\n\nThe security risk posed by this issue is minimized when the management interface is restricted to only trusted internal IP addresses according to our recommended\u00a0 best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .\u00a0\n\nPanorama, Cloud NGFW, and Prisma\u00ae Access are not impacted by this vulnerability."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
                }
              ],
              "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-664",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-664 Server-Side Request Forgery"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NO",
                "Recovery": "USER",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "UNREPORTED",
                "privilegesRequired": "HIGH",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "The risk is highest when you allow access to the management interface from external IP addresses on the internet."
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NO",
                "Recovery": "USER",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "ADJACENT",
                "baseScore": 4.4,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "UNREPORTED",
                "privilegesRequired": "HIGH",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "You can reduce the risk of exploitation by restricting access to a jump box that is the only system allowed to access the management interface."
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "CWE-918 Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T18:58:14.563Z",
            "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
            "shortName": "palo_alto"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.paloaltonetworks.com/CVE-2026-0285"
            }
          ],
          "solutions": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003ctable class=\"tbl\"\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eVersion\u003cbr\u003e\u003c/th\u003e\u003cth\u003eMinor Version\u003cbr\u003e\u003c/th\u003e\u003cth\u003eSuggested Solution\u003cbr\u003e\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eCloud NGFW\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003ePAN-OS 12.1\u003cbr\u003e\u003c/td\u003e\n                                \u003ctd\u003e12.1.5 through 12.1.7\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 12.1.7-h2 or 12.1.8 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e12.1.2 through 12.1.4\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 12.1.4-h8 or 12.1.8 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003ePAN-OS 11.2\u003cbr\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.2.11 through 11.2.12\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.2.13 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.2.8 through 11.2.10\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.2.10-h11 or 11.2.13 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.2.5 through 11.2.7\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.2.7-h18 or 11.2.13 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.2.0 through 11.2.4\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.2.4-h20 or 11.2.13 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003ePAN-OS 11.1\u003cbr\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.1.14 through 11.1.15\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.1.16 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.1.11 through 11.1.13\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.1.13-h9 or 11.1.16 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.1.8 through 11.1.10\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.1.10-h30 or 11.1.16 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.1.7 through 11.1.7\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.1.7-h8 or 11.1.16 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.1.5 through 11.1.6\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.1.6-h35 or 11.1.16 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.1.0 through 11.1.4\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.1.4-h35 or 11.1.16 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003ePAN-OS 10.2\u003cbr\u003e\u003c/td\u003e\n                                \u003ctd\u003e10.2.17 through 10.2.18\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 10.2.18-h8 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e10.2.14 through 10.2.16\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 10.2.16-h9 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e10.2.11 through 10.2.13\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 10.2.13-h23 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e10.2.8 through 10.2.10\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 10.2.10-h39 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e10.2.0 through 10.2.7\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 10.2.7-h36 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eAll older\u003cbr\u003eunsupported\u003cbr\u003ePAN-OS versions\u003c/td\u003e\u003ctd\u003e\u0026nbsp;\u003c/td\u003e\u003ctd\u003eUpgrade to a supported fixed version.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePrisma Access\u0026nbsp;\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e"
                }
              ],
              "value": "Version\nMinor Version\nSuggested Solution\nCloud NGFW\nNo action needed.\n                                PAN-OS 12.1\n\n                                12.1.5 through 12.1.7-h*\n                                Upgrade to 12.1.7-h2 or 12.1.8 or later.\n                            \n                                \n                                12.1.2 through 12.1.4-h*\n                                Upgrade to 12.1.4-h8 or 12.1.8 or later.\n                            \n                                PAN-OS 11.2\n\n                                11.2.11 through 11.2.12\n                                Upgrade to 11.2.13 or later.\n                            \n                                \n                                11.2.8 through 11.2.10-h*\n                                Upgrade to 11.2.10-h11 or 11.2.13 or later.\n                            \n                                \n                                11.2.5 through 11.2.7-h*\n                                Upgrade to 11.2.7-h18 or 11.2.13 or later.\n                            \n                                \n                                11.2.0 through 11.2.4-h*\n                                Upgrade to 11.2.4-h20 or 11.2.13 or later.\n                            \n                                PAN-OS 11.1\n\n                                11.1.14 through 11.1.15\n                                Upgrade to 11.1.16 or later.\n                            \n                                \n                                11.1.11 through 11.1.13-h*\n                                Upgrade to 11.1.13-h9 or 11.1.16 or later.\n                            \n                                \n                                11.1.8 through 11.1.10-h*\n                                Upgrade to 11.1.10-h30 or 11.1.16 or later.\n                            \n                                \n                                11.1.7 through 11.1.7-h*\n                                Upgrade to 11.1.7-h8 or 11.1.16 or later.\n                            \n                                \n                                11.1.5 through 11.1.6-h*\n                                Upgrade to 11.1.6-h35 or 11.1.16 or later.\n                            \n                                \n                                11.1.0 through 11.1.4-h*\n                                Upgrade to 11.1.4-h35 or 11.1.16 or later.\n                            \n                                PAN-OS 10.2\n\n                                10.2.17 through 10.2.18-h*\n                                Upgrade to 10.2.18-h8 or later.\n                            \n                                \n                                10.2.14 through 10.2.16-h*\n                                Upgrade to 10.2.16-h9 or later.\n                            \n                                \n                                10.2.11 through 10.2.13-h*\n                                Upgrade to 10.2.13-h23 or later.\n                            \n                                \n                                10.2.8 through 10.2.10-h*\n                                Upgrade to 10.2.10-h39 or later.\n                            \n                                \n                                10.2.0 through 10.2.7-h*\n                                Upgrade to 10.2.7-h36 or later.\n                            All older\nunsupported\nPAN-OS versions\u00a0Upgrade to a supported fixed version.Prisma Access\u00a0\nNo action needed."
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-08T16:00:00.000Z",
              "value": "Initial publication"
            }
          ],
          "title": "PAN-OS: Server-Side Request Forgery Vulnerability in Management Web Interface",
          "workarounds": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003e\u003c/p\u003e\u003cp\u003eThe vast majority of firewalls already follow Palo Alto Networks\u0027 and industry best practices. However, if you have not already, we strongly recommend that you secure access to your management interface according to our \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"\u003ebest practice deployment guidelines\u003c/a\u003e. Specifically, you should restrict management interface access to only trusted internal IP addresses.\u003c/p\u003e\u003cp\u003eReview information about how to secure management access to your Palo Alto Networks firewalls:\u003c/p\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"\u003e\u003c/a\u003e\u003cul\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"\u003e\u003c/a\u003e\u003cli\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"\u003e\u003c/a\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"\u003ePalo Alto Networks LIVEcommunity article\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices\"\u003ePalo Alto Networks official and detailed technical documentation\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eCustomers with a Threat Prevention subscription can block attacks for this vulnerability by enabling Threat ID 510030 (from Applications and Threats content version 9122-10145 and later). For these Threat IDs to protect against attacks for this vulnerability:\u003c/p\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#id59206398-3dab-4b2f-9b4b-7ea500d036ba\"\u003e\u003c/a\u003e\u003cul\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#id59206398-3dab-4b2f-9b4b-7ea500d036ba\"\u003e\u003c/a\u003e\u003cli\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#id59206398-3dab-4b2f-9b4b-7ea500d036ba\"\u003e\u003c/a\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#id59206398-3dab-4b2f-9b4b-7ea500d036ba\"\u003eRoute incoming traffic for the MGT port through a DP port\u003c/a\u003e\u0026nbsp;e.g., enabling management profile on a DP interface for management access\u003c/li\u003e\u003cli\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#id112f7714-8995-4496-bbf9-781e63dec71c\"\u003eReplace the Certificate for Inbound Traffic Management\u003c/a\u003e.\u003c/li\u003e\u003cli\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#idbbd82587-17a2-42b4-9245-d3714e1e13a2\"\u003eDecrypt inbound traffic to the management interface\u003c/a\u003e\u0026nbsp;so the firewall can inspect it.\u003c/li\u003e\u003cli\u003eEnable threat prevention on the inbound traffic to management services.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003ePlease note that this Threat ID requires SSL Decryption.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e"
                }
              ],
              "value": "The vast majority of firewalls already follow Palo Alto Networks\u0027 and industry best practices. However, if you have not already, we strongly recommend that you secure access to your management interface according to our  best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . Specifically, you should restrict management interface access to only trusted internal IP addresses.\n\n\n\nReview information about how to secure management access to your Palo Alto Networks firewalls:\n\n  https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431   https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431   *    https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431  Palo Alto Networks LIVEcommunity article https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 \n  *   Palo Alto Networks official and detailed technical documentation https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices \n\n\n\n\nCustomers with a Threat Prevention subscription can block attacks for this vulnerability by enabling Threat ID 510030 (from Applications and Threats content version 9122-10145 and later). For these Threat IDs to protect against attacks for this vulnerability:\n\n  https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#id59206398-3dab-4b2f-9b4b-7ea500d036ba   https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#id59206398-3dab-4b2f-9b4b-7ea500d036ba   *    https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#id59206398-3dab-4b2f-9b4b-7ea500d036ba  Route incoming traffic for the MGT port through a DP port https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#id59206398-3dab-4b2f-9b4b-7ea500d036ba \u00a0e.g., enabling management profile on a DP interface for management access\n  *   Replace the Certificate for Inbound Traffic Management https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#id112f7714-8995-4496-bbf9-781e63dec71c .\n  *   Decrypt inbound traffic to the management interface https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#idbbd82587-17a2-42b4-9245-d3714e1e13a2 \u00a0so the firewall can inspect it.\n  *  Enable threat prevention on the inbound traffic to management services.\n\n\n\n\nPlease note that this Threat ID requires SSL Decryption."
            }
          ],
          "x_affectedList": [
            "PAN-OS 12.1.7",
            "PAN-OS 12.1.6",
            "PAN-OS 12.1.5",
            "PAN-OS 12.1.4-h6",
            "PAN-OS 12.1.4-h5",
            "PAN-OS 12.1.4-h3",
            "PAN-OS 12.1.4-h2",
            "PAN-OS 12.1.4",
            "PAN-OS 12.1.3-h3",
            "PAN-OS 12.1.3-h1",
            "PAN-OS 12.1.3",
            "PAN-OS 12.1.2",
            "PAN-OS 11.2.12",
            "PAN-OS 11.2.11",
            "PAN-OS 11.2.10-h8",
            "PAN-OS 11.2.10-h7",
            "PAN-OS 11.2.10-h6",
            "PAN-OS 11.2.10-h5",
            "PAN-OS 11.2.10-h4",
            "PAN-OS 11.2.10-h3",
            "PAN-OS 11.2.10-h2",
            "PAN-OS 11.2.10-h1",
            "PAN-OS 11.2.10",
            "PAN-OS 11.2.9",
            "PAN-OS 11.2.8",
            "PAN-OS 11.2.7-h15",
            "PAN-OS 11.2.7-h14",
            "PAN-OS 11.2.7-h13",
            "PAN-OS 11.2.7-h12",
            "PAN-OS 11.2.7-h11",
            "PAN-OS 11.2.7-h10",
            "PAN-OS 11.2.7-h8",
            "PAN-OS 11.2.7-h7",
            "PAN-OS 11.2.7-h4",
            "PAN-OS 11.2.7-h3",
            "PAN-OS 11.2.7-h2",
            "PAN-OS 11.2.7-h1",
            "PAN-OS 11.2.7",
            "PAN-OS 11.2.6",
            "PAN-OS 11.2.5",
            "PAN-OS 11.2.4-h17",
            "PAN-OS 11.2.4-h15",
            "PAN-OS 11.2.4-h14",
            "PAN-OS 11.2.4-h12",
            "PAN-OS 11.2.4-h11",
            "PAN-OS 11.2.4-h10",
            "PAN-OS 11.2.4-h9",
            "PAN-OS 11.2.4-h8",
            "PAN-OS 11.2.4-h7",
            "PAN-OS 11.2.4-h6",
            "PAN-OS 11.2.4-h5",
            "PAN-OS 11.2.4-h4",
            "PAN-OS 11.2.4-h3",
            "PAN-OS 11.2.4-h2",
            "PAN-OS 11.2.4-h1",
            "PAN-OS 11.2.4",
            "PAN-OS 11.2.3-h5",
            "PAN-OS 11.2.3-h4",
            "PAN-OS 11.2.3-h3",
            "PAN-OS 11.2.3-h2",
            "PAN-OS 11.2.3-h1",
            "PAN-OS 11.2.3",
            "PAN-OS 11.2.2-h2",
            "PAN-OS 11.2.2-h1",
            "PAN-OS 11.2.1-h1",
            "PAN-OS 11.2.1",
            "PAN-OS 11.2.0-h1",
            "PAN-OS 11.2.0",
            "PAN-OS 11.1.15",
            "PAN-OS 11.1.14",
            "PAN-OS 11.1.13-h6",
            "PAN-OS 11.1.13-h5",
            "PAN-OS 11.1.13-h3",
            "PAN-OS 11.1.13-h2",
            "PAN-OS 11.1.13-h1",
            "PAN-OS 11.1.13",
            "PAN-OS 11.1.12",
            "PAN-OS 11.1.11",
            "PAN-OS 11.1.10-h26",
            "PAN-OS 11.1.10-h25",
            "PAN-OS 11.1.10-h21",
            "PAN-OS 11.1.10-h12",
            "PAN-OS 11.1.10-h10",
            "PAN-OS 11.1.10-h9",
            "PAN-OS 11.1.10-h7",
            "PAN-OS 11.1.10-h5",
            "PAN-OS 11.1.10-h4",
            "PAN-OS 11.1.10-h1",
            "PAN-OS 11.1.10",
            "PAN-OS 11.1.9",
            "PAN-OS 11.1.8",
            "PAN-OS 11.1.6-h32",
            "PAN-OS 11.1.6-h29",
            "PAN-OS 11.1.6-h25",
            "PAN-OS 11.1.6-h23",
            "PAN-OS 11.1.6-h22",
            "PAN-OS 11.1.6-h21",
            "PAN-OS 11.1.6-h20",
            "PAN-OS 11.1.6-h19",
            "PAN-OS 11.1.6-h18",
            "PAN-OS 11.1.6-h17",
            "PAN-OS 11.1.6-h14",
            "PAN-OS 11.1.6-h10",
            "PAN-OS 11.1.6-h7",
            "PAN-OS 11.1.6-h6",
            "PAN-OS 11.1.6-h4",
            "PAN-OS 11.1.6-h3",
            "PAN-OS 11.1.6-h2",
            "PAN-OS 11.1.6-h1",
            "PAN-OS 11.1.6",
            "PAN-OS 11.1.5-h1",
            "PAN-OS 11.1.5",
            "PAN-OS 11.1.4-h33",
            "PAN-OS 11.1.4-h32",
            "PAN-OS 11.1.4-h27",
            "PAN-OS 11.1.4-h25",
            "PAN-OS 11.1.4-h18",
            "PAN-OS 11.1.4-h17",
            "PAN-OS 11.1.4-h15",
            "PAN-OS 11.1.4-h13",
            "PAN-OS 11.1.4-h12",
            "PAN-OS 11.1.4-h11",
            "PAN-OS 11.1.4-h10",
            "PAN-OS 11.1.4-h9",
            "PAN-OS 11.1.4-h8",
            "PAN-OS 11.1.4-h7",
            "PAN-OS 11.1.4-h6",
            "PAN-OS 11.1.4-h5",
            "PAN-OS 11.1.4-h4",
            "PAN-OS 11.1.4-h3",
            "PAN-OS 11.1.4-h2",
            "PAN-OS 11.1.4-h1",
            "PAN-OS 11.1.4",
            "PAN-OS 11.1.3-h13",
            "PAN-OS 11.1.3-h12",
            "PAN-OS 11.1.3-h11",
            "PAN-OS 11.1.3-h10",
            "PAN-OS 11.1.3-h9",
            "PAN-OS 11.1.3-h8",
            "PAN-OS 11.1.3-h7",
            "PAN-OS 11.1.3-h6",
            "PAN-OS 11.1.3-h5",
            "PAN-OS 11.1.3-h4",
            "PAN-OS 11.1.3-h3",
            "PAN-OS 11.1.3-h2",
            "PAN-OS 11.1.3-h1",
            "PAN-OS 11.1.3",
            "PAN-OS 11.1.2-h18",
            "PAN-OS 11.1.2-h17",
            "PAN-OS 11.1.2-h16",
            "PAN-OS 11.1.2-h15",
            "PAN-OS 11.1.2-h14",
            "PAN-OS 11.1.2-h13",
            "PAN-OS 11.1.2-h12",
            "PAN-OS 11.1.2-h11",
            "PAN-OS 11.1.2-h10",
            "PAN-OS 11.1.2-h9",
            "PAN-OS 11.1.2-h8",
            "PAN-OS 11.1.2-h7",
            "PAN-OS 11.1.2-h6",
            "PAN-OS 11.1.2-h5",
            "PAN-OS 11.1.2-h4",
            "PAN-OS 11.1.2-h3",
            "PAN-OS 11.1.2-h2",
            "PAN-OS 11.1.2-h1",
            "PAN-OS 11.1.2",
            "PAN-OS 11.1.1-h2",
            "PAN-OS 11.1.1-h1",
            "PAN-OS 11.1.1",
            "PAN-OS 11.1.0-h4",
            "PAN-OS 11.1.0-h3",
            "PAN-OS 11.1.0-h2",
            "PAN-OS 11.1.0-h1",
            "PAN-OS 11.1.0",
            "PAN-OS 10.2.18-h6",
            "PAN-OS 10.2.18-h5",
            "PAN-OS 10.2.18-h1",
            "PAN-OS 10.2.18",
            "PAN-OS 10.2.17",
            "PAN-OS 10.2.16-h7",
            "PAN-OS 10.2.16-h6",
            "PAN-OS 10.2.16-h4",
            "PAN-OS 10.2.16-h1",
            "PAN-OS 10.2.16",
            "PAN-OS 10.2.15",
            "PAN-OS 10.2.14-h1",
            "PAN-OS 10.2.14",
            "PAN-OS 10.2.13-h21",
            "PAN-OS 10.2.13-h18",
            "PAN-OS 10.2.13-h16",
            "PAN-OS 10.2.13-h15",
            "PAN-OS 10.2.13-h10",
            "PAN-OS 10.2.13-h7",
            "PAN-OS 10.2.13-h5",
            "PAN-OS 10.2.13-h4",
            "PAN-OS 10.2.13-h3",
            "PAN-OS 10.2.13-h2",
            "PAN-OS 10.2.13-h1",
            "PAN-OS 10.2.13",
            "PAN-OS 10.2.12-h6",
            "PAN-OS 10.2.12-h5",
            "PAN-OS 10.2.12-h4",
            "PAN-OS 10.2.12-h3",
            "PAN-OS 10.2.12-h2",
            "PAN-OS 10.2.12-h1",
            "PAN-OS 10.2.12",
            "PAN-OS 10.2.11-h13",
            "PAN-OS 10.2.11-h12",
            "PAN-OS 10.2.11-h11",
            "PAN-OS 10.2.11-h10",
            "PAN-OS 10.2.11-h9",
            "PAN-OS 10.2.11-h8",
            "PAN-OS 10.2.11-h7",
            "PAN-OS 10.2.11-h6",
            "PAN-OS 10.2.11-h5",
            "PAN-OS 10.2.11-h4",
            "PAN-OS 10.2.11-h3",
            "PAN-OS 10.2.11-h2",
            "PAN-OS 10.2.11-h1",
            "PAN-OS 10.2.11",
            "PAN-OS 10.2.10-h36",
            "PAN-OS 10.2.10-h31",
            "PAN-OS 10.2.10-h30",
            "PAN-OS 10.2.10-h27",
            "PAN-OS 10.2.10-h26",
            "PAN-OS 10.2.10-h23",
            "PAN-OS 10.2.10-h21",
            "PAN-OS 10.2.10-h18",
            "PAN-OS 10.2.10-h17",
            "PAN-OS 10.2.10-h14",
            "PAN-OS 10.2.10-h13",
            "PAN-OS 10.2.10-h12",
            "PAN-OS 10.2.10-h11",
            "PAN-OS 10.2.10-h10",
            "PAN-OS 10.2.10-h9",
            "PAN-OS 10.2.10-h8",
            "PAN-OS 10.2.10-h7",
            "PAN-OS 10.2.10-h6",
            "PAN-OS 10.2.10-h5",
            "PAN-OS 10.2.10-h4",
            "PAN-OS 10.2.10-h3",
            "PAN-OS 10.2.10-h2",
            "PAN-OS 10.2.10-h1",
            "PAN-OS 10.2.10",
            "PAN-OS 10.2.9-h21",
            "PAN-OS 10.2.9-h20",
            "PAN-OS 10.2.9-h19",
            "PAN-OS 10.2.9-h18",
            "PAN-OS 10.2.9-h17",
            "PAN-OS 10.2.9-h16",
            "PAN-OS 10.2.9-h15",
            "PAN-OS 10.2.9-h14",
            "PAN-OS 10.2.9-h13",
            "PAN-OS 10.2.9-h12",
            "PAN-OS 10.2.9-h11",
            "PAN-OS 10.2.9-h10",
            "PAN-OS 10.2.9-h9",
            "PAN-OS 10.2.9-h8",
            "PAN-OS 10.2.9-h7",
            "PAN-OS 10.2.9-h6",
            "PAN-OS 10.2.9-h5",
            "PAN-OS 10.2.9-h4",
            "PAN-OS 10.2.9-h3",
            "PAN-OS 10.2.9-h2",
            "PAN-OS 10.2.9-h1",
            "PAN-OS 10.2.9",
            "PAN-OS 10.2.8-h21",
            "PAN-OS 10.2.8-h20",
            "PAN-OS 10.2.8-h19",
            "PAN-OS 10.2.8-h18",
            "PAN-OS 10.2.8-h17",
            "PAN-OS 10.2.8-h16",
            "PAN-OS 10.2.8-h15",
            "PAN-OS 10.2.8-h14",
            "PAN-OS 10.2.8-h13",
            "PAN-OS 10.2.8-h12",
            "PAN-OS 10.2.8-h11",
            "PAN-OS 10.2.8-h10",
            "PAN-OS 10.2.8-h9",
            "PAN-OS 10.2.8-h8",
            "PAN-OS 10.2.8-h7",
            "PAN-OS 10.2.8-h6",
            "PAN-OS 10.2.8-h5",
            "PAN-OS 10.2.8-h4",
            "PAN-OS 10.2.8-h3",
            "PAN-OS 10.2.8-h2",
            "PAN-OS 10.2.8-h1",
            "PAN-OS 10.2.8",
            "PAN-OS 10.2.7-h34",
            "PAN-OS 10.2.7-h32",
            "PAN-OS 10.2.7-h24",
            "PAN-OS 10.2.7-h23",
            "PAN-OS 10.2.7-h22",
            "PAN-OS 10.2.7-h21",
            "PAN-OS 10.2.7-h20",
            "PAN-OS 10.2.7-h19",
            "PAN-OS 10.2.7-h18",
            "PAN-OS 10.2.7-h17",
            "PAN-OS 10.2.7-h16",
            "PAN-OS 10.2.7-h15",
            "PAN-OS 10.2.7-h14",
            "PAN-OS 10.2.7-h13",
            "PAN-OS 10.2.7-h12",
            "PAN-OS 10.2.7-h11",
            "PAN-OS 10.2.7-h10",
            "PAN-OS 10.2.7-h9",
            "PAN-OS 10.2.7-h8",
            "PAN-OS 10.2.7-h7",
            "PAN-OS 10.2.7-h6",
            "PAN-OS 10.2.7-h5",
            "PAN-OS 10.2.7-h4",
            "PAN-OS 10.2.7-h3",
            "PAN-OS 10.2.7-h2",
            "PAN-OS 10.2.7-h1",
            "PAN-OS 10.2.7",
            "PAN-OS 10.2.6-h6",
            "PAN-OS 10.2.6-h5",
            "PAN-OS 10.2.6-h4",
            "PAN-OS 10.2.6-h3",
            "PAN-OS 10.2.6-h2",
            "PAN-OS 10.2.6-h1",
            "PAN-OS 10.2.6",
            "PAN-OS 10.2.5-h9",
            "PAN-OS 10.2.5-h8",
            "PAN-OS 10.2.5-h7",
            "PAN-OS 10.2.5-h6",
            "PAN-OS 10.2.5-h5",
            "PAN-OS 10.2.5-h4",
            "PAN-OS 10.2.5-h3",
            "PAN-OS 10.2.5-h2",
            "PAN-OS 10.2.5-h1",
            "PAN-OS 10.2.5",
            "PAN-OS 10.2.4-h32",
            "PAN-OS 10.2.4-h31",
            "PAN-OS 10.2.4-h30",
            "PAN-OS 10.2.4-h29",
            "PAN-OS 10.2.4-h28",
            "PAN-OS 10.2.4-h27",
            "PAN-OS 10.2.4-h26",
            "PAN-OS 10.2.4-h25",
            "PAN-OS 10.2.4-h24",
            "PAN-OS 10.2.4-h23",
            "PAN-OS 10.2.4-h22",
            "PAN-OS 10.2.4-h21",
            "PAN-OS 10.2.4-h20",
            "PAN-OS 10.2.4-h19",
            "PAN-OS 10.2.4-h18",
            "PAN-OS 10.2.4-h17",
            "PAN-OS 10.2.4-h16",
            "PAN-OS 10.2.4-h15",
            "PAN-OS 10.2.4-h14",
            "PAN-OS 10.2.4-h13",
            "PAN-OS 10.2.4-h12",
            "PAN-OS 10.2.4-h11",
            "PAN-OS 10.2.4-h10",
            "PAN-OS 10.2.4-h9",
            "PAN-OS 10.2.4-h8",
            "PAN-OS 10.2.4-h7",
            "PAN-OS 10.2.4-h6",
            "PAN-OS 10.2.4-h5",
            "PAN-OS 10.2.4-h4",
            "PAN-OS 10.2.4-h3",
            "PAN-OS 10.2.4-h2",
            "PAN-OS 10.2.4-h1",
            "PAN-OS 10.2.4",
            "PAN-OS 10.2.3-h14",
            "PAN-OS 10.2.3-h13",
            "PAN-OS 10.2.3-h12",
            "PAN-OS 10.2.3-h11",
            "PAN-OS 10.2.3-h10",
            "PAN-OS 10.2.3-h9",
            "PAN-OS 10.2.3-h8",
            "PAN-OS 10.2.3-h7",
            "PAN-OS 10.2.3-h6",
            "PAN-OS 10.2.3-h5",
            "PAN-OS 10.2.3-h4",
            "PAN-OS 10.2.3-h3",
            "PAN-OS 10.2.3-h2",
            "PAN-OS 10.2.3-h1",
            "PAN-OS 10.2.3",
            "PAN-OS 10.2.2-h6",
            "PAN-OS 10.2.2-h5",
            "PAN-OS 10.2.2-h4",
            "PAN-OS 10.2.2-h3",
            "PAN-OS 10.2.2-h2",
            "PAN-OS 10.2.2-h1",
            "PAN-OS 10.2.2",
            "PAN-OS 10.2.1-h3",
            "PAN-OS 10.2.1-h2",
            "PAN-OS 10.2.1-h1",
            "PAN-OS 10.2.1",
            "PAN-OS 10.2.0-h4",
            "PAN-OS 10.2.0-h3",
            "PAN-OS 10.2.0-h2",
            "PAN-OS 10.2.0-h1",
            "PAN-OS 10.2.0"
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "assignerShortName": "palo_alto",
        "cveId": "CVE-2026-0285",
        "datePublished": "2026-07-09T18:58:14.563Z",
        "dateReserved": "2025-11-03T20:44:43.620Z",
        "dateUpdated": "2026-07-09T19:25:44.255Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0286 (GCVE-0-2026-0286)

    Vulnerability from cvelistv5 – Published: 2026-07-09 18:56 – Updated: 2026-07-09 19:26
    VLAI
    Title
    PAN-OS: Authenticated Command Injection in CLI
    Summary
    A command injection vulnerability in the management plane of Palo Alto Networks PAN-OS® software enables an authenticated administrator to execute arbitrary OS commands as root. The security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators. This issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series). Cloud NGFW and Prisma Access® are not impacted by this vulnerability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Palo Alto Networks Cloud NGFW Unaffected: All (custom)
    Create a notification for this product.
    Palo Alto Networks PAN-OS Affected: 12.1.0 , < 12.1.8 (custom)
    Affected: 11.2.0 , < 11.2.13 (custom)
    Affected: 11.1.0 , < 11.1.16 (custom)
    Affected: 10.2.0 , < 10.2.18-h8 (custom)
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.12:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h13:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.15:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.14:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h26:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h25:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h32:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h29:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h25:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h23:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h22:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h20:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h19:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h33:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h32:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h27:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h25:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h13:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h16:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h36:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h31:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h30:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h27:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h26:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h23:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h13:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h34:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h32:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h24:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h23:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h22:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h20:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h19:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h16:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h13:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Palo Alto Networks Prisma Access Unaffected: All (custom)
    Create a notification for this product.
    Date Public
    2026-07-08 16:00
    Credits
    Curious of TRAPA Security our internal security research teams
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0286",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T19:25:55.330135Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T19:26:01.748Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Cloud NGFW",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h13:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h26:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h25:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h32:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h29:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h25:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h23:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h22:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h20:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h19:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h33:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h32:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h27:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h25:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h13:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h16:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h36:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h31:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h30:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h27:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h26:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h23:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h13:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h34:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h32:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h24:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h23:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h22:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h20:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h19:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h16:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h13:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "PAN-OS",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "12.1.8",
                      "status": "unaffected"
                    },
                    {
                      "at": "12.1.7-h2",
                      "status": "unaffected"
                    },
                    {
                      "at": "12.1.4-h8",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "12.1.8",
                  "status": "affected",
                  "version": "12.1.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "11.2.13",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.2.10-h11",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.2.7-h18",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.2.4-h20",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "11.2.13",
                  "status": "affected",
                  "version": "11.2.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "11.1.16",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.13-h9",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.10-h30",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.7-h8",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.6-h35",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.4-h35",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "11.1.16",
                  "status": "affected",
                  "version": "11.1.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "10.2.18-h8",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.16-h9",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.13-h23",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.10-h39",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.7-h36",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "10.2.18-h8",
                  "status": "affected",
                  "version": "10.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Prisma Access",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "configurations": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "No special configuration is required to be affected by this issue."
                }
              ],
              "value": "No special configuration is required to be affected by this issue."
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "12.1.8",
                      "versionStartIncluding": "12.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "12.1.7-h2",
                      "versionStartIncluding": "12.1.7",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "12.1.4-h8",
                      "versionStartIncluding": "12.1.4",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.2.13",
                      "versionStartIncluding": "11.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.2.10-h11",
                      "versionStartIncluding": "11.2.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.2.7-h18",
                      "versionStartIncluding": "11.2.7",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.2.4-h20",
                      "versionStartIncluding": "11.2.4",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.16",
                      "versionStartIncluding": "11.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.13-h9",
                      "versionStartIncluding": "11.1.13",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.10-h30",
                      "versionStartIncluding": "11.1.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.7-h8",
                      "versionStartIncluding": "11.1.7",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.6-h35",
                      "versionStartIncluding": "11.1.6",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.4-h35",
                      "versionStartIncluding": "11.1.4",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.18-h8",
                      "versionStartIncluding": "10.2.18",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.16-h9",
                      "versionStartIncluding": "10.2.16",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.13-h23",
                      "versionStartIncluding": "10.2.13",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.10-h39",
                      "versionStartIncluding": "10.2.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.7-h36",
                      "versionStartIncluding": "10.2.7",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Curious of TRAPA Security"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "our internal security research teams"
            }
          ],
          "datePublic": "2026-07-08T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eA command injection vulnerability in the management plane of Palo Alto Networks PAN-OS\u00ae software enables an authenticated administrator to execute arbitrary OS commands as root.\u003c/p\u003e\u003cp\u003eThe security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators.\u003c/p\u003e\u003cp\u003eThis issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series).\u003c/p\u003e\u003cp\u003eCloud NGFW and Prisma Access\u00ae  are not impacted by this vulnerability.\u003c/p\u003e"
                }
              ],
              "value": "A command injection vulnerability in the management plane of Palo Alto Networks PAN-OS\u00ae software enables an authenticated administrator to execute arbitrary OS commands as root.\n\n\n\nThe security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators.\n\n\n\nThis issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series).\n\n\n\nCloud NGFW and Prisma Access\u00ae  are not impacted by this vulnerability."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
                }
              ],
              "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-88",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-88 OS Command Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NO",
                "Recovery": "USER",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "UNREPORTED",
                "privilegesRequired": "HIGH",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T18:56:29.289Z",
            "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
            "shortName": "palo_alto"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.paloaltonetworks.com/CVE-2026-0286"
            }
          ],
          "solutions": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003ctable class=\"tbl\"\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eVersion\u003cbr\u003e\u003c/th\u003e\u003cth\u003eMinor Version\u003cbr\u003e\u003c/th\u003e\u003cth\u003eSuggested Solution\u003cbr\u003e\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eCloud NGFW All\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003ePAN-OS 12.1\u003cbr\u003e\u003c/td\u003e\n                                \u003ctd\u003e12.1.5 through 12.1.7\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 12.1.7-h2 or 12.1.8 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e12.1.2 through 12.1.4\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 12.1.4-h8 or 12.1.8 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003ePAN-OS 11.2\u003cbr\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.2.11 through 11.2.12\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.2.13 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.2.8 through 11.2.10\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.2.10-h11 or 11.2.13 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.2.5 through 11.2.7\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.2.7-h18 or 11.2.13 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.2.0 through 11.2.4\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.2.4-h20 or 11.2.13 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003ePAN-OS 11.1\u003cbr\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.1.14 through 11.1.15\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.1.16 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.1.11 through 11.1.13\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.1.13-h9 or 11.1.16 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.1.8 through 11.1.10\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.1.10-h30 or 11.1.16 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.1.7 through 11.1.7\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.1.7-h8 or 11.1.16 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.1.5 through 11.1.6\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.1.6-h35 or 11.1.16 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.1.0 through 11.1.4\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.1.4-h35 or 11.1.16 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003ePAN-OS 10.2\u003cbr\u003e\u003c/td\u003e\n                                \u003ctd\u003e10.2.17 through 10.2.18\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 10.2.18-h8 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e10.2.14 through 10.2.16\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 10.2.16-h9 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e10.2.11 through 10.2.13\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 10.2.13-h23 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e10.2.8 through 10.2.10\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 10.2.10-h39 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e10.2.0 through 10.2.7\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 10.2.7-h36 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eAll older\u003cbr\u003eunsupported\u003cbr\u003ePAN-OS versions\u003c/td\u003e\u003ctd\u003e\u0026nbsp;\u003c/td\u003e\u003ctd\u003eUpgrade to a supported fixed version.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePrisma Access\u0026nbsp;\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e"
                }
              ],
              "value": "Version\nMinor Version\nSuggested Solution\nCloud NGFW All\nNo action needed.\n                                PAN-OS 12.1\n\n                                12.1.5 through 12.1.7-h*\n                                Upgrade to 12.1.7-h2 or 12.1.8 or later.\n                            \n                                \n                                12.1.2 through 12.1.4-h*\n                                Upgrade to 12.1.4-h8 or 12.1.8 or later.\n                            \n                                PAN-OS 11.2\n\n                                11.2.11 through 11.2.12\n                                Upgrade to 11.2.13 or later.\n                            \n                                \n                                11.2.8 through 11.2.10-h*\n                                Upgrade to 11.2.10-h11 or 11.2.13 or later.\n                            \n                                \n                                11.2.5 through 11.2.7-h*\n                                Upgrade to 11.2.7-h18 or 11.2.13 or later.\n                            \n                                \n                                11.2.0 through 11.2.4-h*\n                                Upgrade to 11.2.4-h20 or 11.2.13 or later.\n                            \n                                PAN-OS 11.1\n\n                                11.1.14 through 11.1.15\n                                Upgrade to 11.1.16 or later.\n                            \n                                \n                                11.1.11 through 11.1.13-h*\n                                Upgrade to 11.1.13-h9 or 11.1.16 or later.\n                            \n                                \n                                11.1.8 through 11.1.10-h*\n                                Upgrade to 11.1.10-h30 or 11.1.16 or later.\n                            \n                                \n                                11.1.7 through 11.1.7-h*\n                                Upgrade to 11.1.7-h8 or 11.1.16 or later.\n                            \n                                \n                                11.1.5 through 11.1.6-h*\n                                Upgrade to 11.1.6-h35 or 11.1.16 or later.\n                            \n                                \n                                11.1.0 through 11.1.4-h*\n                                Upgrade to 11.1.4-h35 or 11.1.16 or later.\n                            \n                                PAN-OS 10.2\n\n                                10.2.17 through 10.2.18-h*\n                                Upgrade to 10.2.18-h8 or later.\n                            \n                                \n                                10.2.14 through 10.2.16-h*\n                                Upgrade to 10.2.16-h9 or later.\n                            \n                                \n                                10.2.11 through 10.2.13-h*\n                                Upgrade to 10.2.13-h23 or later.\n                            \n                                \n                                10.2.8 through 10.2.10-h*\n                                Upgrade to 10.2.10-h39 or later.\n                            \n                                \n                                10.2.0 through 10.2.7-h*\n                                Upgrade to 10.2.7-h36 or later.\n                            All older\nunsupported\nPAN-OS versions\u00a0Upgrade to a supported fixed version.Prisma Access\u00a0\n\nNo action needed."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-08T16:00:00.000Z",
              "value": "Initial Publication"
            }
          ],
          "title": "PAN-OS: Authenticated Command Injection in CLI",
          "workarounds": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003e\u003c/p\u003e\u003cp\u003eCustomers with a Threat Prevention subscription are provided with limited coverage against this vulnerability by enabling Threat ID 510036 (from Applications and Threats content version 9122-10145 and later). For these Threat IDs to protect against attacks for this vulnerability:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#id59206398-3dab-4b2f-9b4b-7ea500d036ba\"\u003eRoute incoming traffic for the MGT port through a DP port\u003c/a\u003e, e.g., enabling management profile on a DP interface for management access.\u003c/li\u003e\u003cli\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#id112f7714-8995-4496-bbf9-781e63dec71c\"\u003eReplace the Certificate for Inbound Traffic Management\u003c/a\u003e.\u0026nbsp;\u003c/li\u003e\u003cli\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#idbbd82587-17a2-42b4-9245-d3714e1e13a2\"\u003eDecrypt inbound traffic to the management\u0026nbsp;interface\u0026nbsp;so the firewall can inspect it.\u003c/a\u003e\u003c/li\u003e\u003cli\u003eEnable threat prevention on the inbound traffic to management services.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003ePlease note that this Threat ID requires SSL Decryption.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e"
                }
              ],
              "value": "Customers with a Threat Prevention subscription are provided with limited coverage against this vulnerability by enabling Threat ID 510036 (from Applications and Threats content version 9122-10145 and later). For these Threat IDs to protect against attacks for this vulnerability:\n\n\n\n\n\n  *   Route incoming traffic for the MGT port through a DP port https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#id59206398-3dab-4b2f-9b4b-7ea500d036ba , e.g., enabling management profile on a DP interface for management access.\n  *   Replace the Certificate for Inbound Traffic Management https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#id112f7714-8995-4496-bbf9-781e63dec71c .\u00a0\n  *   Decrypt inbound traffic to the management\u00a0interface\u00a0so the firewall can inspect it. https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#idbbd82587-17a2-42b4-9245-d3714e1e13a2 \n  *  Enable threat prevention on the inbound traffic to management services.\n\n\n\n\n\n\n\n\nPlease note that this Threat ID requires SSL Decryption."
            }
          ],
          "x_affectedList": [
            "PAN-OS 12.1.7",
            "PAN-OS 12.1.6",
            "PAN-OS 12.1.5",
            "PAN-OS 12.1.4-h6",
            "PAN-OS 12.1.4-h5",
            "PAN-OS 12.1.4-h3",
            "PAN-OS 12.1.4-h2",
            "PAN-OS 12.1.4",
            "PAN-OS 12.1.3-h3",
            "PAN-OS 12.1.3-h1",
            "PAN-OS 12.1.3",
            "PAN-OS 12.1.2",
            "PAN-OS 11.2.12",
            "PAN-OS 11.2.11",
            "PAN-OS 11.2.10-h8",
            "PAN-OS 11.2.10-h7",
            "PAN-OS 11.2.10-h6",
            "PAN-OS 11.2.10-h5",
            "PAN-OS 11.2.10-h4",
            "PAN-OS 11.2.10-h3",
            "PAN-OS 11.2.10-h2",
            "PAN-OS 11.2.10-h1",
            "PAN-OS 11.2.10",
            "PAN-OS 11.2.9",
            "PAN-OS 11.2.8",
            "PAN-OS 11.2.7-h15",
            "PAN-OS 11.2.7-h14",
            "PAN-OS 11.2.7-h13",
            "PAN-OS 11.2.7-h12",
            "PAN-OS 11.2.7-h11",
            "PAN-OS 11.2.7-h10",
            "PAN-OS 11.2.7-h8",
            "PAN-OS 11.2.7-h7",
            "PAN-OS 11.2.7-h4",
            "PAN-OS 11.2.7-h3",
            "PAN-OS 11.2.7-h2",
            "PAN-OS 11.2.7-h1",
            "PAN-OS 11.2.7",
            "PAN-OS 11.2.6",
            "PAN-OS 11.2.5",
            "PAN-OS 11.2.4-h17",
            "PAN-OS 11.2.4-h15",
            "PAN-OS 11.2.4-h14",
            "PAN-OS 11.2.4-h12",
            "PAN-OS 11.2.4-h11",
            "PAN-OS 11.2.4-h10",
            "PAN-OS 11.2.4-h9",
            "PAN-OS 11.2.4-h8",
            "PAN-OS 11.2.4-h7",
            "PAN-OS 11.2.4-h6",
            "PAN-OS 11.2.4-h5",
            "PAN-OS 11.2.4-h4",
            "PAN-OS 11.2.4-h3",
            "PAN-OS 11.2.4-h2",
            "PAN-OS 11.2.4-h1",
            "PAN-OS 11.2.4",
            "PAN-OS 11.2.3-h5",
            "PAN-OS 11.2.3-h4",
            "PAN-OS 11.2.3-h3",
            "PAN-OS 11.2.3-h2",
            "PAN-OS 11.2.3-h1",
            "PAN-OS 11.2.3",
            "PAN-OS 11.2.2-h2",
            "PAN-OS 11.2.2-h1",
            "PAN-OS 11.2.1-h1",
            "PAN-OS 11.2.1",
            "PAN-OS 11.2.0-h1",
            "PAN-OS 11.2.0",
            "PAN-OS 11.1.15",
            "PAN-OS 11.1.14",
            "PAN-OS 11.1.13-h6",
            "PAN-OS 11.1.13-h5",
            "PAN-OS 11.1.13-h3",
            "PAN-OS 11.1.13-h2",
            "PAN-OS 11.1.13-h1",
            "PAN-OS 11.1.13",
            "PAN-OS 11.1.12",
            "PAN-OS 11.1.11",
            "PAN-OS 11.1.10-h26",
            "PAN-OS 11.1.10-h25",
            "PAN-OS 11.1.10-h21",
            "PAN-OS 11.1.10-h12",
            "PAN-OS 11.1.10-h10",
            "PAN-OS 11.1.10-h9",
            "PAN-OS 11.1.10-h7",
            "PAN-OS 11.1.10-h5",
            "PAN-OS 11.1.10-h4",
            "PAN-OS 11.1.10-h1",
            "PAN-OS 11.1.10",
            "PAN-OS 11.1.9",
            "PAN-OS 11.1.8",
            "PAN-OS 11.1.6-h32",
            "PAN-OS 11.1.6-h29",
            "PAN-OS 11.1.6-h25",
            "PAN-OS 11.1.6-h23",
            "PAN-OS 11.1.6-h22",
            "PAN-OS 11.1.6-h21",
            "PAN-OS 11.1.6-h20",
            "PAN-OS 11.1.6-h19",
            "PAN-OS 11.1.6-h18",
            "PAN-OS 11.1.6-h17",
            "PAN-OS 11.1.6-h14",
            "PAN-OS 11.1.6-h10",
            "PAN-OS 11.1.6-h7",
            "PAN-OS 11.1.6-h6",
            "PAN-OS 11.1.6-h4",
            "PAN-OS 11.1.6-h3",
            "PAN-OS 11.1.6-h2",
            "PAN-OS 11.1.6-h1",
            "PAN-OS 11.1.6",
            "PAN-OS 11.1.5-h1",
            "PAN-OS 11.1.5",
            "PAN-OS 11.1.4-h33",
            "PAN-OS 11.1.4-h32",
            "PAN-OS 11.1.4-h27",
            "PAN-OS 11.1.4-h25",
            "PAN-OS 11.1.4-h18",
            "PAN-OS 11.1.4-h17",
            "PAN-OS 11.1.4-h15",
            "PAN-OS 11.1.4-h13",
            "PAN-OS 11.1.4-h12",
            "PAN-OS 11.1.4-h11",
            "PAN-OS 11.1.4-h10",
            "PAN-OS 11.1.4-h9",
            "PAN-OS 11.1.4-h8",
            "PAN-OS 11.1.4-h7",
            "PAN-OS 11.1.4-h6",
            "PAN-OS 11.1.4-h5",
            "PAN-OS 11.1.4-h4",
            "PAN-OS 11.1.4-h3",
            "PAN-OS 11.1.4-h2",
            "PAN-OS 11.1.4-h1",
            "PAN-OS 11.1.4",
            "PAN-OS 11.1.3-h13",
            "PAN-OS 11.1.3-h12",
            "PAN-OS 11.1.3-h11",
            "PAN-OS 11.1.3-h10",
            "PAN-OS 11.1.3-h9",
            "PAN-OS 11.1.3-h8",
            "PAN-OS 11.1.3-h7",
            "PAN-OS 11.1.3-h6",
            "PAN-OS 11.1.3-h5",
            "PAN-OS 11.1.3-h4",
            "PAN-OS 11.1.3-h3",
            "PAN-OS 11.1.3-h2",
            "PAN-OS 11.1.3-h1",
            "PAN-OS 11.1.3",
            "PAN-OS 11.1.2-h18",
            "PAN-OS 11.1.2-h17",
            "PAN-OS 11.1.2-h16",
            "PAN-OS 11.1.2-h15",
            "PAN-OS 11.1.2-h14",
            "PAN-OS 11.1.2-h13",
            "PAN-OS 11.1.2-h12",
            "PAN-OS 11.1.2-h11",
            "PAN-OS 11.1.2-h10",
            "PAN-OS 11.1.2-h9",
            "PAN-OS 11.1.2-h8",
            "PAN-OS 11.1.2-h7",
            "PAN-OS 11.1.2-h6",
            "PAN-OS 11.1.2-h5",
            "PAN-OS 11.1.2-h4",
            "PAN-OS 11.1.2-h3",
            "PAN-OS 11.1.2-h2",
            "PAN-OS 11.1.2-h1",
            "PAN-OS 11.1.2",
            "PAN-OS 11.1.1-h2",
            "PAN-OS 11.1.1-h1",
            "PAN-OS 11.1.1",
            "PAN-OS 11.1.0-h4",
            "PAN-OS 11.1.0-h3",
            "PAN-OS 11.1.0-h2",
            "PAN-OS 11.1.0-h1",
            "PAN-OS 11.1.0",
            "PAN-OS 10.2.18-h6",
            "PAN-OS 10.2.18-h5",
            "PAN-OS 10.2.18-h1",
            "PAN-OS 10.2.18",
            "PAN-OS 10.2.17",
            "PAN-OS 10.2.16-h7",
            "PAN-OS 10.2.16-h6",
            "PAN-OS 10.2.16-h4",
            "PAN-OS 10.2.16-h1",
            "PAN-OS 10.2.16",
            "PAN-OS 10.2.15",
            "PAN-OS 10.2.14-h1",
            "PAN-OS 10.2.14",
            "PAN-OS 10.2.13-h21",
            "PAN-OS 10.2.13-h18",
            "PAN-OS 10.2.13-h16",
            "PAN-OS 10.2.13-h15",
            "PAN-OS 10.2.13-h10",
            "PAN-OS 10.2.13-h7",
            "PAN-OS 10.2.13-h5",
            "PAN-OS 10.2.13-h4",
            "PAN-OS 10.2.13-h3",
            "PAN-OS 10.2.13-h2",
            "PAN-OS 10.2.13-h1",
            "PAN-OS 10.2.13",
            "PAN-OS 10.2.12-h6",
            "PAN-OS 10.2.12-h5",
            "PAN-OS 10.2.12-h4",
            "PAN-OS 10.2.12-h3",
            "PAN-OS 10.2.12-h2",
            "PAN-OS 10.2.12-h1",
            "PAN-OS 10.2.12",
            "PAN-OS 10.2.11-h13",
            "PAN-OS 10.2.11-h12",
            "PAN-OS 10.2.11-h11",
            "PAN-OS 10.2.11-h10",
            "PAN-OS 10.2.11-h9",
            "PAN-OS 10.2.11-h8",
            "PAN-OS 10.2.11-h7",
            "PAN-OS 10.2.11-h6",
            "PAN-OS 10.2.11-h5",
            "PAN-OS 10.2.11-h4",
            "PAN-OS 10.2.11-h3",
            "PAN-OS 10.2.11-h2",
            "PAN-OS 10.2.11-h1",
            "PAN-OS 10.2.11",
            "PAN-OS 10.2.10-h36",
            "PAN-OS 10.2.10-h31",
            "PAN-OS 10.2.10-h30",
            "PAN-OS 10.2.10-h27",
            "PAN-OS 10.2.10-h26",
            "PAN-OS 10.2.10-h23",
            "PAN-OS 10.2.10-h21",
            "PAN-OS 10.2.10-h18",
            "PAN-OS 10.2.10-h17",
            "PAN-OS 10.2.10-h14",
            "PAN-OS 10.2.10-h13",
            "PAN-OS 10.2.10-h12",
            "PAN-OS 10.2.10-h11",
            "PAN-OS 10.2.10-h10",
            "PAN-OS 10.2.10-h9",
            "PAN-OS 10.2.10-h8",
            "PAN-OS 10.2.10-h7",
            "PAN-OS 10.2.10-h6",
            "PAN-OS 10.2.10-h5",
            "PAN-OS 10.2.10-h4",
            "PAN-OS 10.2.10-h3",
            "PAN-OS 10.2.10-h2",
            "PAN-OS 10.2.10-h1",
            "PAN-OS 10.2.10",
            "PAN-OS 10.2.9-h21",
            "PAN-OS 10.2.9-h20",
            "PAN-OS 10.2.9-h19",
            "PAN-OS 10.2.9-h18",
            "PAN-OS 10.2.9-h17",
            "PAN-OS 10.2.9-h16",
            "PAN-OS 10.2.9-h15",
            "PAN-OS 10.2.9-h14",
            "PAN-OS 10.2.9-h13",
            "PAN-OS 10.2.9-h12",
            "PAN-OS 10.2.9-h11",
            "PAN-OS 10.2.9-h10",
            "PAN-OS 10.2.9-h9",
            "PAN-OS 10.2.9-h8",
            "PAN-OS 10.2.9-h7",
            "PAN-OS 10.2.9-h6",
            "PAN-OS 10.2.9-h5",
            "PAN-OS 10.2.9-h4",
            "PAN-OS 10.2.9-h3",
            "PAN-OS 10.2.9-h2",
            "PAN-OS 10.2.9-h1",
            "PAN-OS 10.2.9",
            "PAN-OS 10.2.8-h21",
            "PAN-OS 10.2.8-h20",
            "PAN-OS 10.2.8-h19",
            "PAN-OS 10.2.8-h18",
            "PAN-OS 10.2.8-h17",
            "PAN-OS 10.2.8-h16",
            "PAN-OS 10.2.8-h15",
            "PAN-OS 10.2.8-h14",
            "PAN-OS 10.2.8-h13",
            "PAN-OS 10.2.8-h12",
            "PAN-OS 10.2.8-h11",
            "PAN-OS 10.2.8-h10",
            "PAN-OS 10.2.8-h9",
            "PAN-OS 10.2.8-h8",
            "PAN-OS 10.2.8-h7",
            "PAN-OS 10.2.8-h6",
            "PAN-OS 10.2.8-h5",
            "PAN-OS 10.2.8-h4",
            "PAN-OS 10.2.8-h3",
            "PAN-OS 10.2.8-h2",
            "PAN-OS 10.2.8-h1",
            "PAN-OS 10.2.8",
            "PAN-OS 10.2.7-h34",
            "PAN-OS 10.2.7-h32",
            "PAN-OS 10.2.7-h24",
            "PAN-OS 10.2.7-h23",
            "PAN-OS 10.2.7-h22",
            "PAN-OS 10.2.7-h21",
            "PAN-OS 10.2.7-h20",
            "PAN-OS 10.2.7-h19",
            "PAN-OS 10.2.7-h18",
            "PAN-OS 10.2.7-h17",
            "PAN-OS 10.2.7-h16",
            "PAN-OS 10.2.7-h15",
            "PAN-OS 10.2.7-h14",
            "PAN-OS 10.2.7-h13",
            "PAN-OS 10.2.7-h12",
            "PAN-OS 10.2.7-h11",
            "PAN-OS 10.2.7-h10",
            "PAN-OS 10.2.7-h9",
            "PAN-OS 10.2.7-h8",
            "PAN-OS 10.2.7-h7",
            "PAN-OS 10.2.7-h6",
            "PAN-OS 10.2.7-h5",
            "PAN-OS 10.2.7-h4",
            "PAN-OS 10.2.7-h3",
            "PAN-OS 10.2.7-h2",
            "PAN-OS 10.2.7-h1",
            "PAN-OS 10.2.7",
            "PAN-OS 10.2.6-h6",
            "PAN-OS 10.2.6-h5",
            "PAN-OS 10.2.6-h4",
            "PAN-OS 10.2.6-h3",
            "PAN-OS 10.2.6-h2",
            "PAN-OS 10.2.6-h1",
            "PAN-OS 10.2.6",
            "PAN-OS 10.2.5-h9",
            "PAN-OS 10.2.5-h8",
            "PAN-OS 10.2.5-h7",
            "PAN-OS 10.2.5-h6",
            "PAN-OS 10.2.5-h5",
            "PAN-OS 10.2.5-h4",
            "PAN-OS 10.2.5-h3",
            "PAN-OS 10.2.5-h2",
            "PAN-OS 10.2.5-h1",
            "PAN-OS 10.2.5",
            "PAN-OS 10.2.4-h32",
            "PAN-OS 10.2.4-h31",
            "PAN-OS 10.2.4-h30",
            "PAN-OS 10.2.4-h29",
            "PAN-OS 10.2.4-h28",
            "PAN-OS 10.2.4-h27",
            "PAN-OS 10.2.4-h26",
            "PAN-OS 10.2.4-h25",
            "PAN-OS 10.2.4-h24",
            "PAN-OS 10.2.4-h23",
            "PAN-OS 10.2.4-h22",
            "PAN-OS 10.2.4-h21",
            "PAN-OS 10.2.4-h20",
            "PAN-OS 10.2.4-h19",
            "PAN-OS 10.2.4-h18",
            "PAN-OS 10.2.4-h17",
            "PAN-OS 10.2.4-h16",
            "PAN-OS 10.2.4-h15",
            "PAN-OS 10.2.4-h14",
            "PAN-OS 10.2.4-h13",
            "PAN-OS 10.2.4-h12",
            "PAN-OS 10.2.4-h11",
            "PAN-OS 10.2.4-h10",
            "PAN-OS 10.2.4-h9",
            "PAN-OS 10.2.4-h8",
            "PAN-OS 10.2.4-h7",
            "PAN-OS 10.2.4-h6",
            "PAN-OS 10.2.4-h5",
            "PAN-OS 10.2.4-h4",
            "PAN-OS 10.2.4-h3",
            "PAN-OS 10.2.4-h2",
            "PAN-OS 10.2.4-h1",
            "PAN-OS 10.2.4",
            "PAN-OS 10.2.3-h14",
            "PAN-OS 10.2.3-h13",
            "PAN-OS 10.2.3-h12",
            "PAN-OS 10.2.3-h11",
            "PAN-OS 10.2.3-h10",
            "PAN-OS 10.2.3-h9",
            "PAN-OS 10.2.3-h8",
            "PAN-OS 10.2.3-h7",
            "PAN-OS 10.2.3-h6",
            "PAN-OS 10.2.3-h5",
            "PAN-OS 10.2.3-h4",
            "PAN-OS 10.2.3-h3",
            "PAN-OS 10.2.3-h2",
            "PAN-OS 10.2.3-h1",
            "PAN-OS 10.2.3",
            "PAN-OS 10.2.2-h6",
            "PAN-OS 10.2.2-h5",
            "PAN-OS 10.2.2-h4",
            "PAN-OS 10.2.2-h3",
            "PAN-OS 10.2.2-h2",
            "PAN-OS 10.2.2-h1",
            "PAN-OS 10.2.2",
            "PAN-OS 10.2.1-h3",
            "PAN-OS 10.2.1-h2",
            "PAN-OS 10.2.1-h1",
            "PAN-OS 10.2.1",
            "PAN-OS 10.2.0-h4",
            "PAN-OS 10.2.0-h3",
            "PAN-OS 10.2.0-h2",
            "PAN-OS 10.2.0-h1",
            "PAN-OS 10.2.0"
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "assignerShortName": "palo_alto",
        "cveId": "CVE-2026-0286",
        "datePublished": "2026-07-09T18:56:29.289Z",
        "dateReserved": "2025-11-03T20:44:44.429Z",
        "dateUpdated": "2026-07-09T19:26:01.748Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0287 (GCVE-0-2026-0287)

    Vulnerability from cvelistv5 – Published: 2026-07-09 18:51 – Updated: 2026-07-09 19:26
    VLAI
    Title
    PAN-OS: Denial of Service Vulnerabilities in Network Traffic Processing
    Summary
    Multiple denial of service vulnerabilities in Palo Alto Networks PAN-OS® software allow an unauthenticated attacker with network access to cause a denial of service (DoS) condition by sending specially crafted network traffic to or through a dataplane interface. Repeated attempts to trigger this condition result in the firewall entering maintenance mode. Panorama is not impacted by these vulnerabilities.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-754 - Improper Check for Unusual or Exceptional Conditions
    Assigner
    References
    Impacted products
    Vendor Product Version
    Palo Alto Networks Cloud NGFW Affected: All (custom)
    Create a notification for this product.
    Palo Alto Networks PAN-OS Affected: 12.1.0 , < 12.1.4-h8 (custom)
    Affected: 11.2.0 , < 11.2.4-h20 (custom)
    Affected: 11.1.0 , < 11.1.4-h35 (custom)
    Affected: 10.2.0 , < 10.2.7-h36 (custom)
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.12:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h16:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h13:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.15:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.14:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h28:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h27:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h26:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h25:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h34:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h33:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h32:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h29:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h25:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h23:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h22:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h20:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h19:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h34:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h33:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h32:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h27:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h25:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h13:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h22:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h16:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h37:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h36:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h31:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h30:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h27:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h26:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h23:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h13:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h35:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h34:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h32:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h24:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h23:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h22:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h20:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h19:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h16:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h13:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Palo Alto Networks Prisma Access Affected: 11.2.0 , < 11.2.7-h18 (custom)
    Affected: 10.2.0 , < 10.2.10-h39 (custom)
    Create a notification for this product.
    Date Public
    2026-07-08 16:00
    Credits
    our internal security research teams
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0287",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T19:26:14.381516Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T19:26:20.257Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "platforms": [
                "AWS",
                "Azure"
              ],
              "product": "Cloud NGFW",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "status": "affected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h16:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h13:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h28:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h27:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h26:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h25:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h34:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h33:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h32:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h29:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h25:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h23:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h22:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h20:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h19:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h34:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h33:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h32:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h27:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h25:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h13:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h22:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h16:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h37:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h36:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h31:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h30:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h27:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h26:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h23:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h13:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h35:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h34:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h32:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h24:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h23:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h22:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h20:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h19:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h16:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h13:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "PAN-OS",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "12.1.4-h8",
                      "status": "unaffected"
                    },
                    {
                      "at": "12.1.7-h2",
                      "status": "unaffected"
                    },
                    {
                      "at": "12.1.8",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "12.1.4-h8",
                  "status": "affected",
                  "version": "12.1.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "11.2.4-h20",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.2.7-h18",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.2.10-h12",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.2.13",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "11.2.4-h20",
                  "status": "affected",
                  "version": "11.2.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "11.1.4-h35",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.6-h35",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.7-h8",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.10-h30",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.13-h9",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.16",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "11.1.4-h35",
                  "status": "affected",
                  "version": "11.1.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "10.2.7-h36",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.10-h39",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.13-h23",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.16-h9",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.18-h8",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "10.2.7-h36",
                  "status": "affected",
                  "version": "10.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Prisma Access",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "11.2.7-h18",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "11.2.7-h18",
                  "status": "affected",
                  "version": "11.2.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "10.2.10-h39",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "10.2.10-h39",
                  "status": "affected",
                  "version": "10.2.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "configurations": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "No special configuration is required to be affected by this issue."
                }
              ],
              "value": "No special configuration is required to be affected by this issue."
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:cloud_ngfw:*:*:*:*:*:AWS:*:*",
                      "versionStartIncluding": "all",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:cloud_ngfw:*:*:*:*:*:Azure:*:*",
                      "versionStartIncluding": "all",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "12.1.4-h8",
                      "versionStartIncluding": "12.1.4",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "12.1.7-h2",
                      "versionStartIncluding": "12.1.7",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "12.1.8",
                      "versionStartIncluding": "12.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.2.4-h20",
                      "versionStartIncluding": "11.2.4",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.2.7-h18",
                      "versionStartIncluding": "11.2.7",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.2.10-h12",
                      "versionStartIncluding": "11.2.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.2.13",
                      "versionStartIncluding": "11.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.4-h35",
                      "versionStartIncluding": "11.1.4",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.6-h35",
                      "versionStartIncluding": "11.1.6",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.7-h8",
                      "versionStartIncluding": "11.1.7",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.10-h30",
                      "versionStartIncluding": "11.1.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.13-h9",
                      "versionStartIncluding": "11.1.13",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.16",
                      "versionStartIncluding": "11.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.7-h36",
                      "versionStartIncluding": "10.2.7",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.10-h39",
                      "versionStartIncluding": "10.2.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.13-h23",
                      "versionStartIncluding": "10.2.13",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.16-h9",
                      "versionStartIncluding": "10.2.16",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.18-h8",
                      "versionStartIncluding": "10.2.18",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:prisma_access:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.2.7-h18",
                      "versionStartIncluding": "11.2.7",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:prisma_access:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.10-h39",
                      "versionStartIncluding": "10.2.10",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "our internal security research teams"
            }
          ],
          "datePublic": "2026-07-08T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Multiple denial of service vulnerabilities in Palo Alto Networks PAN-OS\u00ae software allow an unauthenticated attacker with network access to cause a denial of service (DoS) condition by sending specially crafted network traffic to or through a dataplane interface. Repeated attempts to trigger this condition result in the firewall entering maintenance mode.\u003cbr\u003e\u003cbr\u003ePanorama is not impacted by these vulnerabilities."
                }
              ],
              "value": "Multiple denial of service vulnerabilities in Palo Alto Networks PAN-OS\u00ae software allow an unauthenticated attacker with network access to cause a denial of service (DoS) condition by sending specially crafted network traffic to or through a dataplane interface. Repeated attempts to trigger this condition result in the firewall entering maintenance mode.\n\nPanorama is not impacted by these vulnerabilities."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
                }
              ],
              "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-153",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-153 Input Data Manipulation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NO",
                "Recovery": "USER",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.6,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "UNREPORTED",
                "privilegesRequired": "NONE",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "CONCENTRATED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:C/RE:M/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NO",
                "Recovery": "USER",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "ADJACENT",
                "baseScore": 4.6,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "UNREPORTED",
                "privilegesRequired": "LOW",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "CONCENTRATED",
                "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:C/RE:M/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "The risk of exploitation is lower for Prisma Access as it requires an authenticated user and the external network access to the dataplane interface is restricted."
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-754",
                  "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T18:51:42.539Z",
            "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
            "shortName": "palo_alto"
          },
          "references": [
            {
              "name": "https://security.paloaltonetworks.com/CVE-2026-PAN-323400",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.paloaltonetworks.com/CVE-2026-0287"
            }
          ],
          "solutions": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003ctable\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eVersion\u003c/th\u003e\u003cth\u003eMinor Version Range\u003c/th\u003e\u003cth\u003eSuggested Solution\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eCloud NGFW\u003c/td\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003eCustomers who prefer to upgrade can work with Palo Alto Networks support to schedule an on-demand software upgrade.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 12.1\u003c/td\u003e\u003ctd\u003e12.1.5 through 12.1.7-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 12.1.7-h2 or 12.1.8 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e12.1.2 through 12.1.4-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 12.1.4-h8 or 12.1.8 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 11.2\u003c/td\u003e\u003ctd\u003e11.2.11 through 11.2.12\u003c/td\u003e\u003ctd\u003eUpgrade to 11.2.13 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.2.8 through 11.2.10-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.2.10-h12 or 11.2.13 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.2.5 through 11.2.7-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.2.7-h18 or 11.2.13 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.2.0 through 11.2.4-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.2.4-h20 or 11.2.13 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 11.1\u003c/td\u003e\u003ctd\u003e11.1.14 through 11.1.15\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.16 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.1.11 through 11.1.13-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.13-h9 or 11.1.16 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.1.8 through 11.1.10-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.10-h30 or 11.1.16 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.1.7 through 11.1.7-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.7-h8 or 11.1.16 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.1.5 through 11.1.6-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.6-h35 or 11.1.16 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.1.0 through 11.1.4-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.4-h35 or 11.1.16 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 10.2\u003c/td\u003e\u003ctd\u003e10.2.17 through 10.2.18-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 10.2.18-h8 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e10.2.14 through 10.2.16-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 10.2.16-h9 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e10.2.11 through 10.2.13-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 10.2.13-h23 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e10.2.8 through 10.2.10-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 10.2.10-h39 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e10.2.0 through 10.2.7-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 10.2.7-h36 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eAll other older\u003cbr\u003eunsupported\u003cbr\u003ePAN-OS versions\u003c/td\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003eUpgrade to a supported fixed version.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePrisma Access 11.2\u003c/td\u003e\u003ctd\u003e11.2.0 through 11.2.7\u003c/td\u003e\u003ctd\u003eUpgrade to 11.2.7-h18 or later.*\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePrisma Access 10.2\u003c/td\u003e\u003ctd\u003e10.2.0 through 10.2.10\u003c/td\u003e\u003ctd\u003eUpgrade to 10.2.10-h39 or later.*\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cbr\u003e* See the note under Product Status for information regarding Cloud NGFW and Prisma Access upgrades."
                }
              ],
              "value": "VersionMinor Version RangeSuggested SolutionCloud NGFW\nCustomers who prefer to upgrade can work with Palo Alto Networks support to schedule an on-demand software upgrade.PAN-OS 12.112.1.5 through 12.1.7-h*Upgrade to 12.1.7-h2 or 12.1.8 or later.\n12.1.2 through 12.1.4-h*Upgrade to 12.1.4-h8 or 12.1.8 or later.PAN-OS 11.211.2.11 through 11.2.12Upgrade to 11.2.13 or later.\n11.2.8 through 11.2.10-h*Upgrade to 11.2.10-h12 or 11.2.13 or later.\n11.2.5 through 11.2.7-h*Upgrade to 11.2.7-h18 or 11.2.13 or later.\n11.2.0 through 11.2.4-h*Upgrade to 11.2.4-h20 or 11.2.13 or later.PAN-OS 11.111.1.14 through 11.1.15Upgrade to 11.1.16 or later.\n11.1.11 through 11.1.13-h*Upgrade to 11.1.13-h9 or 11.1.16 or later.\n11.1.8 through 11.1.10-h*Upgrade to 11.1.10-h30 or 11.1.16 or later.\n11.1.7 through 11.1.7-h*Upgrade to 11.1.7-h8 or 11.1.16 or later.\n11.1.5 through 11.1.6-h*Upgrade to 11.1.6-h35 or 11.1.16 or later.\n11.1.0 through 11.1.4-h*Upgrade to 11.1.4-h35 or 11.1.16 or later.PAN-OS 10.210.2.17 through 10.2.18-h*Upgrade to 10.2.18-h8 or later.\n10.2.14 through 10.2.16-h*Upgrade to 10.2.16-h9 or later.\n10.2.11 through 10.2.13-h*Upgrade to 10.2.13-h23 or later.\n10.2.8 through 10.2.10-h*Upgrade to 10.2.10-h39 or later.\n10.2.0 through 10.2.7-h*Upgrade to 10.2.7-h36 or later.All other older\nunsupported\nPAN-OS versions\nUpgrade to a supported fixed version.Prisma Access 11.211.2.0 through 11.2.7Upgrade to 11.2.7-h18 or later.*Prisma Access 10.210.2.0 through 10.2.10Upgrade to 10.2.10-h39 or later.*\n* See the note under Product Status for information regarding Cloud NGFW and Prisma Access upgrades."
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-08T16:00:00.000Z",
              "value": "Initial publication"
            }
          ],
          "title": "PAN-OS: Denial of Service Vulnerabilities in Network Traffic Processing",
          "workarounds": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "No known workarounds exist for this issue."
                }
              ],
              "value": "No known workarounds exist for this issue."
            }
          ],
          "x_affectedList": [
            "PAN-OS 12.1.7-h1",
            "PAN-OS 12.1.7",
            "PAN-OS 12.1.6",
            "PAN-OS 12.1.5",
            "PAN-OS 12.1.4-h7",
            "PAN-OS 12.1.4-h6",
            "PAN-OS 12.1.4-h5",
            "PAN-OS 12.1.4-h3",
            "PAN-OS 12.1.4-h2",
            "PAN-OS 12.1.4",
            "PAN-OS 12.1.3-h3",
            "PAN-OS 12.1.3-h1",
            "PAN-OS 12.1.3",
            "PAN-OS 12.1.2",
            "PAN-OS 11.2.12",
            "PAN-OS 11.2.11",
            "PAN-OS 11.2.10-h10",
            "PAN-OS 11.2.10-h9",
            "PAN-OS 11.2.10-h8",
            "PAN-OS 11.2.10-h7",
            "PAN-OS 11.2.10-h6",
            "PAN-OS 11.2.10-h5",
            "PAN-OS 11.2.10-h4",
            "PAN-OS 11.2.10-h3",
            "PAN-OS 11.2.10-h2",
            "PAN-OS 11.2.10-h1",
            "PAN-OS 11.2.10",
            "PAN-OS 11.2.9",
            "PAN-OS 11.2.8",
            "PAN-OS 11.2.7-h17",
            "PAN-OS 11.2.7-h16",
            "PAN-OS 11.2.7-h15",
            "PAN-OS 11.2.7-h14",
            "PAN-OS 11.2.7-h13",
            "PAN-OS 11.2.7-h12",
            "PAN-OS 11.2.7-h11",
            "PAN-OS 11.2.7-h10",
            "PAN-OS 11.2.7-h8",
            "PAN-OS 11.2.7-h7",
            "PAN-OS 11.2.7-h4",
            "PAN-OS 11.2.7-h3",
            "PAN-OS 11.2.7-h2",
            "PAN-OS 11.2.7-h1",
            "PAN-OS 11.2.7",
            "PAN-OS 11.2.6",
            "PAN-OS 11.2.5",
            "PAN-OS 11.2.4-h18",
            "PAN-OS 11.2.4-h17",
            "PAN-OS 11.2.4-h15",
            "PAN-OS 11.2.4-h14",
            "PAN-OS 11.2.4-h12",
            "PAN-OS 11.2.4-h11",
            "PAN-OS 11.2.4-h10",
            "PAN-OS 11.2.4-h9",
            "PAN-OS 11.2.4-h8",
            "PAN-OS 11.2.4-h7",
            "PAN-OS 11.2.4-h6",
            "PAN-OS 11.2.4-h5",
            "PAN-OS 11.2.4-h4",
            "PAN-OS 11.2.4-h3",
            "PAN-OS 11.2.4-h2",
            "PAN-OS 11.2.4-h1",
            "PAN-OS 11.2.4",
            "PAN-OS 11.2.3-h5",
            "PAN-OS 11.2.3-h4",
            "PAN-OS 11.2.3-h3",
            "PAN-OS 11.2.3-h2",
            "PAN-OS 11.2.3-h1",
            "PAN-OS 11.2.3",
            "PAN-OS 11.2.2-h2",
            "PAN-OS 11.2.2-h1",
            "PAN-OS 11.2.1-h1",
            "PAN-OS 11.2.1",
            "PAN-OS 11.2.0-h1",
            "PAN-OS 11.2.0",
            "PAN-OS 11.1.15",
            "PAN-OS 11.1.14",
            "PAN-OS 11.1.13-h8",
            "PAN-OS 11.1.13-h7",
            "PAN-OS 11.1.13-h6",
            "PAN-OS 11.1.13-h5",
            "PAN-OS 11.1.13-h3",
            "PAN-OS 11.1.13-h2",
            "PAN-OS 11.1.13-h1",
            "PAN-OS 11.1.13",
            "PAN-OS 11.1.12",
            "PAN-OS 11.1.11",
            "PAN-OS 11.1.10-h28",
            "PAN-OS 11.1.10-h27",
            "PAN-OS 11.1.10-h26",
            "PAN-OS 11.1.10-h25",
            "PAN-OS 11.1.10-h21",
            "PAN-OS 11.1.10-h12",
            "PAN-OS 11.1.10-h10",
            "PAN-OS 11.1.10-h9",
            "PAN-OS 11.1.10-h7",
            "PAN-OS 11.1.10-h5",
            "PAN-OS 11.1.10-h4",
            "PAN-OS 11.1.10-h1",
            "PAN-OS 11.1.10",
            "PAN-OS 11.1.9",
            "PAN-OS 11.1.8",
            "PAN-OS 11.1.6-h34",
            "PAN-OS 11.1.6-h33",
            "PAN-OS 11.1.6-h32",
            "PAN-OS 11.1.6-h29",
            "PAN-OS 11.1.6-h25",
            "PAN-OS 11.1.6-h23",
            "PAN-OS 11.1.6-h22",
            "PAN-OS 11.1.6-h21",
            "PAN-OS 11.1.6-h20",
            "PAN-OS 11.1.6-h19",
            "PAN-OS 11.1.6-h18",
            "PAN-OS 11.1.6-h17",
            "PAN-OS 11.1.6-h14",
            "PAN-OS 11.1.6-h10",
            "PAN-OS 11.1.6-h7",
            "PAN-OS 11.1.6-h6",
            "PAN-OS 11.1.6-h4",
            "PAN-OS 11.1.6-h3",
            "PAN-OS 11.1.6-h2",
            "PAN-OS 11.1.6-h1",
            "PAN-OS 11.1.6",
            "PAN-OS 11.1.5-h1",
            "PAN-OS 11.1.5",
            "PAN-OS 11.1.4-h34",
            "PAN-OS 11.1.4-h33",
            "PAN-OS 11.1.4-h32",
            "PAN-OS 11.1.4-h27",
            "PAN-OS 11.1.4-h25",
            "PAN-OS 11.1.4-h18",
            "PAN-OS 11.1.4-h17",
            "PAN-OS 11.1.4-h15",
            "PAN-OS 11.1.4-h13",
            "PAN-OS 11.1.4-h12",
            "PAN-OS 11.1.4-h11",
            "PAN-OS 11.1.4-h10",
            "PAN-OS 11.1.4-h9",
            "PAN-OS 11.1.4-h8",
            "PAN-OS 11.1.4-h7",
            "PAN-OS 11.1.4-h6",
            "PAN-OS 11.1.4-h5",
            "PAN-OS 11.1.4-h4",
            "PAN-OS 11.1.4-h3",
            "PAN-OS 11.1.4-h2",
            "PAN-OS 11.1.4-h1",
            "PAN-OS 11.1.4",
            "PAN-OS 11.1.3-h13",
            "PAN-OS 11.1.3-h12",
            "PAN-OS 11.1.3-h11",
            "PAN-OS 11.1.3-h10",
            "PAN-OS 11.1.3-h9",
            "PAN-OS 11.1.3-h8",
            "PAN-OS 11.1.3-h7",
            "PAN-OS 11.1.3-h6",
            "PAN-OS 11.1.3-h5",
            "PAN-OS 11.1.3-h4",
            "PAN-OS 11.1.3-h3",
            "PAN-OS 11.1.3-h2",
            "PAN-OS 11.1.3-h1",
            "PAN-OS 11.1.3",
            "PAN-OS 11.1.2-h18",
            "PAN-OS 11.1.2-h17",
            "PAN-OS 11.1.2-h16",
            "PAN-OS 11.1.2-h15",
            "PAN-OS 11.1.2-h14",
            "PAN-OS 11.1.2-h13",
            "PAN-OS 11.1.2-h12",
            "PAN-OS 11.1.2-h11",
            "PAN-OS 11.1.2-h10",
            "PAN-OS 11.1.2-h9",
            "PAN-OS 11.1.2-h8",
            "PAN-OS 11.1.2-h7",
            "PAN-OS 11.1.2-h6",
            "PAN-OS 11.1.2-h5",
            "PAN-OS 11.1.2-h4",
            "PAN-OS 11.1.2-h3",
            "PAN-OS 11.1.2-h2",
            "PAN-OS 11.1.2-h1",
            "PAN-OS 11.1.2",
            "PAN-OS 11.1.1-h2",
            "PAN-OS 11.1.1-h1",
            "PAN-OS 11.1.1",
            "PAN-OS 11.1.0-h4",
            "PAN-OS 11.1.0-h3",
            "PAN-OS 11.1.0-h2",
            "PAN-OS 11.1.0-h1",
            "PAN-OS 11.1.0",
            "PAN-OS 10.2.18-h7",
            "PAN-OS 10.2.18-h6",
            "PAN-OS 10.2.18-h5",
            "PAN-OS 10.2.18-h1",
            "PAN-OS 10.2.18",
            "PAN-OS 10.2.17",
            "PAN-OS 10.2.16-h8",
            "PAN-OS 10.2.16-h7",
            "PAN-OS 10.2.16-h6",
            "PAN-OS 10.2.16-h4",
            "PAN-OS 10.2.16-h1",
            "PAN-OS 10.2.16",
            "PAN-OS 10.2.15",
            "PAN-OS 10.2.14-h1",
            "PAN-OS 10.2.14",
            "PAN-OS 10.2.13-h22",
            "PAN-OS 10.2.13-h21",
            "PAN-OS 10.2.13-h18",
            "PAN-OS 10.2.13-h16",
            "PAN-OS 10.2.13-h15",
            "PAN-OS 10.2.13-h10",
            "PAN-OS 10.2.13-h7",
            "PAN-OS 10.2.13-h5",
            "PAN-OS 10.2.13-h4",
            "PAN-OS 10.2.13-h3",
            "PAN-OS 10.2.13-h2",
            "PAN-OS 10.2.13-h1",
            "PAN-OS 10.2.13",
            "PAN-OS 10.2.12-h6",
            "PAN-OS 10.2.12-h5",
            "PAN-OS 10.2.12-h4",
            "PAN-OS 10.2.12-h3",
            "PAN-OS 10.2.12-h2",
            "PAN-OS 10.2.12-h1",
            "PAN-OS 10.2.12",
            "PAN-OS 10.2.11-h13",
            "PAN-OS 10.2.11-h12",
            "PAN-OS 10.2.11-h11",
            "PAN-OS 10.2.11-h10",
            "PAN-OS 10.2.11-h9",
            "PAN-OS 10.2.11-h8",
            "PAN-OS 10.2.11-h7",
            "PAN-OS 10.2.11-h6",
            "PAN-OS 10.2.11-h5",
            "PAN-OS 10.2.11-h4",
            "PAN-OS 10.2.11-h3",
            "PAN-OS 10.2.11-h2",
            "PAN-OS 10.2.11-h1",
            "PAN-OS 10.2.11",
            "PAN-OS 10.2.10-h37",
            "PAN-OS 10.2.10-h36",
            "PAN-OS 10.2.10-h31",
            "PAN-OS 10.2.10-h30",
            "PAN-OS 10.2.10-h27",
            "PAN-OS 10.2.10-h26",
            "PAN-OS 10.2.10-h23",
            "PAN-OS 10.2.10-h21",
            "PAN-OS 10.2.10-h18",
            "PAN-OS 10.2.10-h17",
            "PAN-OS 10.2.10-h14",
            "PAN-OS 10.2.10-h13",
            "PAN-OS 10.2.10-h12",
            "PAN-OS 10.2.10-h11",
            "PAN-OS 10.2.10-h10",
            "PAN-OS 10.2.10-h9",
            "PAN-OS 10.2.10-h8",
            "PAN-OS 10.2.10-h7",
            "PAN-OS 10.2.10-h6",
            "PAN-OS 10.2.10-h5",
            "PAN-OS 10.2.10-h4",
            "PAN-OS 10.2.10-h3",
            "PAN-OS 10.2.10-h2",
            "PAN-OS 10.2.10-h1",
            "PAN-OS 10.2.10",
            "PAN-OS 10.2.9-h21",
            "PAN-OS 10.2.9-h20",
            "PAN-OS 10.2.9-h19",
            "PAN-OS 10.2.9-h18",
            "PAN-OS 10.2.9-h17",
            "PAN-OS 10.2.9-h16",
            "PAN-OS 10.2.9-h15",
            "PAN-OS 10.2.9-h14",
            "PAN-OS 10.2.9-h13",
            "PAN-OS 10.2.9-h12",
            "PAN-OS 10.2.9-h11",
            "PAN-OS 10.2.9-h10",
            "PAN-OS 10.2.9-h9",
            "PAN-OS 10.2.9-h8",
            "PAN-OS 10.2.9-h7",
            "PAN-OS 10.2.9-h6",
            "PAN-OS 10.2.9-h5",
            "PAN-OS 10.2.9-h4",
            "PAN-OS 10.2.9-h3",
            "PAN-OS 10.2.9-h2",
            "PAN-OS 10.2.9-h1",
            "PAN-OS 10.2.9",
            "PAN-OS 10.2.8-h21",
            "PAN-OS 10.2.8-h20",
            "PAN-OS 10.2.8-h19",
            "PAN-OS 10.2.8-h18",
            "PAN-OS 10.2.8-h17",
            "PAN-OS 10.2.8-h16",
            "PAN-OS 10.2.8-h15",
            "PAN-OS 10.2.8-h14",
            "PAN-OS 10.2.8-h13",
            "PAN-OS 10.2.8-h12",
            "PAN-OS 10.2.8-h11",
            "PAN-OS 10.2.8-h10",
            "PAN-OS 10.2.8-h9",
            "PAN-OS 10.2.8-h8",
            "PAN-OS 10.2.8-h7",
            "PAN-OS 10.2.8-h6",
            "PAN-OS 10.2.8-h5",
            "PAN-OS 10.2.8-h4",
            "PAN-OS 10.2.8-h3",
            "PAN-OS 10.2.8-h2",
            "PAN-OS 10.2.8-h1",
            "PAN-OS 10.2.8",
            "PAN-OS 10.2.7-h35",
            "PAN-OS 10.2.7-h34",
            "PAN-OS 10.2.7-h32",
            "PAN-OS 10.2.7-h24",
            "PAN-OS 10.2.7-h23",
            "PAN-OS 10.2.7-h22",
            "PAN-OS 10.2.7-h21",
            "PAN-OS 10.2.7-h20",
            "PAN-OS 10.2.7-h19",
            "PAN-OS 10.2.7-h18",
            "PAN-OS 10.2.7-h17",
            "PAN-OS 10.2.7-h16",
            "PAN-OS 10.2.7-h15",
            "PAN-OS 10.2.7-h14",
            "PAN-OS 10.2.7-h13",
            "PAN-OS 10.2.7-h12",
            "PAN-OS 10.2.7-h11",
            "PAN-OS 10.2.7-h10",
            "PAN-OS 10.2.7-h9",
            "PAN-OS 10.2.7-h8",
            "PAN-OS 10.2.7-h7",
            "PAN-OS 10.2.7-h6",
            "PAN-OS 10.2.7-h5",
            "PAN-OS 10.2.7-h4",
            "PAN-OS 10.2.7-h3",
            "PAN-OS 10.2.7-h2",
            "PAN-OS 10.2.7-h1",
            "PAN-OS 10.2.7",
            "PAN-OS 10.2.6-h6",
            "PAN-OS 10.2.6-h5",
            "PAN-OS 10.2.6-h4",
            "PAN-OS 10.2.6-h3",
            "PAN-OS 10.2.6-h2",
            "PAN-OS 10.2.6-h1",
            "PAN-OS 10.2.6",
            "PAN-OS 10.2.5-h9",
            "PAN-OS 10.2.5-h8",
            "PAN-OS 10.2.5-h7",
            "PAN-OS 10.2.5-h6",
            "PAN-OS 10.2.5-h5",
            "PAN-OS 10.2.5-h4",
            "PAN-OS 10.2.5-h3",
            "PAN-OS 10.2.5-h2",
            "PAN-OS 10.2.5-h1",
            "PAN-OS 10.2.5",
            "PAN-OS 10.2.4-h32",
            "PAN-OS 10.2.4-h31",
            "PAN-OS 10.2.4-h30",
            "PAN-OS 10.2.4-h29",
            "PAN-OS 10.2.4-h28",
            "PAN-OS 10.2.4-h27",
            "PAN-OS 10.2.4-h26",
            "PAN-OS 10.2.4-h25",
            "PAN-OS 10.2.4-h24",
            "PAN-OS 10.2.4-h23",
            "PAN-OS 10.2.4-h22",
            "PAN-OS 10.2.4-h21",
            "PAN-OS 10.2.4-h20",
            "PAN-OS 10.2.4-h19",
            "PAN-OS 10.2.4-h18",
            "PAN-OS 10.2.4-h17",
            "PAN-OS 10.2.4-h16",
            "PAN-OS 10.2.4-h15",
            "PAN-OS 10.2.4-h14",
            "PAN-OS 10.2.4-h13",
            "PAN-OS 10.2.4-h12",
            "PAN-OS 10.2.4-h11",
            "PAN-OS 10.2.4-h10",
            "PAN-OS 10.2.4-h9",
            "PAN-OS 10.2.4-h8",
            "PAN-OS 10.2.4-h7",
            "PAN-OS 10.2.4-h6",
            "PAN-OS 10.2.4-h5",
            "PAN-OS 10.2.4-h4",
            "PAN-OS 10.2.4-h3",
            "PAN-OS 10.2.4-h2",
            "PAN-OS 10.2.4-h1",
            "PAN-OS 10.2.4",
            "PAN-OS 10.2.3-h14",
            "PAN-OS 10.2.3-h13",
            "PAN-OS 10.2.3-h12",
            "PAN-OS 10.2.3-h11",
            "PAN-OS 10.2.3-h10",
            "PAN-OS 10.2.3-h9",
            "PAN-OS 10.2.3-h8",
            "PAN-OS 10.2.3-h7",
            "PAN-OS 10.2.3-h6",
            "PAN-OS 10.2.3-h5",
            "PAN-OS 10.2.3-h4",
            "PAN-OS 10.2.3-h3",
            "PAN-OS 10.2.3-h2",
            "PAN-OS 10.2.3-h1",
            "PAN-OS 10.2.3",
            "PAN-OS 10.2.2-h6",
            "PAN-OS 10.2.2-h5",
            "PAN-OS 10.2.2-h4",
            "PAN-OS 10.2.2-h3",
            "PAN-OS 10.2.2-h2",
            "PAN-OS 10.2.2-h1",
            "PAN-OS 10.2.2",
            "PAN-OS 10.2.1-h3",
            "PAN-OS 10.2.1-h2",
            "PAN-OS 10.2.1-h1",
            "PAN-OS 10.2.1",
            "PAN-OS 10.2.0-h4",
            "PAN-OS 10.2.0-h3",
            "PAN-OS 10.2.0-h2",
            "PAN-OS 10.2.0-h1",
            "PAN-OS 10.2.0"
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "assignerShortName": "palo_alto",
        "cveId": "CVE-2026-0287",
        "datePublished": "2026-07-09T18:51:42.539Z",
        "dateReserved": "2025-11-03T20:44:45.634Z",
        "dateUpdated": "2026-07-09T19:26:20.257Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0288 (GCVE-0-2026-0288)

    Vulnerability from cvelistv5 – Published: 2026-07-08 20:14 – Updated: 2026-07-09 18:48
    VLAI
    Title
    PAN-OS: Buffer Overflow Vulnerabilities in User-ID Terminal Server Agent
    Summary
    Multiple buffer overflow vulnerabilities in the User-ID Terminal Server Agent (TSA) component of Palo Alto Networks PAN-OS software allow an unauthenticated attacker with network access to cause a denial of service (DoS) condition or potentially execute arbitrary code by sending specially crafted network traffic. The security risk posed by this issue is minimized when the User-ID Terminal Server Agent connectivity is restricted to only trusted internal IP addresses according to our recommended best practice deployment guidelines https://docs.paloaltonetworks.com/ngfw/help/10-2/user-identification/device-user-identification-terminal-services-agents#:~:text=To%20minimize%20security%20risk%2C%20restrict%20TS%20Agent%20connectivity%20to%20trusted%20internal%20IP%20addresses%20only. . Panorama is not impacted by this vulnerability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Palo Alto Networks Cloud NGFW Unaffected: All (custom)
    Create a notification for this product.
    Palo Alto Networks PAN-OS Affected: 12.1.0 , < 12.1.8 (custom)
    Affected: 11.2.0 , < 11.2.13 (custom)
    Affected: 11.1.0 , < 11.1.16 (custom)
    Affected: 10.2.0 , < 10.2.7-h36 (custom)
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.12:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h16:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h13:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.15:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.14:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h28:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h27:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h26:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h25:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h34:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h33:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h32:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h29:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h25:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h23:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h22:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h20:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h19:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h34:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h33:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h32:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h27:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h25:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h13:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h22:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h16:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h37:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h36:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h31:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h30:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h27:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h26:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h23:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h13:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h35:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h34:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h32:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h24:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h23:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h22:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h20:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h19:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h16:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h13:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Palo Alto Networks Prisma Access Affected: 11.2.0 , < 11.2.7-h18 (custom)
    Affected: 10.2.0 , < 10.2.10-h39 (custom)
    Create a notification for this product.
    Date Public
    2026-07-08 16:00
    Credits
    Liang Zhu
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0288",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T03:55:51.922548Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T13:54:42.864Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "platforms": [
                "AWS",
                "Azure"
              ],
              "product": "Cloud NGFW",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h16:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h13:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h28:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h27:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h26:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h25:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h34:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h33:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h32:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h29:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h25:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h23:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h22:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h20:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h19:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h34:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h33:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h32:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h27:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h25:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h13:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h22:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h16:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h37:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h36:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h31:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h30:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h27:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h26:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h23:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h13:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h35:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h34:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h32:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h24:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h23:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h22:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h20:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h19:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h16:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h13:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "PAN-OS",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "12.1.8",
                      "status": "unaffected"
                    },
                    {
                      "at": "12.1.7-h2",
                      "status": "unaffected"
                    },
                    {
                      "at": "12.1.4-h8",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "12.1.8",
                  "status": "affected",
                  "version": "12.1.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "11.2.13",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.2.10-h12",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.2.7-h18",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.2.4-h20",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "11.2.13",
                  "status": "affected",
                  "version": "11.2.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "11.1.16",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.13-h9",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.10-h30",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.7-h8",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.6-h35",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.4-h35",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "11.1.16",
                  "status": "affected",
                  "version": "11.1.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "10.2.18-h8",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.16-h9",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.13-h23",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.10-h39",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.7-h36",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "10.2.7-h36",
                  "status": "affected",
                  "version": "10.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Prisma Access",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "11.2.7-h18",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "11.2.7-h18",
                  "status": "affected",
                  "version": "11.2.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "10.2.10-h39",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "10.2.10-h39",
                  "status": "affected",
                  "version": "10.2.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "configurations": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003e\u003cspan\u003eThis issue only affects PAN-OS devices with at least one Terminal Server Agent (TSA) entry configured\u003c/span\u003e\u003cb\u003e\u003cspan\u003e\u003cbr\u003e\u003c/span\u003e\u003cspan\u003e\u003cbr\u003e\u003c/span\u003e\u003c/b\u003e\u003cspan\u003eTo check if a PAN-OS device has a Terminal Server Agent configured, navigate to:\u003c/span\u003e\u003cb\u003e\u003cspan\u003e\u003cbr\u003e\u003c/span\u003e\u003cspan\u003e\u003cbr\u003e\u003c/span\u003e\u003c/b\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/ngfw/help/12-1/user-identification/device-user-identification-terminal-services-agents\"\u003e\u003cspan\u003eDevice \u0026gt; User Identification \u0026gt; Terminal Server Agents\u003c/span\u003e\u003c/a\u003e\u003cbr\u003e\u003c/p\u003e"
                }
              ],
              "value": "This issue only affects PAN-OS devices with at least one Terminal Server Agent (TSA) entry configured\n\nTo check if a PAN-OS device has a Terminal Server Agent configured, navigate to:\n\n Device \u003e User Identification \u003e Terminal Server Agents https://docs.paloaltonetworks.com/ngfw/help/12-1/user-identification/device-user-identification-terminal-services-agents"
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "12.1.8",
                      "versionStartIncluding": "12.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "12.1.7-h2",
                      "versionStartIncluding": "12.1.7",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "12.1.4-h8",
                      "versionStartIncluding": "12.1.4",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.2.13",
                      "versionStartIncluding": "11.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.2.10-h12",
                      "versionStartIncluding": "11.2.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.2.7-h18",
                      "versionStartIncluding": "11.2.7",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.2.4-h20",
                      "versionStartIncluding": "11.2.4",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.16",
                      "versionStartIncluding": "11.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.13-h9",
                      "versionStartIncluding": "11.1.13",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.10-h30",
                      "versionStartIncluding": "11.1.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.7-h8",
                      "versionStartIncluding": "11.1.7",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.6-h35",
                      "versionStartIncluding": "11.1.6",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.4-h35",
                      "versionStartIncluding": "11.1.4",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.18-h8",
                      "versionStartIncluding": "10.2.18",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.16-h9",
                      "versionStartIncluding": "10.2.16",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.13-h23",
                      "versionStartIncluding": "10.2.13",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.10-h39",
                      "versionStartIncluding": "10.2.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.7-h36",
                      "versionStartIncluding": "10.2.7",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:prisma_access:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.2.7-h18",
                      "versionStartIncluding": "11.2.7",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:prisma_access:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.10-h39",
                      "versionStartIncluding": "10.2.10",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Liang Zhu"
            }
          ],
          "datePublic": "2026-07-08T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eMultiple buffer overflow vulnerabilities in the User-ID Terminal Server Agent (TSA) component of Palo Alto Networks PAN-OS software allow an unauthenticated attacker with network access to cause a denial of service (DoS) condition or potentially execute arbitrary code by sending specially crafted network traffic.\u003cb\u003e\u003cbr\u003e\u003cbr\u003e\u003c/b\u003eThe security risk posed by this issue is minimized when the User-ID Terminal Server Agent connectivity is restricted to only trusted internal IP addresses according to our recommended\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/ngfw/help/10-2/user-identification/device-user-identification-terminal-services-agents#:~:text=To%20minimize%20security%20risk%2C%20restrict%20TS%20Agent%20connectivity%20to%20trusted%20internal%20IP%20addresses%20only.\"\u003e best practice deployment guidelines\u003c/a\u003e.\u003cb\u003e\u003cbr\u003e\u003cbr\u003e\u003c/b\u003e\u003cspan\u003ePanorama is not impacted by this vulnerability.\u003c/span\u003e\u003cbr\u003e\u003c/p\u003e"
                }
              ],
              "value": "Multiple buffer overflow vulnerabilities in the User-ID Terminal Server Agent (TSA) component of Palo Alto Networks PAN-OS software allow an unauthenticated attacker with network access to cause a denial of service (DoS) condition or potentially execute arbitrary code by sending specially crafted network traffic.\n\nThe security risk posed by this issue is minimized when the User-ID Terminal Server Agent connectivity is restricted to only trusted internal IP addresses according to our recommended  best practice deployment guidelines https://docs.paloaltonetworks.com/ngfw/help/10-2/user-identification/device-user-identification-terminal-services-agents#:~:text=To%20minimize%20security%20risk%2C%20restrict%20TS%20Agent%20connectivity%20to%20trusted%20internal%20IP%20addresses%20only. .\n\nPanorama is not impacted by this vulnerability."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Palo Alto Networks is not aware of any malicious exploitation of these issues."
                }
              ],
              "value": "Palo Alto Networks is not aware of any malicious exploitation of these issues."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100 Overflow Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NO",
                "Recovery": "USER",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "exploitMaturity": "UNREPORTED",
                "privilegesRequired": "NONE",
                "providerUrgency": "RED",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "LOW",
                "userInteraction": "NONE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:U/AU:N/R:U/V:D/RE:M/U:Red",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "The risk is highest when you configure the User-ID Terminal Server Agent (TSA) IP and port access from the Internet or any untrusted network."
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NO",
                "Recovery": "USER",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "ADJACENT",
                "baseScore": 5.2,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "UNREPORTED",
                "privilegesRequired": "NONE",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "LOW",
                "userInteraction": "NONE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:U/AU:N/R:U/V:D/RE:M/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "You can reduce the risk of exploitation by restricting User-ID Terminal Server Agent (TSA) IP and port access to only trusted internal IP addresses and preventing its exposure to the internet."
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NO",
                "Recovery": "USER",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "ADJACENT",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "UNREPORTED",
                "privilegesRequired": "LOW",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "LOW",
                "userInteraction": "NONE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:U/AU:N/R:U/V:D/RE:M/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "The risk of exploitation is lower for Prisma Access as it requires an authenticated user and the external network access to the User-ID Terminal Server Agent (TSA) IP and port is restricted."
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T18:48:32.880Z",
            "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
            "shortName": "palo_alto"
          },
          "references": [
            {
              "name": "https://security.paloaltonetworks.com/CVE-2026-PAN-323400",
              "url": "https://security.paloaltonetworks.com/"
            }
          ],
          "solutions": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003ctable\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eVersion\u003cbr\u003e\u003c/th\u003e\u003cth\u003eMinor Version\u003cbr\u003e\u003c/th\u003e\u003cth\u003eSuggested Solution\u003cbr\u003e\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eCloud NGFW\u003c/td\u003e\u003ctd\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003ePAN-OS 12.1\u003cbr\u003e\u003c/td\u003e\n                                \u003ctd\u003e12.1.5 through 12.1.7-h*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 12.1.7-h2 or 12.1.8 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e12.1.2 through 12.1.4-h*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 12.1.4-h8 or 12.1.8 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003ePAN-OS 11.2\u003cbr\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.2.0 through 11.2.12\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.2.13 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.2.0 through 11.2.10-h*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.2.10-h12 or 11.2.13 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.2.0 through 11.2.7-h*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.2.7-h18 or 11.2.13 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.2.0 through 11.2.4-h*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.2.4-h20 or 11.2.13 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003ePAN-OS 11.1\u003cbr\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.1.0 through 11.1.15\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.1.16 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.1.0 through 11.1.13-h*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.1.13-h9 or 11.1.16 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.1.0 through 11.1.10-h*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.1.10-h30 or 11.1.16 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.1.0 through 11.1.7-h*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.1.7-h8 or 11.1.16 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.1.0 through 11.1.6-h*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.1.6-h35 or 11.1.16 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.1.0 through 11.1.4-h*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.1.4-h35 or 11.1.16 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003ePAN-OS 10.2\u003cbr\u003e\u003c/td\u003e\n                                \u003ctd\u003e10.2.0 through 10.2.18-h*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 10.2.18-h8 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u0026nbsp;\u003c/td\u003e\u003ctd\u003e10.2.0 through 10.2.16-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 10.2.16-h9 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e10.2.0 through 10.2.13-h*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 10.2.13-h23 or later.\u003cbr\u003e\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e10.2.0 through 10.2.10-h*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 10.2.10-h39 or later.\u003cbr\u003e\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e10.2.0 through 10.2.7-h*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 10.2.7-h36 or later.\u003cbr\u003e\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eAll older\u003cbr\u003eunsupported\u003cbr\u003ePAN-OS versions\u003c/td\u003e\u003ctd\u003e\u0026nbsp;\u003c/td\u003e\u003ctd\u003eUpgrade to a supported fixed version.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003ePrisma Access 11.2\u003cbr\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.2.0 through 11.2.7\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.2.7-h18 or later.*\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003ePrisma Access 10.2\u003cbr\u003e\u003c/td\u003e\n                                \u003ctd\u003e10.2.0 through 10.2.10\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 10.2.10-h39 or later.*\u003cbr\u003e\u003c/td\u003e\n                            \u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cbr\u003e* See the note under Product Status for information regarding Prisma Access upgrades."
                }
              ],
              "value": "Version\nMinor Version\nSuggested Solution\nCloud NGFWNo action needed.\n                                PAN-OS 12.1\n\n                                12.1.5 through 12.1.7-h*\n                                Upgrade to 12.1.7-h2 or 12.1.8 or later.\n                            \n                                \n                                12.1.2 through 12.1.4-h*\n                                Upgrade to 12.1.4-h8 or 12.1.8 or later.\n                            \n                                PAN-OS 11.2\n\n                                11.2.0 through 11.2.12\n                                Upgrade to 11.2.13 or later.\n                            \n                                \n                                11.2.0 through 11.2.10-h*\n                                Upgrade to 11.2.10-h12 or 11.2.13 or later.\n                            \n                                \n                                11.2.0 through 11.2.7-h*\n                                Upgrade to 11.2.7-h18 or 11.2.13 or later.\n                            \n                                \n                                11.2.0 through 11.2.4-h*\n                                Upgrade to 11.2.4-h20 or 11.2.13 or later.\n                            \n                                PAN-OS 11.1\n\n                                11.1.0 through 11.1.15\n                                Upgrade to 11.1.16 or later.\n                            \n                                \n                                11.1.0 through 11.1.13-h*\n                                Upgrade to 11.1.13-h9 or 11.1.16 or later.\n                            \n                                \n                                11.1.0 through 11.1.10-h*\n                                Upgrade to 11.1.10-h30 or 11.1.16 or later.\n                            \n                                \n                                11.1.0 through 11.1.7-h*\n                                Upgrade to 11.1.7-h8 or 11.1.16 or later.\n                            \n                                \n                                11.1.0 through 11.1.6-h*\n                                Upgrade to 11.1.6-h35 or 11.1.16 or later.\n                            \n                                \n                                11.1.0 through 11.1.4-h*\n                                Upgrade to 11.1.4-h35 or 11.1.16 or later.\n                            \n                                PAN-OS 10.2\n\n                                10.2.0 through 10.2.18-h*\n                                Upgrade to 10.2.18-h8 or later.\n                            \u00a010.2.0 through 10.2.16-h*Upgrade to 10.2.16-h9 or later.\n                                \n                                10.2.0 through 10.2.13-h*\n                                Upgrade to 10.2.13-h23 or later.\n\n                            \n                                \n                                10.2.0 through 10.2.10-h*\n                                Upgrade to 10.2.10-h39 or later.\n\n                            \n                                \n                                10.2.0 through 10.2.7-h*\n                                Upgrade to 10.2.7-h36 or later.\n\n                            All older\nunsupported\nPAN-OS versions\u00a0Upgrade to a supported fixed version.\n                                Prisma Access 11.2\n\n                                11.2.0 through 11.2.7\n                                Upgrade to 11.2.7-h18 or later.*\n                            \n                                Prisma Access 10.2\n\n                                10.2.0 through 10.2.10\n                                Upgrade to 10.2.10-h39 or later.*\n\n                            \n* See the note under Product Status for information regarding Prisma Access upgrades."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-08T16:00:00.000Z",
              "value": "Initial publication"
            }
          ],
          "title": "PAN-OS: Buffer Overflow Vulnerabilities in User-ID Terminal Server Agent",
          "workarounds": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eThe vast majority of firewalls already follow Palo Alto Networks\u0027 and industry best practices. However, if you have not already, we strongly recommend that you restrict your User-ID Terminal Server Agent connectivity to only trusted internal IP addresses according to our\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/ngfw/help/10-2/user-identification/device-user-identification-terminal-services-agents#:~:text=To%20minimize%20security%20risk%2C%20restrict%20TS%20Agent%20connectivity%20to%20trusted%20internal%20IP%20addresses%20only.\"\u003ebest practice deployment guidelines\u003c/a\u003e\u003cbr\u003e\u003c/p\u003e"
                }
              ],
              "value": "The vast majority of firewalls already follow Palo Alto Networks\u0027 and industry best practices. However, if you have not already, we strongly recommend that you restrict your User-ID Terminal Server Agent connectivity to only trusted internal IP addresses according to our\u00a0 best practice deployment guidelines https://docs.paloaltonetworks.com/ngfw/help/10-2/user-identification/device-user-identification-terminal-services-agents#:~:text=To%20minimize%20security%20risk%2C%20restrict%20TS%20Agent%20connectivity%20to%20trusted%20internal%20IP%20addresses%20only."
            }
          ],
          "x_affectedList": [
            "PAN-OS 12.1.7",
            "PAN-OS 12.1.6",
            "PAN-OS 12.1.5",
            "PAN-OS 12.1.4-h6",
            "PAN-OS 12.1.4-h5",
            "PAN-OS 12.1.4-h3",
            "PAN-OS 12.1.4-h2",
            "PAN-OS 12.1.4",
            "PAN-OS 12.1.3-h3",
            "PAN-OS 12.1.3-h1",
            "PAN-OS 12.1.3",
            "PAN-OS 12.1.2",
            "PAN-OS 11.2.12",
            "PAN-OS 11.2.11",
            "PAN-OS 11.2.10-h8",
            "PAN-OS 11.2.10-h7",
            "PAN-OS 11.2.10-h6",
            "PAN-OS 11.2.10-h5",
            "PAN-OS 11.2.10-h4",
            "PAN-OS 11.2.10-h3",
            "PAN-OS 11.2.10-h2",
            "PAN-OS 11.2.10-h1",
            "PAN-OS 11.2.10",
            "PAN-OS 11.2.9",
            "PAN-OS 11.2.8",
            "PAN-OS 11.2.7-h15",
            "PAN-OS 11.2.7-h14",
            "PAN-OS 11.2.7-h13",
            "PAN-OS 11.2.7-h12",
            "PAN-OS 11.2.7-h11",
            "PAN-OS 11.2.7-h10",
            "PAN-OS 11.2.7-h8",
            "PAN-OS 11.2.7-h7",
            "PAN-OS 11.2.7-h4",
            "PAN-OS 11.2.7-h3",
            "PAN-OS 11.2.7-h2",
            "PAN-OS 11.2.7-h1",
            "PAN-OS 11.2.7",
            "PAN-OS 11.2.6",
            "PAN-OS 11.2.5",
            "PAN-OS 11.2.4-h17",
            "PAN-OS 11.2.4-h15",
            "PAN-OS 11.2.4-h14",
            "PAN-OS 11.2.4-h12",
            "PAN-OS 11.2.4-h11",
            "PAN-OS 11.2.4-h10",
            "PAN-OS 11.2.4-h9",
            "PAN-OS 11.2.4-h8",
            "PAN-OS 11.2.4-h7",
            "PAN-OS 11.2.4-h6",
            "PAN-OS 11.2.4-h5",
            "PAN-OS 11.2.4-h4",
            "PAN-OS 11.2.4-h3",
            "PAN-OS 11.2.4-h2",
            "PAN-OS 11.2.4-h1",
            "PAN-OS 11.2.4",
            "PAN-OS 11.2.3-h5",
            "PAN-OS 11.2.3-h4",
            "PAN-OS 11.2.3-h3",
            "PAN-OS 11.2.3-h2",
            "PAN-OS 11.2.3-h1",
            "PAN-OS 11.2.3",
            "PAN-OS 11.2.2-h2",
            "PAN-OS 11.2.2-h1",
            "PAN-OS 11.2.1-h1",
            "PAN-OS 11.2.1",
            "PAN-OS 11.2.0-h1",
            "PAN-OS 11.2.0",
            "PAN-OS 11.1.15",
            "PAN-OS 11.1.14",
            "PAN-OS 11.1.13-h6",
            "PAN-OS 11.1.13-h5",
            "PAN-OS 11.1.13-h3",
            "PAN-OS 11.1.13-h2",
            "PAN-OS 11.1.13-h1",
            "PAN-OS 11.1.13",
            "PAN-OS 11.1.12",
            "PAN-OS 11.1.11",
            "PAN-OS 11.1.10-h26",
            "PAN-OS 11.1.10-h25",
            "PAN-OS 11.1.10-h21",
            "PAN-OS 11.1.10-h12",
            "PAN-OS 11.1.10-h10",
            "PAN-OS 11.1.10-h9",
            "PAN-OS 11.1.10-h7",
            "PAN-OS 11.1.10-h5",
            "PAN-OS 11.1.10-h4",
            "PAN-OS 11.1.10-h1",
            "PAN-OS 11.1.10",
            "PAN-OS 11.1.9",
            "PAN-OS 11.1.8",
            "PAN-OS 11.1.6-h32",
            "PAN-OS 11.1.6-h29",
            "PAN-OS 11.1.6-h25",
            "PAN-OS 11.1.6-h23",
            "PAN-OS 11.1.6-h22",
            "PAN-OS 11.1.6-h21",
            "PAN-OS 11.1.6-h20",
            "PAN-OS 11.1.6-h19",
            "PAN-OS 11.1.6-h18",
            "PAN-OS 11.1.6-h17",
            "PAN-OS 11.1.6-h14",
            "PAN-OS 11.1.6-h10",
            "PAN-OS 11.1.6-h7",
            "PAN-OS 11.1.6-h6",
            "PAN-OS 11.1.6-h4",
            "PAN-OS 11.1.6-h3",
            "PAN-OS 11.1.6-h2",
            "PAN-OS 11.1.6-h1",
            "PAN-OS 11.1.6",
            "PAN-OS 11.1.5-h1",
            "PAN-OS 11.1.5",
            "PAN-OS 11.1.4-h33",
            "PAN-OS 11.1.4-h32",
            "PAN-OS 11.1.4-h27",
            "PAN-OS 11.1.4-h25",
            "PAN-OS 11.1.4-h18",
            "PAN-OS 11.1.4-h17",
            "PAN-OS 11.1.4-h15",
            "PAN-OS 11.1.4-h13",
            "PAN-OS 11.1.4-h12",
            "PAN-OS 11.1.4-h11",
            "PAN-OS 11.1.4-h10",
            "PAN-OS 11.1.4-h9",
            "PAN-OS 11.1.4-h8",
            "PAN-OS 11.1.4-h7",
            "PAN-OS 11.1.4-h6",
            "PAN-OS 11.1.4-h5",
            "PAN-OS 11.1.4-h4",
            "PAN-OS 11.1.4-h3",
            "PAN-OS 11.1.4-h2",
            "PAN-OS 11.1.4-h1",
            "PAN-OS 11.1.4",
            "PAN-OS 11.1.3-h13",
            "PAN-OS 11.1.3-h12",
            "PAN-OS 11.1.3-h11",
            "PAN-OS 11.1.3-h10",
            "PAN-OS 11.1.3-h9",
            "PAN-OS 11.1.3-h8",
            "PAN-OS 11.1.3-h7",
            "PAN-OS 11.1.3-h6",
            "PAN-OS 11.1.3-h5",
            "PAN-OS 11.1.3-h4",
            "PAN-OS 11.1.3-h3",
            "PAN-OS 11.1.3-h2",
            "PAN-OS 11.1.3-h1",
            "PAN-OS 11.1.3",
            "PAN-OS 11.1.2-h18",
            "PAN-OS 11.1.2-h17",
            "PAN-OS 11.1.2-h16",
            "PAN-OS 11.1.2-h15",
            "PAN-OS 11.1.2-h14",
            "PAN-OS 11.1.2-h13",
            "PAN-OS 11.1.2-h12",
            "PAN-OS 11.1.2-h11",
            "PAN-OS 11.1.2-h10",
            "PAN-OS 11.1.2-h9",
            "PAN-OS 11.1.2-h8",
            "PAN-OS 11.1.2-h7",
            "PAN-OS 11.1.2-h6",
            "PAN-OS 11.1.2-h5",
            "PAN-OS 11.1.2-h4",
            "PAN-OS 11.1.2-h3",
            "PAN-OS 11.1.2-h2",
            "PAN-OS 11.1.2-h1",
            "PAN-OS 11.1.2",
            "PAN-OS 11.1.1-h2",
            "PAN-OS 11.1.1-h1",
            "PAN-OS 11.1.1",
            "PAN-OS 11.1.0-h4",
            "PAN-OS 11.1.0-h3",
            "PAN-OS 11.1.0-h2",
            "PAN-OS 11.1.0-h1",
            "PAN-OS 11.1.0",
            "PAN-OS 10.2.18-h6",
            "PAN-OS 10.2.18-h5",
            "PAN-OS 10.2.18-h1",
            "PAN-OS 10.2.18",
            "PAN-OS 10.2.17",
            "PAN-OS 10.2.16-h7",
            "PAN-OS 10.2.16-h6",
            "PAN-OS 10.2.16-h4",
            "PAN-OS 10.2.16-h1",
            "PAN-OS 10.2.16",
            "PAN-OS 10.2.15",
            "PAN-OS 10.2.14-h1",
            "PAN-OS 10.2.14",
            "PAN-OS 10.2.13-h21",
            "PAN-OS 10.2.13-h18",
            "PAN-OS 10.2.13-h16",
            "PAN-OS 10.2.13-h15",
            "PAN-OS 10.2.13-h10",
            "PAN-OS 10.2.13-h7",
            "PAN-OS 10.2.13-h5",
            "PAN-OS 10.2.13-h4",
            "PAN-OS 10.2.13-h3",
            "PAN-OS 10.2.13-h2",
            "PAN-OS 10.2.13-h1",
            "PAN-OS 10.2.13",
            "PAN-OS 10.2.12-h6",
            "PAN-OS 10.2.12-h5",
            "PAN-OS 10.2.12-h4",
            "PAN-OS 10.2.12-h3",
            "PAN-OS 10.2.12-h2",
            "PAN-OS 10.2.12-h1",
            "PAN-OS 10.2.12",
            "PAN-OS 10.2.11-h13",
            "PAN-OS 10.2.11-h12",
            "PAN-OS 10.2.11-h11",
            "PAN-OS 10.2.11-h10",
            "PAN-OS 10.2.11-h9",
            "PAN-OS 10.2.11-h8",
            "PAN-OS 10.2.11-h7",
            "PAN-OS 10.2.11-h6",
            "PAN-OS 10.2.11-h5",
            "PAN-OS 10.2.11-h4",
            "PAN-OS 10.2.11-h3",
            "PAN-OS 10.2.11-h2",
            "PAN-OS 10.2.11-h1",
            "PAN-OS 10.2.11",
            "PAN-OS 10.2.10-h36",
            "PAN-OS 10.2.10-h31",
            "PAN-OS 10.2.10-h30",
            "PAN-OS 10.2.10-h27",
            "PAN-OS 10.2.10-h26",
            "PAN-OS 10.2.10-h23",
            "PAN-OS 10.2.10-h21",
            "PAN-OS 10.2.10-h18",
            "PAN-OS 10.2.10-h17",
            "PAN-OS 10.2.10-h14",
            "PAN-OS 10.2.10-h13",
            "PAN-OS 10.2.10-h12",
            "PAN-OS 10.2.10-h11",
            "PAN-OS 10.2.10-h10",
            "PAN-OS 10.2.10-h9",
            "PAN-OS 10.2.10-h8",
            "PAN-OS 10.2.10-h7",
            "PAN-OS 10.2.10-h6",
            "PAN-OS 10.2.10-h5",
            "PAN-OS 10.2.10-h4",
            "PAN-OS 10.2.10-h3",
            "PAN-OS 10.2.10-h2",
            "PAN-OS 10.2.10-h1",
            "PAN-OS 10.2.10",
            "PAN-OS 10.2.9-h21",
            "PAN-OS 10.2.9-h20",
            "PAN-OS 10.2.9-h19",
            "PAN-OS 10.2.9-h18",
            "PAN-OS 10.2.9-h17",
            "PAN-OS 10.2.9-h16",
            "PAN-OS 10.2.9-h15",
            "PAN-OS 10.2.9-h14",
            "PAN-OS 10.2.9-h13",
            "PAN-OS 10.2.9-h12",
            "PAN-OS 10.2.9-h11",
            "PAN-OS 10.2.9-h10",
            "PAN-OS 10.2.9-h9",
            "PAN-OS 10.2.9-h8",
            "PAN-OS 10.2.9-h7",
            "PAN-OS 10.2.9-h6",
            "PAN-OS 10.2.9-h5",
            "PAN-OS 10.2.9-h4",
            "PAN-OS 10.2.9-h3",
            "PAN-OS 10.2.9-h2",
            "PAN-OS 10.2.9-h1",
            "PAN-OS 10.2.9",
            "PAN-OS 10.2.8-h21",
            "PAN-OS 10.2.8-h20",
            "PAN-OS 10.2.8-h19",
            "PAN-OS 10.2.8-h18",
            "PAN-OS 10.2.8-h17",
            "PAN-OS 10.2.8-h16",
            "PAN-OS 10.2.8-h15",
            "PAN-OS 10.2.8-h14",
            "PAN-OS 10.2.8-h13",
            "PAN-OS 10.2.8-h12",
            "PAN-OS 10.2.8-h11",
            "PAN-OS 10.2.8-h10",
            "PAN-OS 10.2.8-h9",
            "PAN-OS 10.2.8-h8",
            "PAN-OS 10.2.8-h7",
            "PAN-OS 10.2.8-h6",
            "PAN-OS 10.2.8-h5",
            "PAN-OS 10.2.8-h4",
            "PAN-OS 10.2.8-h3",
            "PAN-OS 10.2.8-h2",
            "PAN-OS 10.2.8-h1",
            "PAN-OS 10.2.8",
            "PAN-OS 10.2.7-h34",
            "PAN-OS 10.2.7-h32",
            "PAN-OS 10.2.7-h24",
            "PAN-OS 10.2.7-h23",
            "PAN-OS 10.2.7-h22",
            "PAN-OS 10.2.7-h21",
            "PAN-OS 10.2.7-h20",
            "PAN-OS 10.2.7-h19",
            "PAN-OS 10.2.7-h18",
            "PAN-OS 10.2.7-h17",
            "PAN-OS 10.2.7-h16",
            "PAN-OS 10.2.7-h15",
            "PAN-OS 10.2.7-h14",
            "PAN-OS 10.2.7-h13",
            "PAN-OS 10.2.7-h12",
            "PAN-OS 10.2.7-h11",
            "PAN-OS 10.2.7-h10",
            "PAN-OS 10.2.7-h9",
            "PAN-OS 10.2.7-h8",
            "PAN-OS 10.2.7-h7",
            "PAN-OS 10.2.7-h6",
            "PAN-OS 10.2.7-h5",
            "PAN-OS 10.2.7-h4",
            "PAN-OS 10.2.7-h3",
            "PAN-OS 10.2.7-h2",
            "PAN-OS 10.2.7-h1",
            "PAN-OS 10.2.7",
            "PAN-OS 10.2.6-h6",
            "PAN-OS 10.2.6-h5",
            "PAN-OS 10.2.6-h4",
            "PAN-OS 10.2.6-h3",
            "PAN-OS 10.2.6-h2",
            "PAN-OS 10.2.6-h1",
            "PAN-OS 10.2.6",
            "PAN-OS 10.2.5-h9",
            "PAN-OS 10.2.5-h8",
            "PAN-OS 10.2.5-h7",
            "PAN-OS 10.2.5-h6",
            "PAN-OS 10.2.5-h5",
            "PAN-OS 10.2.5-h4",
            "PAN-OS 10.2.5-h3",
            "PAN-OS 10.2.5-h2",
            "PAN-OS 10.2.5-h1",
            "PAN-OS 10.2.5",
            "PAN-OS 10.2.4-h32",
            "PAN-OS 10.2.4-h31",
            "PAN-OS 10.2.4-h30",
            "PAN-OS 10.2.4-h29",
            "PAN-OS 10.2.4-h28",
            "PAN-OS 10.2.4-h27",
            "PAN-OS 10.2.4-h26",
            "PAN-OS 10.2.4-h25",
            "PAN-OS 10.2.4-h24",
            "PAN-OS 10.2.4-h23",
            "PAN-OS 10.2.4-h22",
            "PAN-OS 10.2.4-h21",
            "PAN-OS 10.2.4-h20",
            "PAN-OS 10.2.4-h19",
            "PAN-OS 10.2.4-h18",
            "PAN-OS 10.2.4-h17",
            "PAN-OS 10.2.4-h16",
            "PAN-OS 10.2.4-h15",
            "PAN-OS 10.2.4-h14",
            "PAN-OS 10.2.4-h13",
            "PAN-OS 10.2.4-h12",
            "PAN-OS 10.2.4-h11",
            "PAN-OS 10.2.4-h10",
            "PAN-OS 10.2.4-h9",
            "PAN-OS 10.2.4-h8",
            "PAN-OS 10.2.4-h7",
            "PAN-OS 10.2.4-h6",
            "PAN-OS 10.2.4-h5",
            "PAN-OS 10.2.4-h4",
            "PAN-OS 10.2.4-h3",
            "PAN-OS 10.2.4-h2",
            "PAN-OS 10.2.4-h1",
            "PAN-OS 10.2.4",
            "PAN-OS 10.2.3-h14",
            "PAN-OS 10.2.3-h13",
            "PAN-OS 10.2.3-h12",
            "PAN-OS 10.2.3-h11",
            "PAN-OS 10.2.3-h10",
            "PAN-OS 10.2.3-h9",
            "PAN-OS 10.2.3-h8",
            "PAN-OS 10.2.3-h7",
            "PAN-OS 10.2.3-h6",
            "PAN-OS 10.2.3-h5",
            "PAN-OS 10.2.3-h4",
            "PAN-OS 10.2.3-h3",
            "PAN-OS 10.2.3-h2",
            "PAN-OS 10.2.3-h1",
            "PAN-OS 10.2.3",
            "PAN-OS 10.2.2-h6",
            "PAN-OS 10.2.2-h5",
            "PAN-OS 10.2.2-h4",
            "PAN-OS 10.2.2-h3",
            "PAN-OS 10.2.2-h2",
            "PAN-OS 10.2.2-h1",
            "PAN-OS 10.2.2",
            "PAN-OS 10.2.1-h3",
            "PAN-OS 10.2.1-h2",
            "PAN-OS 10.2.1-h1",
            "PAN-OS 10.2.1",
            "PAN-OS 10.2.0-h4",
            "PAN-OS 10.2.0-h3",
            "PAN-OS 10.2.0-h2",
            "PAN-OS 10.2.0-h1",
            "PAN-OS 10.2.0"
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "assignerShortName": "palo_alto",
        "cveId": "CVE-2026-0288",
        "datePublished": "2026-07-08T20:14:32.405Z",
        "dateReserved": "2025-11-03T20:44:46.432Z",
        "dateUpdated": "2026-07-09T18:48:32.880Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-12425 (GCVE-0-2026-12425)

    Vulnerability from cvelistv5 – Published: 2026-06-16 18:34 – Updated: 2026-06-17 15:04
    VLAI
    Title
    Reflected / DOM cross-site scripting (XSS) in PowerSchool ERP / Employee Access Center 23.10
    Summary
    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PowerSchool Employee Access Center allows Cross-Site Scripting (XSS). This issue affects Employee Access Center: 23.10. It is possible to add in javascript code after the login URL and have it be eval()'d in the page and execute in the context of the user.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper neutralization of input during web page generation ('cross-site scripting')
    Assigner
    Impacted products
    Date Public
    2026-06-16 17:11
    Credits
    Menachem (Momo) Rothbart
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-12425",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-17T15:04:50.510597Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-17T15:04:57.848Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://www.powerschool.com/",
              "defaultStatus": "unaffected",
              "product": "Employee Access Center",
              "vendor": "PowerSchool",
              "versions": [
                {
                  "status": "affected",
                  "version": "23.10"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Menachem (Momo) Rothbart"
            }
          ],
          "datePublic": "2026-06-16T17:11:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027) vulnerability in PowerSchool Employee Access Center allows Cross-Site Scripting (XSS).\u0026nbsp;\u003cspan\u003eThis issue affects Employee Access Center: 23.10.\u0026nbsp;\u003c/span\u003e\u003cspan\u003eIt is possible to add in javascript code after the login URL and have it be eval()\u0027d in the page and execute in the context of the user.\u003c/span\u003e"
                }
              ],
              "value": "Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027) vulnerability in PowerSchool Employee Access Center allows Cross-Site Scripting (XSS).\u00a0This issue affects Employee Access Center: 23.10.\u00a0It is possible to add in javascript code after the login URL and have it be eval()\u0027d in the page and execute in the context of the user."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-63",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-63 Cross-Site Scripting (XSS)"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 5.7,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "PROOF_OF_CONCEPT",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:L/VA:L/SC:H/SI:H/SA:H/E:P",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper neutralization of input during web page generation (\u0027cross-site scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-16T18:37:57.288Z",
            "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
            "shortName": "palo_alto"
          },
          "references": [
            {
              "url": "https://github.com/PaloAltoNetworks/u42-vulnerability-disclosures/blob/main/2026/PANW-2026-0002/PANW-2026-0002.md"
            }
          ],
          "source": {
            "discovery": "USER"
          },
          "title": "Reflected / DOM cross-site scripting (XSS) in PowerSchool ERP / Employee Access Center 23.10",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "assignerShortName": "palo_alto",
        "cveId": "CVE-2026-12425",
        "datePublished": "2026-06-16T18:34:28.435Z",
        "dateReserved": "2026-06-16T17:02:05.062Z",
        "dateUpdated": "2026-06-17T15:04:57.848Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-45169 (GCVE-0-2026-45169)

    Vulnerability from cvelistv5 – Published: 2026-06-12 04:32 – Updated: 2026-06-12 14:02
    VLAI
    Title
    Idira Privileged Access Manager (PAM) Self-Hosted Vault: Denial of Service due to Unexpected Input Processing
    Summary
    Idira Privileged Access Manager (PAM) Self-Hosted Vault versions prior to 15.0.3, 14.6.5, 14.2.7, and 14.0.8 exhibit a validation vulnerability. Under specific circumstances and configuration scenarios, processing unexpected input could potentially lead to an unexpected service termination, resulting in a localized denial of service (DoS). CyberArk Security Bulletin: CA26-17
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    Impacted products
    Vendor Product Version
    CyberArk Software, a Palo Alto Networks Company PAM SH Vault Affected: 14.0 , < 14.0.8 (custom)
    Affected: 14.2 , < 14.2.7 (custom)
    Affected: 14.6 , < 14.6.5 (custom)
    Affected: 15.0 , < 15.0.3 (custom)
    Create a notification for this product.
    Date Public
    2026-06-11 17:10
    Credits
    Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-45169",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-12T14:01:28.666641Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-12T14:02:51.569Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "PAM SH Vault",
              "vendor": "CyberArk Software, a Palo Alto Networks Company",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "14.0.8",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "14.0.8",
                  "status": "affected",
                  "version": "14.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "14.2.7",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "14.2.7",
                  "status": "affected",
                  "version": "14.2",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "14.6.5",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "14.6.5",
                  "status": "affected",
                  "version": "14.6",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "15.0.3",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "15.0.3",
                  "status": "affected",
                  "version": "15.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:cyberark_software_a_palo_alto_networks_company:pam_sh_vault:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "14.0.8",
                      "versionStartIncluding": "14.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:cyberark_software_a_palo_alto_networks_company:pam_sh_vault:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "14.2.7",
                      "versionStartIncluding": "14.2",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:cyberark_software_a_palo_alto_networks_company:pam_sh_vault:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "14.6.5",
                      "versionStartIncluding": "14.6",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:cyberark_software_a_palo_alto_networks_company:pam_sh_vault:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "15.0.3",
                      "versionStartIncluding": "15.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue"
            }
          ],
          "datePublic": "2026-06-11T17:10:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Idira Privileged Access Manager (PAM) Self-Hosted Vault versions prior to 15.0.3, 14.6.5, 14.2.7, and 14.0.8 exhibit a validation vulnerability. Under specific circumstances and configuration scenarios, processing unexpected input could potentially lead to an unexpected service termination, resulting in a localized denial of service (DoS). CyberArk Security Bulletin: CA26-17"
                }
              ],
              "value": "Idira Privileged Access Manager (PAM) Self-Hosted Vault versions prior to 15.0.3, 14.6.5, 14.2.7, and 14.0.8 exhibit a validation vulnerability. Under specific circumstances and configuration scenarios, processing unexpected input could potentially lead to an unexpected service termination, resulting in a localized denial of service (DoS). CyberArk Security Bulletin: CA26-17"
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
                }
              ],
              "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-130",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-130 Excessive Allocation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400: Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-12T04:32:03.440Z",
            "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
            "shortName": "palo_alto"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://docs.cyberark.com/pam-self-hosted/latest/en/content/release%20notes/rn-whatsnew15-0-vault.htm#15.0.3"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://docs.cyberark.com/pam-self-hosted/latest/en/content/release%20notes/rn-whatsnew14-6-vault.htm#14.6.5"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://docs.cyberark.com/pam-self-hosted/latest/en/content/release%20notes/rn-whatsnew14-2-7.htm"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://docs.cyberark.com/pam-self-hosted/latest/en/content/release%20notes/rn-whatsnew14-0-8.htm"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-11T17:10:00.000Z",
              "value": "Initial publication."
            }
          ],
          "title": "Idira Privileged Access Manager (PAM) Self-Hosted Vault: Denial of Service due to Unexpected Input Processing",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "assignerShortName": "palo_alto",
        "cveId": "CVE-2026-45169",
        "datePublished": "2026-06-12T04:32:03.440Z",
        "dateReserved": "2026-05-08T23:00:57.503Z",
        "dateUpdated": "2026-06-12T14:02:51.569Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-45170 (GCVE-0-2026-45170)

    Vulnerability from cvelistv5 – Published: 2026-06-12 00:05 – Updated: 2026-06-23 19:11
    VLAI
    Title
    Idira Vendor PAM - Self-Hosted Connector: Potential Security Bypass due to Incomplete TLS Certificate Validation
    Summary
    Idira Vendor PAM - Self-Hosted Connector versions prior 1.1.100504 under specific conditions and configuration scenarios, TLS certificate validation may not be fully enforced. CyberArk Security Bulletin: CA26-17
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-295 - - Improper Certificate Validation
    Assigner
    References
    URL Tags
    https://docs.cyberark.com/ vendor-advisory
    Impacted products
    Date Public
    2026-06-11 17:10
    Credits
    Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-45170",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-12T13:36:10.801161Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-12T13:36:19.517Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Vendor PAM",
              "vendor": "CyberArk Software, a Palo Alto Networks Company",
              "versions": [
                {
                  "lessThan": "1.1.100504",
                  "status": "affected",
                  "version": "1.1.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:cyberark_software_a_palo_alto_networks_company:vendor_pam:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "1.1.100504",
                      "versionStartIncluding": "1.1.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue"
            }
          ],
          "datePublic": "2026-06-11T17:10:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Idira Vendor PAM - Self-Hosted Connector versions prior 1.1.100504 under specific conditions and configuration scenarios, TLS certificate validation may not be fully enforced. CyberArk Security Bulletin: CA26-17"
                }
              ],
              "value": "Idira Vendor PAM - Self-Hosted Connector versions prior 1.1.100504 under specific conditions and configuration scenarios, TLS certificate validation may not be fully enforced. CyberArk Security Bulletin: CA26-17"
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
                }
              ],
              "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-114",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-114 Authentication Abuse"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "ADJACENT",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-295",
                  "description": "CWE-295 - Improper Certificate Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-23T19:11:56.985Z",
            "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
            "shortName": "palo_alto"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://docs.cyberark.com/"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-11T17:10:00.000Z",
              "value": "Initial publication."
            }
          ],
          "title": "Idira Vendor PAM - Self-Hosted Connector: Potential Security Bypass due to Incomplete TLS Certificate Validation",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "assignerShortName": "palo_alto",
        "cveId": "CVE-2026-45170",
        "datePublished": "2026-06-12T00:05:43.688Z",
        "dateReserved": "2026-05-08T23:00:57.503Z",
        "dateUpdated": "2026-06-23T19:11:56.985Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-45171 (GCVE-0-2026-45171)

    Vulnerability from cvelistv5 – Published: 2026-06-11 21:55 – Updated: 2026-06-13 03:56
    VLAI
    Title
    Idira Privileged Session Manager (PSM): Potential Code Execution due to an Incomplete Input Validation
    Summary
    Incomplete input validation and improperly configured folder permissions within Idira Privileged Session Manager (PSM) versions prior to 15.0.3, 14.6.3, 14.2.5, and 14.0.5, an authenticated, low-privileged user could potentially execute arbitrary code. CyberArk Security Bulletin: CA26-17 and CA26-18
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    CyberArk Software, a Palo Alto Networks Company Privileged Session Manager, Vault Affected: 14.0 , < 14.0.5 (custom)
    Affected: 14.2 , < 14.2.5 (custom)
    Affected: 14.6 , < 14.6.3 (custom)
    Affected: 15.0 , < 15.0.3 (custom)
    Create a notification for this product.
    Date Public
    2026-06-11 17:10
    Credits
    Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-45171",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-12T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-13T03:56:05.544Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Privileged Session Manager, Vault",
              "vendor": "CyberArk Software, a Palo Alto Networks Company",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "14.0.5",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "14.0.5",
                  "status": "affected",
                  "version": "14.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "14.2.5",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "14.2.5",
                  "status": "affected",
                  "version": "14.2",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "14.6.3",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "14.6.3",
                  "status": "affected",
                  "version": "14.6",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "15.0.3",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "15.0.3",
                  "status": "affected",
                  "version": "15.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:cyberark_software_a_palo_alto_networks_company:privileged_session_manager_vault:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "14.0.5",
                      "versionStartIncluding": "14.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:cyberark_software_a_palo_alto_networks_company:privileged_session_manager_vault:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "14.2.5",
                      "versionStartIncluding": "14.2",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:cyberark_software_a_palo_alto_networks_company:privileged_session_manager_vault:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "14.6.3",
                      "versionStartIncluding": "14.6",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:cyberark_software_a_palo_alto_networks_company:privileged_session_manager_vault:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "15.0.3",
                      "versionStartIncluding": "15.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue"
            }
          ],
          "datePublic": "2026-06-11T17:10:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Incomplete input validation and improperly configured folder permissions within Idira Privileged Session Manager (PSM) versions prior to 15.0.3, 14.6.3, 14.2.5, and 14.0.5, an authenticated, low-privileged user could potentially execute arbitrary code. CyberArk Security Bulletin: CA26-17 and CA26-18"
                }
              ],
              "value": "Incomplete input validation and improperly configured folder permissions within Idira Privileged Session Manager (PSM) versions prior to 15.0.3, 14.6.3, 14.2.5, and 14.0.5, an authenticated, low-privileged user could potentially execute arbitrary code. CyberArk Security Bulletin: CA26-17 and CA26-18"
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
                }
              ],
              "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-114",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-114 Authentication Abuse"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/RE:M/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22: Path Traversal",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-12T04:23:46.271Z",
            "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
            "shortName": "palo_alto"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://docs.cyberark.com/pam-self-hosted/latest/en/content/release%20notes/rn-whatsnew15-0-psm.htm#15.0.3"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://docs.cyberark.com/pam-self-hosted/latest/en/content/release%20notes/rn-whatsnew14-6-psm.htm#14.6.3"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://docs.cyberark.com/pam-self-hosted/latest/en/content/release%20notes/rn-whatsnew14-2-5.htm"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://docs.cyberark.com/pam-self-hosted/latest/en/content/release%20notes/rn-whatsnew14-0-5.htm"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-11T17:10:00.000Z",
              "value": "Initial publication."
            }
          ],
          "title": "Idira Privileged Session Manager (PSM): Potential Code Execution due to an Incomplete Input Validation",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "assignerShortName": "palo_alto",
        "cveId": "CVE-2026-45171",
        "datePublished": "2026-06-11T21:55:27.337Z",
        "dateReserved": "2026-05-08T23:00:57.503Z",
        "dateUpdated": "2026-06-13T03:56:05.544Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-45172 (GCVE-0-2026-45172)

    Vulnerability from cvelistv5 – Published: 2026-06-11 21:41 – Updated: 2026-06-13 03:56
    VLAI
    Title
    Idira Privileged Session Manager for SSH (PSMP): Arbitrary Command Execution via Improper Neutralization of Special Elements used in an OS Command
    Summary
    Due to incomplete input validation in Idira Privileged Session Manager for SSH (PSMP) versions prior to 15.0.2, 14.6.3, 14.2.5, and 14.0.6, an authenticated, low-privileged user could potentially execute arbitrary commands on the PSMP host. CyberArk Security Bulletins: CA26-17 and CA26-18
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command
    Assigner
    Impacted products
    Vendor Product Version
    CyberArk Software, a Palo Alto Networks Company PAM Self-Hosted, Privilege Cloud Affected: 14.0 , < 14.0.6 (custom)
    Affected: 14.2 , < 14.2.5 (custom)
    Affected: 14.6 , < 14.6.3 (custom)
    Affected: 15.0 , < 15.0.2 (custom)
    Create a notification for this product.
    Date Public
    2026-06-11 17:10
    Credits
    Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-45172",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-12T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-13T03:56:04.329Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "PAM Self-Hosted, Privilege Cloud",
              "vendor": "CyberArk Software, a Palo Alto Networks Company",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "14.0.6",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "14.0.6",
                  "status": "affected",
                  "version": "14.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "14.2.5",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "14.2.5",
                  "status": "affected",
                  "version": "14.2",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "14.6.3",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "14.6.3",
                  "status": "affected",
                  "version": "14.6",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "15.0.2",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "15.0.2",
                  "status": "affected",
                  "version": "15.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:cyberark_software_a_palo_alto_networks_company:pam_self-hosted_privilege_cloud:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "14.0.6",
                      "versionStartIncluding": "14.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:cyberark_software_a_palo_alto_networks_company:pam_self-hosted_privilege_cloud:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "14.2.5",
                      "versionStartIncluding": "14.2",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:cyberark_software_a_palo_alto_networks_company:pam_self-hosted_privilege_cloud:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "14.6.3",
                      "versionStartIncluding": "14.6",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:cyberark_software_a_palo_alto_networks_company:pam_self-hosted_privilege_cloud:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "15.0.2",
                      "versionStartIncluding": "15.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue"
            }
          ],
          "datePublic": "2026-06-11T17:10:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Due to incomplete input validation in Idira Privileged Session Manager for SSH (PSMP) versions prior to 15.0.2, 14.6.3, 14.2.5, and 14.0.6, an authenticated, low-privileged user could potentially execute arbitrary commands on the PSMP host. CyberArk Security Bulletins: CA26-17 and CA26-18"
                }
              ],
              "value": "Due to incomplete input validation in Idira Privileged Session Manager for SSH (PSMP) versions prior to 15.0.2, 14.6.3, 14.2.5, and 14.0.6, an authenticated, low-privileged user could potentially execute arbitrary commands on the PSMP host. CyberArk Security Bulletins: CA26-17 and CA26-18"
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
                }
              ],
              "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-88",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-88 OS Command Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-11T21:50:40.403Z",
            "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
            "shortName": "palo_alto"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://docs.cyberark.com/pam-self-hosted/latest/en/content/release%20notes/rn-whatsnew15-0-psmp.htm#15.0.2"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://docs.cyberark.com/pam-self-hosted/latest/en/content/release%20notes/rn-whatsnew14-6-psmp.htm#14.6.3"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://docs.cyberark.com/pam-self-hosted/latest/en/content/release%20notes/rn-whatsnew14-2-5.htm"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://docs.cyberark.com/pam-self-hosted/latest/en/content/release%20notes/rn-whatsnew14-0-6.htm"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-11T17:10:00.000Z",
              "value": "Initial publication."
            }
          ],
          "title": "Idira Privileged Session Manager for SSH (PSMP): Arbitrary Command Execution via Improper Neutralization of Special Elements used in an OS Command",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "assignerShortName": "palo_alto",
        "cveId": "CVE-2026-45172",
        "datePublished": "2026-06-11T21:41:28.676Z",
        "dateReserved": "2026-05-08T23:00:57.503Z",
        "dateUpdated": "2026-06-13T03:56:04.329Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-45173 (GCVE-0-2026-45173)

    Vulnerability from cvelistv5 – Published: 2026-06-11 21:33 – Updated: 2026-06-12 13:40
    VLAI
    Title
    Idira Identity Browser Extension: Unauthorized Application Interaction via Origin Validation Failure
    Summary
    Idira Identity Browser Extension (Chrome, Firefox, and Edge builds) versions prior to 26.8.1 exhibit an origin validation flaw within its internal web-page verification routines. If an authenticated user navigates to a specially crafted webpage, this interaction could potentially allow a remote attacker to trigger unauthorized application interaction or execution parameters within the context of that authenticated browser session. CyberArk Security Bulletin: CA26-21
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-346 - Origin Validation Error
    Assigner
    References
    Impacted products
    Date Public
    2026-06-11 17:10
    Credits
    Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-45173",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-12T13:40:10.517506Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-12T13:40:22.091Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Firefox",
                "Chrome",
                "Edge"
              ],
              "product": "Identity Browser Extensions",
              "vendor": "CyberArk Software, a Palo Alto Networks Company",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "26.8.1",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "26.8.1",
                  "status": "affected",
                  "version": "26.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:cyberark_software_a_palo_alto_networks_company:identity_browser_extensions:*:*:firefox:*:*:*:*:*",
                      "versionEndExcluding": "26.8.1",
                      "versionStartIncluding": "26.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:cyberark_software_a_palo_alto_networks_company:identity_browser_extensions:*:*:chrome:*:*:*:*:*",
                      "versionEndExcluding": "26.8.1",
                      "versionStartIncluding": "26.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:cyberark_software_a_palo_alto_networks_company:identity_browser_extensions:*:*:edge:*:*:*:*:*",
                      "versionEndExcluding": "26.8.1",
                      "versionStartIncluding": "26.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue"
            }
          ],
          "datePublic": "2026-06-11T17:10:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Idira Identity Browser Extension (Chrome, Firefox, and Edge builds) versions prior to 26.8.1 exhibit an origin validation flaw within its internal web-page verification routines. If an authenticated user navigates to a specially crafted webpage, this interaction could potentially allow a remote attacker to trigger unauthorized application interaction or execution parameters within the context of that authenticated browser session. CyberArk Security Bulletin: CA26-21"
                }
              ],
              "value": "Idira Identity Browser Extension (Chrome, Firefox, and Edge builds) versions prior to 26.8.1 exhibit an origin validation flaw within its internal web-page verification routines. If an authenticated user navigates to a specially crafted webpage, this interaction could potentially allow a remote attacker to trigger unauthorized application interaction or execution parameters within the context of that authenticated browser session. CyberArk Security Bulletin: CA26-21"
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
                }
              ],
              "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-115",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-115 Authentication Bypass"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:L/VA:N/SC:H/SI:H/SA:N/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-346",
                  "description": "CWE-346: Origin Validation Error",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-11T21:33:25.484Z",
            "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
            "shortName": "palo_alto"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://docs.cyberark.com/find-identity-administration-docs/latest/en/content/getstarted/identity-new-doc-location.htm"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-11T17:10:00.000Z",
              "value": "Initial publication."
            }
          ],
          "title": "Idira Identity Browser Extension: Unauthorized Application Interaction via Origin Validation Failure",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "assignerShortName": "palo_alto",
        "cveId": "CVE-2026-45173",
        "datePublished": "2026-06-11T21:33:25.484Z",
        "dateReserved": "2026-05-08T23:00:57.503Z",
        "dateUpdated": "2026-06-12T13:40:22.091Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-45174 (GCVE-0-2026-45174)

    Vulnerability from cvelistv5 – Published: 2026-06-11 21:22 – Updated: 2026-06-13 03:55
    VLAI
    Title
    Idira Endpoint Privilege Manager Linux Agent: Potential bypass of Agent Daemon Initialization
    Summary
    Idira Endpoint Privilege Manager Linux Agent versions prior to 26.5 allow a local attacker to potentially compromise the agent daemon initialization. CyberArk Security Bulletin: CA26-19
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-404 - Improper Resource Shutdown or Release
    Assigner
    References
    Impacted products
    Date Public
    2026-06-11 17:10
    Credits
    Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-45174",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-12T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-13T03:55:52.203Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux"
              ],
              "product": "Idira Endpoint Privilege Manager",
              "vendor": "CyberArk Software, a Palo Alto Networks Company",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "26.5",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "26.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:cyberark_software_a_palo_alto_networks_company:idira_endpoint_privilege_manager:*:*:linux:*:*:*:*:*",
                      "versionEndExcluding": "26.5",
                      "versionStartIncluding": "26.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue"
            }
          ],
          "datePublic": "2026-06-11T17:10:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Idira Endpoint Privilege Manager Linux Agent versions prior to 26.5 allow a local attacker to potentially compromise the agent daemon initialization. CyberArk Security Bulletin: CA26-19"
                }
              ],
              "value": "Idira Endpoint Privilege Manager Linux Agent versions prior to 26.5 allow a local attacker to potentially compromise the agent daemon initialization. CyberArk Security Bulletin: CA26-19"
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
                }
              ],
              "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-554",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-554 Functionality Bypass"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-404",
                  "description": "CWE-404: Improper Resource Shutdown or Release",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-11T21:22:13.066Z",
            "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
            "shortName": "palo_alto"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://docs.cyberark.com/epm/latest/en/content/release%20notes/rn-os-linux.htm#Version2650"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-11T17:10:00.000Z",
              "value": "Initial publication."
            }
          ],
          "title": "Idira Endpoint Privilege Manager Linux Agent: Potential bypass of Agent Daemon Initialization",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "assignerShortName": "palo_alto",
        "cveId": "CVE-2026-45174",
        "datePublished": "2026-06-11T21:22:13.066Z",
        "dateReserved": "2026-05-08T23:01:00.501Z",
        "dateUpdated": "2026-06-13T03:55:52.203Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-45175 (GCVE-0-2026-45175)

    Vulnerability from cvelistv5 – Published: 2026-06-11 18:57 – Updated: 2026-06-13 03:55
    VLAI
    Title
    Idira Endpoint Privilege Manager Agent: Security Control and Cryptographic Validation Bypass in Internal Agent Validation Processes
    Summary
    Idira Endpoint Privilege Manager Agent versions prior to 26.5 exhibit improper access control within internal agent validation processes. A local attacker could potentially bypass built-in security controls or cryptographic validations. Under specific circumstances, this could allow the attacker to circumvent agent self-defense mechanisms and execute unauthorized operations. CyberArk Security Bulletin: CA26-19
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-295 - Improper Certificate Validation
    Assigner
    Impacted products
    Date Public
    2026-06-11 17:10
    Credits
    Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-45175",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-12T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-13T03:55:48.824Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows",
                "macOS",
                "Linux"
              ],
              "product": "Idira Endpoint Privilege Manager",
              "vendor": "CyberArk Software, a Palo Alto Networks Company",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "26.5",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "26.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:cyberark_software_a_palo_alto_networks_company:idira_endpoint_privilege_manager:*:*:windows:*:*:*:*:*",
                      "versionEndExcluding": "26.5",
                      "versionStartIncluding": "26.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:cyberark_software_a_palo_alto_networks_company:idira_endpoint_privilege_manager:*:*:macos:*:*:*:*:*",
                      "versionEndExcluding": "26.5",
                      "versionStartIncluding": "26.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:cyberark_software_a_palo_alto_networks_company:idira_endpoint_privilege_manager:*:*:linux:*:*:*:*:*",
                      "versionEndExcluding": "26.5",
                      "versionStartIncluding": "26.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue"
            }
          ],
          "datePublic": "2026-06-11T17:10:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Idira Endpoint Privilege Manager Agent versions prior to 26.5 exhibit improper access control within internal agent validation processes. A local attacker could potentially bypass built-in security controls or cryptographic validations. Under specific circumstances, this could allow the attacker to circumvent agent self-defense mechanisms and execute unauthorized operations. CyberArk Security Bulletin: CA26-19"
                }
              ],
              "value": "Idira Endpoint Privilege Manager Agent versions prior to 26.5 exhibit improper access control within internal agent validation processes. A local attacker could potentially bypass built-in security controls or cryptographic validations. Under specific circumstances, this could allow the attacker to circumvent agent self-defense mechanisms and execute unauthorized operations. CyberArk Security Bulletin: CA26-19"
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
                }
              ],
              "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-233",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-233 Privilege Escalation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-295",
                  "description": "CWE-295: Improper Certificate Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-11T18:57:08.844Z",
            "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
            "shortName": "palo_alto"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://docs.cyberark.com/epm/latest/en/content/release%20notes/rn-os-windows.htm#Version2650"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://docs.cyberark.com/epm/latest/en/content/release%20notes/rn-os-macos.htm#Version2650"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://docs.cyberark.com/epm/latest/en/content/release%20notes/rn-os-linux.htm#Version2650control"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-11T17:10:00.000Z",
              "value": "Initial publication."
            }
          ],
          "title": "Idira Endpoint Privilege Manager Agent: Security Control and Cryptographic Validation Bypass in Internal Agent Validation Processes",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "assignerShortName": "palo_alto",
        "cveId": "CVE-2026-45175",
        "datePublished": "2026-06-11T18:57:08.844Z",
        "dateReserved": "2026-05-08T23:01:00.501Z",
        "dateUpdated": "2026-06-13T03:55:48.824Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-45176 (GCVE-0-2026-45176)

    Vulnerability from cvelistv5 – Published: 2026-06-11 18:49 – Updated: 2026-06-13 03:55
    VLAI
    Title
    Idira Endpoint Privilege Manager Agent: Local Privilege Escalation via Internal Communication or File Operation Manipulation
    Summary
    Idira Endpoint Privilege Manager Agent versions prior to 26.5 exhibit improper access control within high-privileged agent components. A local, low-privileged attacker could exploit this by manipulating an internal communication mechanism or file operation. Under specific circumstances, this could potentially allow the attacker to bypass permission restrictions and execute unauthorized local actions with elevated privileges. CyberArk Security Bulletin: CA26-19
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-269 - [Discouraged] CWE-269: Improper Privilege Management
    Assigner
    Impacted products
    Date Public
    2026-06-11 17:10
    Credits
    Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-45176",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-12T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-13T03:55:47.522Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows",
                "macOS",
                "Linux"
              ],
              "product": "Idira Endpoint Privilege Manager",
              "vendor": "CyberArk Software, a Palo Alto Networks Company",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "26.5",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "26.5",
                  "status": "affected",
                  "version": "26.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:cyberark_software_a_palo_alto_networks_company:idira_endpoint_privilege_manager:*:*:windows:*:*:*:*:*",
                      "versionEndExcluding": "26.5",
                      "versionStartIncluding": "26.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:cyberark_software_a_palo_alto_networks_company:idira_endpoint_privilege_manager:*:*:macos:*:*:*:*:*",
                      "versionEndExcluding": "26.5",
                      "versionStartIncluding": "26.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:cyberark_software_a_palo_alto_networks_company:idira_endpoint_privilege_manager:*:*:linux:*:*:*:*:*",
                      "versionEndExcluding": "26.5",
                      "versionStartIncluding": "26.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue"
            }
          ],
          "datePublic": "2026-06-11T17:10:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Idira Endpoint Privilege Manager Agent versions prior to 26.5 exhibit improper access control within high-privileged agent components. A local, low-privileged attacker could exploit this by manipulating an internal communication mechanism or file operation. Under specific circumstances, this could potentially allow the attacker to bypass permission restrictions and execute unauthorized local actions with elevated privileges. CyberArk Security Bulletin: CA26-19"
                }
              ],
              "value": "Idira Endpoint Privilege Manager Agent versions prior to 26.5 exhibit improper access control within high-privileged agent components. A local, low-privileged attacker could exploit this by manipulating an internal communication mechanism or file operation. Under specific circumstances, this could potentially allow the attacker to bypass permission restrictions and execute unauthorized local actions with elevated privileges. CyberArk Security Bulletin: CA26-19"
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
                }
              ],
              "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-233",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-233 Privilege Escalation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.9,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-269",
                  "description": "[Discouraged] CWE-269: Improper Privilege Management",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-11T18:49:00.712Z",
            "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
            "shortName": "palo_alto"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://docs.cyberark.com/epm/latest/en/content/release%20notes/rn-os-windows.htm#Version2650"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://docs.cyberark.com/epm/latest/en/content/release%20notes/rn-os-macos.htm#Version2650"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://docs.cyberark.com/epm/latest/en/content/release%20notes/rn-os-linux.htm#Version2650"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-11T17:10:00.000Z",
              "value": "Initial publication."
            }
          ],
          "title": "Idira Endpoint Privilege Manager Agent: Local Privilege Escalation via Internal Communication or File Operation Manipulation",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "assignerShortName": "palo_alto",
        "cveId": "CVE-2026-45176",
        "datePublished": "2026-06-11T18:49:00.712Z",
        "dateReserved": "2026-05-08T23:01:00.502Z",
        "dateUpdated": "2026-06-13T03:55:47.522Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-45177 (GCVE-0-2026-45177)

    Vulnerability from cvelistv5 – Published: 2026-06-11 18:40 – Updated: 2026-06-11 19:03
    VLAI
    Title
    Idira Secrets Manager SaaS Edge: Authentication Bypass of an internal validation mechanism
    Summary
    Idira Secrets Manager SaaS Edge versions prior to 1.8 exhibit improper access control within its internal authentication components. A remote, unauthenticated attacker could exploit this by submitting a specially crafted request. Under specific circumstances, this could allow the attacker to manipulate internal validation mechanisms, potentially leading to a bypass of identity verification and the unauthorized acquisition of an access token. CyberArk Security Bulletin: CA26-20
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    References
    Impacted products
    Date Public
    2026-06-11 17:10
    Credits
    Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-45177",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-11T19:03:15.620128Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-11T19:03:36.828Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Idira Secrets Manager Saas - Edge"
              ],
              "product": "Conjur Cloud (Edge Finding only)",
              "vendor": "CyberArk Software, a Palo Alto Networks Company",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "1.8",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "1.8",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:cyberark_software_a_palo_alto_networks_company:conjur_cloud_edge_finding_only_:*:*:idira_secrets_manager_saas_-_edge:*:*:*:*:*",
                      "versionEndExcluding": "1.8",
                      "versionStartIncluding": "1.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue"
            }
          ],
          "datePublic": "2026-06-11T17:10:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Idira Secrets Manager SaaS Edge versions prior to 1.8 exhibit improper access control within its internal authentication components. A remote, unauthenticated attacker could exploit this by submitting a specially crafted request. Under specific circumstances, this could allow the attacker to manipulate internal validation mechanisms, potentially leading to a bypass of identity verification and the unauthorized acquisition of an access token. CyberArk Security Bulletin: CA26-20"
                }
              ],
              "value": "Idira Secrets Manager SaaS Edge versions prior to 1.8 exhibit improper access control within its internal authentication components. A remote, unauthenticated attacker could exploit this by submitting a specially crafted request. Under specific circumstances, this could allow the attacker to manipulate internal validation mechanisms, potentially leading to a bypass of identity verification and the unauthorized acquisition of an access token. CyberArk Security Bulletin: CA26-20"
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
                }
              ],
              "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-115",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-115 Authentication Bypass"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284: Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-11T18:40:17.324Z",
            "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
            "shortName": "palo_alto"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://docs.cyberark.com/secrets-manager-saas/latest/en/content/conjurcloud/whatsnew.htm#May132026"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-11T17:10:00.000Z",
              "value": "Initial publication."
            }
          ],
          "title": "Idira Secrets Manager SaaS Edge: Authentication Bypass of an internal validation mechanism",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "assignerShortName": "palo_alto",
        "cveId": "CVE-2026-45177",
        "datePublished": "2026-06-11T18:40:17.324Z",
        "dateReserved": "2026-05-08T23:01:00.502Z",
        "dateUpdated": "2026-06-11T19:03:36.828Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-45178 (GCVE-0-2026-45178)

    Vulnerability from cvelistv5 – Published: 2026-06-11 18:19 – Updated: 2026-06-11 19:04
    VLAI
    Title
    Idira Secrets Manager Self-Hosted: Improper Access Control in Internal Cluster Endpoints
    Summary
    Idira Secrets Manager Self-Hosted versions 13.8.0 and lower exhibit improper access control within internal cluster endpoints. A remote, authenticated attacker possessing standard node-level credentials could leverage these endpoints to potentially retrieve unauthorized secrets or cause a denial of service (DoS). CyberArk Security Bulletin: CA26-20
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    Date Public
    2026-06-11 17:10
    Credits
    Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-45178",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-11T19:04:30.637534Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-11T19:04:56.256Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Idira Secrets Manager"
              ],
              "product": "Conjur Enterprise",
              "vendor": "CyberArk Software, a Palo Alto Networks Company",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "13.8.1",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "13.8.1",
                  "status": "affected",
                  "version": "13.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Central Credential Provider (CCP)"
              ],
              "product": "Conjur Enterprise",
              "vendor": "CyberArk Software, a Palo Alto Networks Company",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "14.2.6",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "14.2.6",
                  "status": "affected",
                  "version": "14.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "z/OS Credential Provider"
              ],
              "product": "Conjur Enterprise",
              "vendor": "CyberArk Software, a Palo Alto Networks Company",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "14.2.6",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "14.2.6",
                  "status": "affected",
                  "version": "14.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Credential Provider (CP)"
              ],
              "product": "Conjur Enterprise",
              "vendor": "CyberArk Software, a Palo Alto Networks Company",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "14.2.6",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "14.2.6",
                  "status": "affected",
                  "version": "14.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:cyberark_software_a_palo_alto_networks_company:conjur_enterprise:*:*:idira_secrets_manager:*:*:*:*:*",
                      "versionEndExcluding": "13.8.1",
                      "versionStartIncluding": "13.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:cyberark_software_a_palo_alto_networks_company:conjur_enterprise:*:*:central_credential_provider_ccp_:*:*:*:*:*",
                      "versionEndExcluding": "14.2.6",
                      "versionStartIncluding": "14.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:cyberark_software_a_palo_alto_networks_company:conjur_enterprise:*:*:z_os_credential_provider:*:*:*:*:*",
                      "versionEndExcluding": "14.2.6",
                      "versionStartIncluding": "14.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:cyberark_software_a_palo_alto_networks_company:conjur_enterprise:*:*:credential_provider_cp_:*:*:*:*:*",
                      "versionEndExcluding": "14.2.6",
                      "versionStartIncluding": "14.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue"
            }
          ],
          "datePublic": "2026-06-11T17:10:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Idira Secrets Manager Self-Hosted versions 13.8.0 and lower exhibit improper access control within internal cluster endpoints. A remote, authenticated attacker possessing standard node-level credentials could leverage these endpoints to potentially retrieve unauthorized secrets or cause a denial of service (DoS). CyberArk Security Bulletin: CA26-20"
                }
              ],
              "value": "Idira Secrets Manager Self-Hosted versions 13.8.0 and lower exhibit improper access control within internal cluster endpoints. A remote, authenticated attacker possessing standard node-level credentials could leverage these endpoints to potentially retrieve unauthorized secrets or cause a denial of service (DoS). CyberArk Security Bulletin: CA26-20"
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
                }
              ],
              "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-130",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-130 Excessive Allocation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:L/SC:H/SI:N/SA:L/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284: Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-11T18:19:08.100Z",
            "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
            "shortName": "palo_alto"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://docs.cyberark.com/secrets-manager-sh/13.9/en/content/enterprise/releasenotes/release-notes-13.8.1.htm?tocpath=Get%20started%7CRelease%20Notes%7C_____3"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://docs.cyberark.com/credential-providers/latest/en/content/landingpages/cp-wn-rn-14.2.6.htm?tocpath=Get%20Started%7CRelease%20notes%7C_____1"
            }
          ],
          "solutions": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003ctable class=\"tbl\"\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eVersion\u003cbr\u003e\u003c/th\u003e\u003cth\u003eMinor Version\u003cbr\u003e\u003c/th\u003e\u003cth\u003eSuggested Solution\u003cbr\u003e\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\n                                    \u003ctd\u003eConjur Enterprise on Idira Secrets Manager\u003cbr\u003e\u003c/td\u003e\n                                    \u003ctd\u003e13.0 through 13.8.0\u003c/td\u003e\n                                    \u003ctd\u003eUpgrade to 13.8.1 or later.\u003c/td\u003e\n                                \u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eConjur Enterprise on Central Credential Provider (CCP)\u003c/td\u003e\u003ctd\u003e14.0 through 14.2.5\u003c/td\u003e\u003ctd\u003eUpgrade to 14.2.6 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eConjur Enterprise on z/OS Credential Provider\u003c/td\u003e\u003ctd\u003e14.0 through 14.2.5\u003c/td\u003e\u003ctd\u003eUpgrade to 14.2.6 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eConjur Enterprise on Credential Provider (CP)\u003c/td\u003e\u003ctd\u003e14.0 through 14.2.5\u003c/td\u003e\u003ctd\u003eUpgrade to 14.2.6 or later.\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e"
                }
              ],
              "value": "VERSION                                                  MINOR VERSION         SUGGESTED SOLUTION\nConjur Enterprise on Idira Secrets Manager               13.0 through 13.8.0   Upgrade to 13.8.1 or later.\nConjur Enterprise on Central Credential Provider (CCP)   14.0 through 14.2.5   Upgrade to 14.2.6 or later.\nConjur Enterprise on z/OS Credential Provider            14.0 through 14.2.5   Upgrade to 14.2.6 or later.\nConjur Enterprise on Credential Provider (CP)            14.0 through 14.2.5   Upgrade to 14.2.6 or later."
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-11T17:10:00.000Z",
              "value": "Initial publication."
            }
          ],
          "title": "Idira Secrets Manager Self-Hosted: Improper Access Control in Internal Cluster Endpoints",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "assignerShortName": "palo_alto",
        "cveId": "CVE-2026-45178",
        "datePublished": "2026-06-11T18:19:08.100Z",
        "dateReserved": "2026-05-08T23:01:00.502Z",
        "dateUpdated": "2026-06-11T19:04:56.256Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0274 (GCVE-0-2026-0274)

    Vulnerability from cvelistv5 – Published: 2026-06-10 21:02 – Updated: 2026-06-12 03:55
    VLAI
    Title
    Cortex XSOAR: Improper Validation of Credentials in CommvaultSecurityIQ integration
    Summary
    An improper validation of credentials vulnerability in the CommvaultSecurityIQ integration for Cortex XSOAR and Cortex XSIAM allows an unauthenticated attacker to access and modify protected resources.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Date Public
    2026-06-10 16:00
    Credits
    our internal security research teams
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0274",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-11T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-12T03:55:32.986Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Cortex XSIAM CommvaultSecurityIQ Marketplace",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "1.2.0",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "1.2.0",
                  "status": "affected",
                  "version": "1.1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Cortex XSOAR CommvaultSecurityIQ Marketplace",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "1.2.0",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "1.2.0",
                  "status": "affected",
                  "version": "1.1.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "configurations": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "No special configuration is required to be affected by this issue."
                }
              ],
              "value": "No special configuration is required to be affected by this issue."
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:palo_alto_networks:cortex_xsiam_commvaultsecurityiq_marketplace:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "1.2.0",
                      "versionStartIncluding": "1.2.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:palo_alto_networks:cortex_xsoar_commvaultsecurityiq_marketplace:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "1.2.0",
                      "versionStartIncluding": "1.2.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "our internal security research teams"
            }
          ],
          "datePublic": "2026-06-10T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An improper validation of credentials vulnerability in the CommvaultSecurityIQ integration for Cortex XSOAR and Cortex XSIAM allows an unauthenticated attacker to access and modify protected resources."
                }
              ],
              "value": "An improper validation of credentials vulnerability in the CommvaultSecurityIQ integration for Cortex XSOAR and Cortex XSIAM allows an unauthenticated attacker to access and modify protected resources."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
                }
              ],
              "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-475",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-475 Signature Spoofing by Improper Validation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NO",
                "Recovery": "USER",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "exploitMaturity": "UNREPORTED",
                "privilegesRequired": "NONE",
                "providerUrgency": "RED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Red",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1390",
                  "description": "CWE-1390 Weak Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-10T21:02:26.497Z",
            "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
            "shortName": "palo_alto"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.paloaltonetworks.com/CVE-2026-0274"
            }
          ],
          "solutions": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003ctable class=\"tbl\"\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eVersion\u003cbr\u003e\u003c/th\u003e\u003cth\u003eMinor Version\u003cbr\u003e\u003c/th\u003e\u003cth\u003eSuggested Solution\u003cbr\u003e\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\n                                \u003ctd\u003eCortex XSIAM CommvaultSecurityIQ Marketplace 1.1\u003cbr\u003e\u003c/td\u003e\n                                \u003ctd\u003e1.1.0 through 1.1.9\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 1.2.0 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003eCortex XSOAR CommvaultSecurityIQ Marketplace 1.1\u003cbr\u003e\u003c/td\u003e\n                                \u003ctd\u003e1.1.0 through 1.1.9\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 1.2.0 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e"
                }
              ],
              "value": "VERSION                                            MINOR VERSION         SUGGESTED SOLUTION\nCortex XSIAM CommvaultSecurityIQ Marketplace 1.1   1.1.0 through 1.1.9   Upgrade to 1.2.0 or later.\nCortex XSOAR CommvaultSecurityIQ Marketplace 1.1   1.1.0 through 1.1.9   Upgrade to 1.2.0 or later."
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-10T16:00:00.000Z",
              "value": "Initial Publication."
            }
          ],
          "title": "Cortex XSOAR: Improper Validation of Credentials in CommvaultSecurityIQ integration",
          "workarounds": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "No known workarounds exist for this issue."
                }
              ],
              "value": "No known workarounds exist for this issue."
            }
          ],
          "x_affectedList": [
            "Cortex XSIAM CommvaultSecurityIQ Marketplace 1.1.0",
            "Cortex XSIAM CommvaultSecurityIQ Marketplace 1.1.1",
            "Cortex XSIAM CommvaultSecurityIQ Marketplace 1.1.2",
            "Cortex XSIAM CommvaultSecurityIQ Marketplace 1.1.3",
            "Cortex XSIAM CommvaultSecurityIQ Marketplace 1.1.4",
            "Cortex XSIAM CommvaultSecurityIQ Marketplace 1.1.5",
            "Cortex XSIAM CommvaultSecurityIQ Marketplace 1.1.6",
            "Cortex XSIAM CommvaultSecurityIQ Marketplace 1.1.7",
            "Cortex XSOAR CommvaultSecurityIQ Marketplace 1.1.0",
            "Cortex XSOAR CommvaultSecurityIQ Marketplace 1.1.1",
            "Cortex XSOAR CommvaultSecurityIQ Marketplace 1.1.2",
            "Cortex XSOAR CommvaultSecurityIQ Marketplace 1.1.3",
            "Cortex XSOAR CommvaultSecurityIQ Marketplace 1.1.4",
            "Cortex XSOAR CommvaultSecurityIQ Marketplace 1.1.5",
            "Cortex XSOAR CommvaultSecurityIQ Marketplace 1.1.6",
            "Cortex XSOAR CommvaultSecurityIQ Marketplace 1.1.7",
            "Cortex XSOAR CommvaultSecurityIQ Marketplace 1.1.8",
            "Cortex XSOAR CommvaultSecurityIQ Marketplace 1.1.9"
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "assignerShortName": "palo_alto",
        "cveId": "CVE-2026-0274",
        "datePublished": "2026-06-10T21:02:26.497Z",
        "dateReserved": "2025-11-03T20:44:33.634Z",
        "dateUpdated": "2026-06-12T03:55:32.986Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0273 (GCVE-0-2026-0273)

    Vulnerability from cvelistv5 – Published: 2026-06-10 21:01 – Updated: 2026-06-11 10:17
    VLAI
    Title
    PAN-OS: Authenticated Admin Command Injection Vulnerability via CLI or Web UI
    Summary
    A command injection vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. To be able to exploit this issue, the user must have access to the PAN-OS CLI or Web UI. The security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators and by restricting access to the management web interface to only trusted internal IP addresses according to our recommended best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . This issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series). Cloud NGFW and Prisma® Access are not affected by this vulnerability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Palo Alto Networks Cloud NGFW Unaffected: All (custom)
    Create a notification for this product.
    Palo Alto Networks PAN-OS Affected: 12.1.0 , < 12.1.4-h7 (custom)
    Affected: 11.2.0 , < 11.2.4-h18 (custom)
    Affected: 11.1.0 , < 11.1.4-h34 (custom)
    Affected: 10.2.0 , < 10.2.7-h35 (custom)
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h13:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.14:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h26:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h25:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h32:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h29:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h25:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h23:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h22:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h20:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h19:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h33:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h32:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h27:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h25:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h13:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h16:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h36:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h31:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h30:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h27:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h26:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h23:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h13:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h34:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h32:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h24:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h23:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h22:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h20:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h19:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h16:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h13:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Palo Alto Networks Prisma Access Unaffected: All (custom)
    Create a notification for this product.
    Date Public
    2026-06-10 16:00
    Credits
    Visa Inc. (external reporter), Rotem Bar (internal reporter), and Deep Product Security Research Team (internal reporter)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0273",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-11T03:55:36.838015Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-11T10:17:28.325Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Cloud NGFW",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h13:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h26:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h25:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h32:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h29:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h25:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h23:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h22:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h20:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h19:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h33:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h32:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h27:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h25:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h13:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h16:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h36:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h31:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h30:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h27:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h26:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h23:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h13:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h34:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h32:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h24:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h23:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h22:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h20:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h19:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h16:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h13:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "PAN-OS",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "12.1.4-h7",
                      "status": "unaffected"
                    },
                    {
                      "at": "12.1.7",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "12.1.4-h7",
                  "status": "affected",
                  "version": "12.1.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "11.2.4-h18",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.2.7-h16",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.2.10-h9",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.2.12",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "11.2.4-h18",
                  "status": "affected",
                  "version": "11.2.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "11.1.4-h34",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.6-h33",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.7-h7",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.10-h27",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.13-h7",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.15",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "11.1.4-h34",
                  "status": "affected",
                  "version": "11.1.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "10.2.7-h35",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.10-h37",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.13-h22",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.16-h8",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.18-h7",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "10.2.7-h35",
                  "status": "affected",
                  "version": "10.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Prisma Access",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "configurations": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "No special configuration is required to be affected by this issue."
                }
              ],
              "value": "No special configuration is required to be affected by this issue."
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "12.1.4-h7",
                      "versionStartIncluding": "12.1.4",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "12.1.7",
                      "versionStartIncluding": "12.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.2.4-h18",
                      "versionStartIncluding": "11.2.4",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.2.7-h16",
                      "versionStartIncluding": "11.2.7",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.2.10-h9",
                      "versionStartIncluding": "11.2.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.2.12",
                      "versionStartIncluding": "11.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.4-h34",
                      "versionStartIncluding": "11.1.4",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.6-h33",
                      "versionStartIncluding": "11.1.6",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.7-h7",
                      "versionStartIncluding": "11.1.7",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.10-h27",
                      "versionStartIncluding": "11.1.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.13-h7",
                      "versionStartIncluding": "11.1.13",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.15",
                      "versionStartIncluding": "11.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.7-h35",
                      "versionStartIncluding": "10.2.7",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.10-h37",
                      "versionStartIncluding": "10.2.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.13-h22",
                      "versionStartIncluding": "10.2.13",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.16-h8",
                      "versionStartIncluding": "10.2.16",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.18-h7",
                      "versionStartIncluding": "10.2.18",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Visa Inc. (external reporter), Rotem Bar (internal reporter), and Deep Product Security Research Team (internal reporter)"
            }
          ],
          "datePublic": "2026-06-10T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A command injection vulnerability in Palo Alto Networks PAN-OS\u00ae software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. To be able to exploit this issue, the user must have access to the PAN-OS CLI or Web UI.\u003cbr\u003e\u003cbr\u003eThe security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators and by restricting access to the management web interface to only trusted internal IP addresses according to our recommended \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"\u003ebest practice deployment guidelines\u003c/a\u003e.\u003cbr\u003e\u003cbr\u003eThis issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series).\u003cbr\u003e\u003cbr\u003eCloud NGFW and Prisma\u00ae Access are not affected by this vulnerability."
                }
              ],
              "value": "A command injection vulnerability in Palo Alto Networks PAN-OS\u00ae software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. To be able to exploit this issue, the user must have access to the PAN-OS CLI or Web UI.\n\nThe security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators and by restricting access to the management web interface to only trusted internal IP addresses according to our recommended  best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .\n\nThis issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series).\n\nCloud NGFW and Prisma\u00ae Access are not affected by this vulnerability."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
                }
              ],
              "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-248",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-248 Command Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NO",
                "Recovery": "USER",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "UNREPORTED",
                "privilegesRequired": "HIGH",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "The risk is highest when you allow access to the management interface from external IP addresses on the internet. Our recommendation is to remediate as soon as possible."
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NO",
                "Recovery": "USER",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 5.7,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "UNREPORTED",
                "privilegesRequired": "HIGH",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "You can reduce the risk of exploitation by restricting access to a jump box that is the only system allowed to access the management interface. This will ensure that attacks can succeed only if they obtain privileged access through those specified IP addresses."
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-10T21:01:45.198Z",
            "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
            "shortName": "palo_alto"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.paloaltonetworks.com/CVE-2026-0273"
            }
          ],
          "solutions": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003ctable class=\"tbl\"\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eVersion\u003c/th\u003e\u003cth\u003eMinor Version Range\u003c/th\u003e\u003cth\u003eSuggested Solution\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eCloud NGFW\u003c/td\u003e\u003ctd\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 12.1\u003c/td\u003e\u003ctd\u003e12.1.5 through 12.1.6\u003cbr\u003e\u003c/td\u003e\u003ctd\u003eUpgrade to 12.1.7 or later.\u003cbr\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u0026nbsp;\u003c/td\u003e\u003ctd\u003e\u003cspan\u003e12.1.2 through 12.1.4-h*\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan\u003eUpgrade to 12.1.4-h7 or 12.1.7 or later.\u003c/span\u003e\u003cbr\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan\u003ePAN-OS 11.2\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e11.2.11 or later\u003c/td\u003e\u003ctd\u003eUpgrade to 11.2.12 or later.\u003cbr\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.2.8 through 11.2.10-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.2.10-h9 or 11.2.12 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.2.5 through 11.2.7-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.2.7-h16 or 11.2.12 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.2.0 through 11.2.4-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.2.4-h18 or 11.2.12 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan\u003ePAN-OS 11.1\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e11.1.14 or later\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.15 or later.\u003cbr\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.1.11 through 11.1.13-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.13-h7 or 11.1.15 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u0026nbsp;\u003c/td\u003e\u003ctd\u003e11.1.8 through 11.1.10-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.10-h27 or 11.1.15 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.1.7 through 11.1.7-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.7-h7 or 11.1.15 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.1.5 through 11.1.6-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.6-h33 or 11.1.15 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.1.0 through 11.1.4-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.4-h34 or 11.1.15 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 10.2\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e10.2.17 or later\u003cbr\u003e\u003c/td\u003e\u003ctd\u003eUpgrade to 10.2.18-h7 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e10.2.14 through 10.2.16-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 10.2.16-h8 or 10.2.18-h7 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e10.2.11 through 10.2.13-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 10.2.13-h22 or 10.2.18-h7 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e10.2.8 through 10.2.10-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 10.2.10-h37 or 10.2.18-h7 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e10.2.0 through 10.2.7-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 10.2.7-h35 or 10.2.18-h7 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eAll other older\u003cbr\u003eunsupported\u003cbr\u003ePAN-OS versions\u003c/td\u003e\u003ctd\u003e\u003c/td\u003e\u003ctd\u003eUpgrade to a supported fixed version.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePrisma Access\u003c/td\u003e\u003ctd\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e"
                }
              ],
              "value": "VERSION           MINOR VERSION RANGE          SUGGESTED SOLUTION\nCloud NGFW                                     No action needed.\nPAN-OS 12.1       12.1.5 through 12.1.6        Upgrade to 12.1.7 or later.\n\u00a0                 12.1.2 through 12.1.4-h*     Upgrade to 12.1.4-h7 or 12.1.7 or later.\nPAN-OS 11.2       11.2.11 or later             Upgrade to 11.2.12 or later.\n                  11.2.8 through 11.2.10-h*    Upgrade to 11.2.10-h9 or 11.2.12 or later.\n                  11.2.5 through 11.2.7-h*     Upgrade to 11.2.7-h16 or 11.2.12 or later.\n                  11.2.0 through 11.2.4-h*     Upgrade to 11.2.4-h18 or 11.2.12 or later.\nPAN-OS 11.1       11.1.14 or later             Upgrade to 11.1.15 or later.\n                  11.1.11 through 11.1.13-h*   Upgrade to 11.1.13-h7 or 11.1.15 or later.\n\u00a0                 11.1.8 through 11.1.10-h*    Upgrade to 11.1.10-h27 or 11.1.15 or later.\n                  11.1.7 through 11.1.7-h*     Upgrade to 11.1.7-h7 or 11.1.15 or later.\n                  11.1.5 through 11.1.6-h*     Upgrade to 11.1.6-h33 or 11.1.15 or later.\n                  11.1.0 through 11.1.4-h*     Upgrade to 11.1.4-h34 or 11.1.15 or later.\nPAN-OS 10.2       10.2.17 or later             Upgrade to 10.2.18-h7 or later.\n                  10.2.14 through 10.2.16-h*   Upgrade to 10.2.16-h8 or 10.2.18-h7 or later.\n                  10.2.11 through 10.2.13-h*   Upgrade to 10.2.13-h22 or 10.2.18-h7 or later.\n                  10.2.8 through 10.2.10-h*    Upgrade to 10.2.10-h37 or 10.2.18-h7 or later.\n                  10.2.0 through 10.2.7-h*     Upgrade to 10.2.7-h35 or 10.2.18-h7 or later.\nAll other older                                Upgrade to a supported fixed version.\nunsupported\nPAN-OS versions\nPrisma Access                                  No action needed."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-10T16:00:00.000Z",
              "value": "Initial Publication"
            }
          ],
          "title": "PAN-OS: Authenticated Admin Command Injection Vulnerability via CLI or Web UI",
          "workarounds": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003e\u003cspan\u003eThe vast majority of firewalls already follow Palo Alto Networks\u0027 and industry best practices. However, if you have not done so already, we strongly recommend that you secure access to your management interface according to our \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/critical-recommendations-for-deployment-guides-how-to-secure-the/ba-p/464431\"\u003e\u003cspan\u003ebest practice deployment guidelines\u003c/span\u003e\u003c/a\u003e\u003cspan\u003e. Specifically, you should restrict management interface access to only trusted internal IP addresses.\u003c/span\u003e\u003cb\u003e\u003cspan\u003e\u003cbr\u003e\u003c/span\u003e\u003cspan\u003e\u003cbr\u003e\u003c/span\u003e\u003c/b\u003e\u003cspan\u003eReview information about how to secure management access to your Palo Alto Networks firewalls:\u003c/span\u003e\u003cb\u003e\u003cspan\u003e\u003cbr\u003e\u003c/span\u003e\u003cspan\u003e\u003cbr\u003e\u003c/span\u003e\u003c/b\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"\u003e\u003cspan\u003ePalo Alto Networks LIVEcommunity article\u003c/span\u003e\u003c/a\u003e\u003cb\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"\u003e\u003cspan\u003e\u003cbr\u003e\u003c/span\u003e\u003cspan\u003e\u003cbr\u003e\u003c/span\u003e\u003c/a\u003e\u003c/b\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices\"\u003e\u003cspan\u003ePalo Alto Networks official and detailed technical documentation\u003c/span\u003e\u003c/a\u003e\u003cbr\u003e\u003c/p\u003e"
                }
              ],
              "value": "The vast majority of firewalls already follow Palo Alto Networks\u0027 and industry best practices. However, if you have not done so already, we strongly recommend that you secure access to your management interface according to our best practice deployment guidelines (https://live.paloaltonetworks.com/t5/community-blogs/critical-recommendations-for-deployment-guides-how-to-secure-the/ba-p/464431). Specifically, you should restrict management interface access to only trusted internal IP addresses.\n\nReview information about how to secure management access to your Palo Alto Networks firewalls:\n\nPalo Alto Networks LIVEcommunity article (https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431)\n\nhttps://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431Palo Alto Networks official and detailed technical documentation (https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices)"
            }
          ],
          "x_affectedList": [
            "PAN-OS 12.1.6",
            "PAN-OS 12.1.5",
            "PAN-OS 12.1.4-h6",
            "PAN-OS 12.1.4-h5",
            "PAN-OS 12.1.4-h3",
            "PAN-OS 12.1.4-h2",
            "PAN-OS 12.1.4",
            "PAN-OS 12.1.3-h3",
            "PAN-OS 12.1.3-h1",
            "PAN-OS 12.1.3",
            "PAN-OS 12.1.2",
            "PAN-OS 11.2.11",
            "PAN-OS 11.2.10-h8",
            "PAN-OS 11.2.10-h7",
            "PAN-OS 11.2.10-h6",
            "PAN-OS 11.2.10-h5",
            "PAN-OS 11.2.10-h4",
            "PAN-OS 11.2.10-h3",
            "PAN-OS 11.2.10-h2",
            "PAN-OS 11.2.10-h1",
            "PAN-OS 11.2.10",
            "PAN-OS 11.2.9",
            "PAN-OS 11.2.8",
            "PAN-OS 11.2.7-h15",
            "PAN-OS 11.2.7-h14",
            "PAN-OS 11.2.7-h13",
            "PAN-OS 11.2.7-h12",
            "PAN-OS 11.2.7-h11",
            "PAN-OS 11.2.7-h10",
            "PAN-OS 11.2.7-h8",
            "PAN-OS 11.2.7-h7",
            "PAN-OS 11.2.7-h4",
            "PAN-OS 11.2.7-h3",
            "PAN-OS 11.2.7-h2",
            "PAN-OS 11.2.7-h1",
            "PAN-OS 11.2.7",
            "PAN-OS 11.2.6",
            "PAN-OS 11.2.5",
            "PAN-OS 11.2.4-h17",
            "PAN-OS 11.2.4-h15",
            "PAN-OS 11.2.4-h14",
            "PAN-OS 11.2.4-h12",
            "PAN-OS 11.2.4-h11",
            "PAN-OS 11.2.4-h10",
            "PAN-OS 11.2.4-h9",
            "PAN-OS 11.2.4-h8",
            "PAN-OS 11.2.4-h7",
            "PAN-OS 11.2.4-h6",
            "PAN-OS 11.2.4-h5",
            "PAN-OS 11.2.4-h4",
            "PAN-OS 11.2.4-h3",
            "PAN-OS 11.2.4-h2",
            "PAN-OS 11.2.4-h1",
            "PAN-OS 11.2.4",
            "PAN-OS 11.2.3-h5",
            "PAN-OS 11.2.3-h4",
            "PAN-OS 11.2.3-h3",
            "PAN-OS 11.2.3-h2",
            "PAN-OS 11.2.3-h1",
            "PAN-OS 11.2.3",
            "PAN-OS 11.2.2-h2",
            "PAN-OS 11.2.2-h1",
            "PAN-OS 11.2.1-h1",
            "PAN-OS 11.2.1",
            "PAN-OS 11.2.0-h1",
            "PAN-OS 11.2.0",
            "PAN-OS 11.1.14",
            "PAN-OS 11.1.13-h6",
            "PAN-OS 11.1.13-h5",
            "PAN-OS 11.1.13-h3",
            "PAN-OS 11.1.13-h2",
            "PAN-OS 11.1.13-h1",
            "PAN-OS 11.1.13",
            "PAN-OS 11.1.12",
            "PAN-OS 11.1.11",
            "PAN-OS 11.1.10-h26",
            "PAN-OS 11.1.10-h25",
            "PAN-OS 11.1.10-h21",
            "PAN-OS 11.1.10-h12",
            "PAN-OS 11.1.10-h10",
            "PAN-OS 11.1.10-h9",
            "PAN-OS 11.1.10-h7",
            "PAN-OS 11.1.10-h5",
            "PAN-OS 11.1.10-h4",
            "PAN-OS 11.1.10-h1",
            "PAN-OS 11.1.10",
            "PAN-OS 11.1.9",
            "PAN-OS 11.1.8",
            "PAN-OS 11.1.6-h32",
            "PAN-OS 11.1.6-h29",
            "PAN-OS 11.1.6-h25",
            "PAN-OS 11.1.6-h23",
            "PAN-OS 11.1.6-h22",
            "PAN-OS 11.1.6-h21",
            "PAN-OS 11.1.6-h20",
            "PAN-OS 11.1.6-h19",
            "PAN-OS 11.1.6-h18",
            "PAN-OS 11.1.6-h17",
            "PAN-OS 11.1.6-h14",
            "PAN-OS 11.1.6-h10",
            "PAN-OS 11.1.6-h7",
            "PAN-OS 11.1.6-h6",
            "PAN-OS 11.1.6-h4",
            "PAN-OS 11.1.6-h3",
            "PAN-OS 11.1.6-h2",
            "PAN-OS 11.1.6-h1",
            "PAN-OS 11.1.6",
            "PAN-OS 11.1.5-h1",
            "PAN-OS 11.1.5",
            "PAN-OS 11.1.4-h33",
            "PAN-OS 11.1.4-h32",
            "PAN-OS 11.1.4-h27",
            "PAN-OS 11.1.4-h25",
            "PAN-OS 11.1.4-h18",
            "PAN-OS 11.1.4-h17",
            "PAN-OS 11.1.4-h15",
            "PAN-OS 11.1.4-h13",
            "PAN-OS 11.1.4-h12",
            "PAN-OS 11.1.4-h11",
            "PAN-OS 11.1.4-h10",
            "PAN-OS 11.1.4-h9",
            "PAN-OS 11.1.4-h8",
            "PAN-OS 11.1.4-h7",
            "PAN-OS 11.1.4-h6",
            "PAN-OS 11.1.4-h5",
            "PAN-OS 11.1.4-h4",
            "PAN-OS 11.1.4-h3",
            "PAN-OS 11.1.4-h2",
            "PAN-OS 11.1.4-h1",
            "PAN-OS 11.1.4",
            "PAN-OS 11.1.3-h13",
            "PAN-OS 11.1.3-h12",
            "PAN-OS 11.1.3-h11",
            "PAN-OS 11.1.3-h10",
            "PAN-OS 11.1.3-h9",
            "PAN-OS 11.1.3-h8",
            "PAN-OS 11.1.3-h7",
            "PAN-OS 11.1.3-h6",
            "PAN-OS 11.1.3-h5",
            "PAN-OS 11.1.3-h4",
            "PAN-OS 11.1.3-h3",
            "PAN-OS 11.1.3-h2",
            "PAN-OS 11.1.3-h1",
            "PAN-OS 11.1.3",
            "PAN-OS 11.1.2-h18",
            "PAN-OS 11.1.2-h17",
            "PAN-OS 11.1.2-h16",
            "PAN-OS 11.1.2-h15",
            "PAN-OS 11.1.2-h14",
            "PAN-OS 11.1.2-h13",
            "PAN-OS 11.1.2-h12",
            "PAN-OS 11.1.2-h11",
            "PAN-OS 11.1.2-h10",
            "PAN-OS 11.1.2-h9",
            "PAN-OS 11.1.2-h8",
            "PAN-OS 11.1.2-h7",
            "PAN-OS 11.1.2-h6",
            "PAN-OS 11.1.2-h5",
            "PAN-OS 11.1.2-h4",
            "PAN-OS 11.1.2-h3",
            "PAN-OS 11.1.2-h2",
            "PAN-OS 11.1.2-h1",
            "PAN-OS 11.1.2",
            "PAN-OS 11.1.1-h2",
            "PAN-OS 11.1.1-h1",
            "PAN-OS 11.1.1",
            "PAN-OS 11.1.0-h4",
            "PAN-OS 11.1.0-h3",
            "PAN-OS 11.1.0-h2",
            "PAN-OS 11.1.0-h1",
            "PAN-OS 11.1.0",
            "PAN-OS 10.2.18-h6",
            "PAN-OS 10.2.18-h5",
            "PAN-OS 10.2.18-h1",
            "PAN-OS 10.2.18",
            "PAN-OS 10.2.17",
            "PAN-OS 10.2.16-h7",
            "PAN-OS 10.2.16-h6",
            "PAN-OS 10.2.16-h4",
            "PAN-OS 10.2.16-h1",
            "PAN-OS 10.2.16",
            "PAN-OS 10.2.15",
            "PAN-OS 10.2.14-h1",
            "PAN-OS 10.2.14",
            "PAN-OS 10.2.13-h21",
            "PAN-OS 10.2.13-h18",
            "PAN-OS 10.2.13-h16",
            "PAN-OS 10.2.13-h15",
            "PAN-OS 10.2.13-h10",
            "PAN-OS 10.2.13-h7",
            "PAN-OS 10.2.13-h5",
            "PAN-OS 10.2.13-h4",
            "PAN-OS 10.2.13-h3",
            "PAN-OS 10.2.13-h2",
            "PAN-OS 10.2.13-h1",
            "PAN-OS 10.2.13",
            "PAN-OS 10.2.12-h6",
            "PAN-OS 10.2.12-h5",
            "PAN-OS 10.2.12-h4",
            "PAN-OS 10.2.12-h3",
            "PAN-OS 10.2.12-h2",
            "PAN-OS 10.2.12-h1",
            "PAN-OS 10.2.12",
            "PAN-OS 10.2.11-h13",
            "PAN-OS 10.2.11-h12",
            "PAN-OS 10.2.11-h11",
            "PAN-OS 10.2.11-h10",
            "PAN-OS 10.2.11-h9",
            "PAN-OS 10.2.11-h8",
            "PAN-OS 10.2.11-h7",
            "PAN-OS 10.2.11-h6",
            "PAN-OS 10.2.11-h5",
            "PAN-OS 10.2.11-h4",
            "PAN-OS 10.2.11-h3",
            "PAN-OS 10.2.11-h2",
            "PAN-OS 10.2.11-h1",
            "PAN-OS 10.2.11",
            "PAN-OS 10.2.10-h36",
            "PAN-OS 10.2.10-h31",
            "PAN-OS 10.2.10-h30",
            "PAN-OS 10.2.10-h27",
            "PAN-OS 10.2.10-h26",
            "PAN-OS 10.2.10-h23",
            "PAN-OS 10.2.10-h21",
            "PAN-OS 10.2.10-h18",
            "PAN-OS 10.2.10-h17",
            "PAN-OS 10.2.10-h14",
            "PAN-OS 10.2.10-h13",
            "PAN-OS 10.2.10-h12",
            "PAN-OS 10.2.10-h11",
            "PAN-OS 10.2.10-h10",
            "PAN-OS 10.2.10-h9",
            "PAN-OS 10.2.10-h8",
            "PAN-OS 10.2.10-h7",
            "PAN-OS 10.2.10-h6",
            "PAN-OS 10.2.10-h5",
            "PAN-OS 10.2.10-h4",
            "PAN-OS 10.2.10-h3",
            "PAN-OS 10.2.10-h2",
            "PAN-OS 10.2.10-h1",
            "PAN-OS 10.2.10",
            "PAN-OS 10.2.9-h21",
            "PAN-OS 10.2.9-h20",
            "PAN-OS 10.2.9-h19",
            "PAN-OS 10.2.9-h18",
            "PAN-OS 10.2.9-h17",
            "PAN-OS 10.2.9-h16",
            "PAN-OS 10.2.9-h15",
            "PAN-OS 10.2.9-h14",
            "PAN-OS 10.2.9-h13",
            "PAN-OS 10.2.9-h12",
            "PAN-OS 10.2.9-h11",
            "PAN-OS 10.2.9-h10",
            "PAN-OS 10.2.9-h9",
            "PAN-OS 10.2.9-h8",
            "PAN-OS 10.2.9-h7",
            "PAN-OS 10.2.9-h6",
            "PAN-OS 10.2.9-h5",
            "PAN-OS 10.2.9-h4",
            "PAN-OS 10.2.9-h3",
            "PAN-OS 10.2.9-h2",
            "PAN-OS 10.2.9-h1",
            "PAN-OS 10.2.9",
            "PAN-OS 10.2.8-h21",
            "PAN-OS 10.2.8-h20",
            "PAN-OS 10.2.8-h19",
            "PAN-OS 10.2.8-h18",
            "PAN-OS 10.2.8-h17",
            "PAN-OS 10.2.8-h16",
            "PAN-OS 10.2.8-h15",
            "PAN-OS 10.2.8-h14",
            "PAN-OS 10.2.8-h13",
            "PAN-OS 10.2.8-h12",
            "PAN-OS 10.2.8-h11",
            "PAN-OS 10.2.8-h10",
            "PAN-OS 10.2.8-h9",
            "PAN-OS 10.2.8-h8",
            "PAN-OS 10.2.8-h7",
            "PAN-OS 10.2.8-h6",
            "PAN-OS 10.2.8-h5",
            "PAN-OS 10.2.8-h4",
            "PAN-OS 10.2.8-h3",
            "PAN-OS 10.2.8-h2",
            "PAN-OS 10.2.8-h1",
            "PAN-OS 10.2.8",
            "PAN-OS 10.2.7-h34",
            "PAN-OS 10.2.7-h32",
            "PAN-OS 10.2.7-h24",
            "PAN-OS 10.2.7-h23",
            "PAN-OS 10.2.7-h22",
            "PAN-OS 10.2.7-h21",
            "PAN-OS 10.2.7-h20",
            "PAN-OS 10.2.7-h19",
            "PAN-OS 10.2.7-h18",
            "PAN-OS 10.2.7-h17",
            "PAN-OS 10.2.7-h16",
            "PAN-OS 10.2.7-h15",
            "PAN-OS 10.2.7-h14",
            "PAN-OS 10.2.7-h13",
            "PAN-OS 10.2.7-h12",
            "PAN-OS 10.2.7-h11",
            "PAN-OS 10.2.7-h10",
            "PAN-OS 10.2.7-h9",
            "PAN-OS 10.2.7-h8",
            "PAN-OS 10.2.7-h7",
            "PAN-OS 10.2.7-h6",
            "PAN-OS 10.2.7-h5",
            "PAN-OS 10.2.7-h4",
            "PAN-OS 10.2.7-h3",
            "PAN-OS 10.2.7-h2",
            "PAN-OS 10.2.7-h1",
            "PAN-OS 10.2.7",
            "PAN-OS 10.2.6-h6",
            "PAN-OS 10.2.6-h5",
            "PAN-OS 10.2.6-h4",
            "PAN-OS 10.2.6-h3",
            "PAN-OS 10.2.6-h2",
            "PAN-OS 10.2.6-h1",
            "PAN-OS 10.2.6",
            "PAN-OS 10.2.5-h9",
            "PAN-OS 10.2.5-h8",
            "PAN-OS 10.2.5-h7",
            "PAN-OS 10.2.5-h6",
            "PAN-OS 10.2.5-h5",
            "PAN-OS 10.2.5-h4",
            "PAN-OS 10.2.5-h3",
            "PAN-OS 10.2.5-h2",
            "PAN-OS 10.2.5-h1",
            "PAN-OS 10.2.5",
            "PAN-OS 10.2.4-h32",
            "PAN-OS 10.2.4-h31",
            "PAN-OS 10.2.4-h30",
            "PAN-OS 10.2.4-h29",
            "PAN-OS 10.2.4-h28",
            "PAN-OS 10.2.4-h27",
            "PAN-OS 10.2.4-h26",
            "PAN-OS 10.2.4-h25",
            "PAN-OS 10.2.4-h24",
            "PAN-OS 10.2.4-h23",
            "PAN-OS 10.2.4-h22",
            "PAN-OS 10.2.4-h21",
            "PAN-OS 10.2.4-h20",
            "PAN-OS 10.2.4-h19",
            "PAN-OS 10.2.4-h18",
            "PAN-OS 10.2.4-h17",
            "PAN-OS 10.2.4-h16",
            "PAN-OS 10.2.4-h15",
            "PAN-OS 10.2.4-h14",
            "PAN-OS 10.2.4-h13",
            "PAN-OS 10.2.4-h12",
            "PAN-OS 10.2.4-h11",
            "PAN-OS 10.2.4-h10",
            "PAN-OS 10.2.4-h9",
            "PAN-OS 10.2.4-h8",
            "PAN-OS 10.2.4-h7",
            "PAN-OS 10.2.4-h6",
            "PAN-OS 10.2.4-h5",
            "PAN-OS 10.2.4-h4",
            "PAN-OS 10.2.4-h3",
            "PAN-OS 10.2.4-h2",
            "PAN-OS 10.2.4-h1",
            "PAN-OS 10.2.4",
            "PAN-OS 10.2.3-h14",
            "PAN-OS 10.2.3-h13",
            "PAN-OS 10.2.3-h12",
            "PAN-OS 10.2.3-h11",
            "PAN-OS 10.2.3-h10",
            "PAN-OS 10.2.3-h9",
            "PAN-OS 10.2.3-h8",
            "PAN-OS 10.2.3-h7",
            "PAN-OS 10.2.3-h6",
            "PAN-OS 10.2.3-h5",
            "PAN-OS 10.2.3-h4",
            "PAN-OS 10.2.3-h3",
            "PAN-OS 10.2.3-h2",
            "PAN-OS 10.2.3-h1",
            "PAN-OS 10.2.3",
            "PAN-OS 10.2.2-h6",
            "PAN-OS 10.2.2-h5",
            "PAN-OS 10.2.2-h4",
            "PAN-OS 10.2.2-h3",
            "PAN-OS 10.2.2-h2",
            "PAN-OS 10.2.2-h1",
            "PAN-OS 10.2.2",
            "PAN-OS 10.2.1-h3",
            "PAN-OS 10.2.1-h2",
            "PAN-OS 10.2.1-h1",
            "PAN-OS 10.2.1",
            "PAN-OS 10.2.0-h4",
            "PAN-OS 10.2.0-h3",
            "PAN-OS 10.2.0-h2",
            "PAN-OS 10.2.0-h1",
            "PAN-OS 10.2.0"
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "assignerShortName": "palo_alto",
        "cveId": "CVE-2026-0273",
        "datePublished": "2026-06-10T21:01:45.198Z",
        "dateReserved": "2025-11-03T20:44:32.837Z",
        "dateUpdated": "2026-06-11T10:17:28.325Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0272 (GCVE-0-2026-0272)

    Vulnerability from cvelistv5 – Published: 2026-06-10 21:01 – Updated: 2026-06-11 10:17
    VLAI
    Title
    PAN-OS: Privilege Escalation (PE) Vulnerability in the Command Line Interface (CLI)
    Summary
    A privilege escalation vulnerability in Palo Alto Networks PAN-OS® software allows an authenticated administrator with access to the Command Line Interface (CLI) to perform actions on the device with root privileges. The security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators and by restricting access to the management interface to only trusted internal IP addresses according to our recommended best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . This issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series). Cloud NGFW, and Prisma® Access are not impacted by this vulnerability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Palo Alto Networks Cloud NGFW Unaffected: All (custom)
    Create a notification for this product.
    Palo Alto Networks PAN-OS Affected: 12.1.0 , < 12.1.4-h7 (custom)
    Affected: 11.2.0 , < 11.2.4-h18 (custom)
    Affected: 11.1.0 , < 11.1.4-h34 (custom)
    Affected: 10.2.0 , < 10.2.7-h35 (custom)
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h13:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h26:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h25:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h32:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h29:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h25:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h23:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h22:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h20:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h19:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h33:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h32:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h27:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h25:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h13:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h16:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h36:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h31:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h30:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h27:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h26:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h23:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h13:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h34:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h32:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h24:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h23:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h22:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h20:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h19:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h16:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h13:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Palo Alto Networks Prisma Access Unaffected: All (custom)
    Create a notification for this product.
    Date Public
    2026-06-10 16:00
    Credits
    Palo Alto Networks thanks an external reporter, Frigo, for discovering and reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0272",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-11T03:55:35.701340Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-11T10:17:40.792Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Cloud NGFW",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h13:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h26:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h25:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h32:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h29:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h25:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h23:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h22:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h20:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h19:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h33:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h32:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h27:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h25:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h13:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h16:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h36:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h31:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h30:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h27:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h26:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h23:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h13:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h34:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h32:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h24:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h23:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h22:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h20:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h19:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h16:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h13:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "PAN-OS",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "12.1.4-h7",
                      "status": "unaffected"
                    },
                    {
                      "at": "12.1.5",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "12.1.4-h7",
                  "status": "affected",
                  "version": "12.1.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "11.2.4-h18",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.2.7-h16",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.2.10-h9",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.2.11",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "11.2.4-h18",
                  "status": "affected",
                  "version": "11.2.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "11.1.4-h34",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.6-h33",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.7-h7",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.10-h27",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.13-h7",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.14",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "11.1.4-h34",
                  "status": "affected",
                  "version": "11.1.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "10.2.7-h35",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.10-h37",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.13-h22",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.16-h8",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.18-h5",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "10.2.7-h35",
                  "status": "affected",
                  "version": "10.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Prisma Access",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "configurations": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eNo special configuration is required to be affected by this issue.\u003c/p\u003e"
                }
              ],
              "value": "No special configuration is required to be affected by this issue."
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "12.1.4-h7",
                      "versionStartIncluding": "12.1.2",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.2.4-h18",
                      "versionStartIncluding": "11.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.2.7-h16",
                      "versionStartIncluding": "11.2.5",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.2.10-h9",
                      "versionStartIncluding": "11.2.8",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.2.11",
                      "versionStartIncluding": "11.2.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.4-h34",
                      "versionStartIncluding": "11.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.6-h33",
                      "versionStartIncluding": "11.1.5",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.7-h7",
                      "versionStartIncluding": "11.1.7",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.10-h27",
                      "versionStartIncluding": "11.1.8",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.13-h7",
                      "versionStartIncluding": "11.1.11",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.14",
                      "versionStartIncluding": "11.1.13",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.7-h35",
                      "versionStartIncluding": "10.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.10-h37",
                      "versionStartIncluding": "10.2.8",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.13-h22",
                      "versionStartIncluding": "10.2.11",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.16-h8",
                      "versionStartIncluding": "10.2.14",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.18-h5",
                      "versionStartIncluding": "10.2.17",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "other",
              "value": "Palo Alto Networks thanks an external reporter, Frigo, for discovering and reporting this issue."
            }
          ],
          "datePublic": "2026-06-10T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eA privilege escalation vulnerability in Palo Alto Networks PAN-OS\u00ae software allows an authenticated administrator with access to the Command Line Interface (CLI) to perform actions on the device with root privileges.\u003c/p\u003e\u003cp\u003eThe security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators and by restricting access to the management interface to only trusted internal IP addresses according to our recommended \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"\u003ebest practice deployment guidelines\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eThis issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series).\u003cbr\u003e\u003cbr\u003eCloud NGFW, and Prisma\u00ae Access are not impacted by this vulnerability.\u003c/p\u003e"
                }
              ],
              "value": "A privilege escalation vulnerability in Palo Alto Networks PAN-OS\u00ae software allows an authenticated administrator with access to the Command Line Interface (CLI) to perform actions on the device with root privileges.\n\n\n\nThe security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators and by restricting access to the management interface to only trusted internal IP addresses according to our recommended  best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .\n\n\n\nThis issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series).\n\nCloud NGFW, and Prisma\u00ae Access are not impacted by this vulnerability."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003ePalo Alto Networks is not aware of any malicious exploitation of this issue.\u003c/p\u003e"
                }
              ],
              "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-233",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-233 Privilege Escalation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NO",
                "Recovery": "USER",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "UNREPORTED",
                "privilegesRequired": "HIGH",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "CONCENTRATED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:C/RE:M/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "The risk is highest when you allow access to the management interface from external IP addresses on the internet."
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NO",
                "Recovery": "USER",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 5.6,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "UNREPORTED",
                "privilegesRequired": "HIGH",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "CONCENTRATED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:C/RE:M/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "You can reduce the risk of exploitation by restricting access to a jump box that is the only system allowed to access the management interface."
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-10T21:01:10.714Z",
            "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
            "shortName": "palo_alto"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.paloaltonetworks.com/CVE-2026-0272"
            }
          ],
          "solutions": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003ctable class=\"tbl\"\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eVersion\u003c/th\u003e\u003cth\u003eMinor Version Range\u003c/th\u003e\u003cth\u003eSuggested Solution\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eCloud NGFW\u003c/td\u003e\u003ctd\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 12.1\u003c/td\u003e\u003ctd\u003e12.1.2 through 12.1.4-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 12.1.4-h7 or 12.1.5 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 11.2\u003c/td\u003e\u003ctd\u003e11.2.8 through 11.2.10-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.2.10-h9 or 11.2.11 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.2.5 through 11.2.7-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.2.7-h16 or 11.2.11 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.2.0 through 11.2.4-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.2.4-h18 or 11.2.11 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 11.1\u003c/td\u003e\u003ctd\u003e11.1.11 through 11.1.13-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.13-h7 or 11.1.14 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.1.7 through 11.1.10-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.10-h27 or 11.1.14 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.1.5 through 11.1.6-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.6-h33 or 11.1.14 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.1.0 through 11.1.4-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.4-h34 or 11.1.14 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 10.2\u003c/td\u003e\u003ctd\u003e10.2.17 through 10.2.18-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 10.2.18-h5 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e10.2.14 through 10.2.16-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 10.2.16-h8 or 10.2.18-h5 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e10.2.11 through 10.2.13-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 10.2.13-h22 or 10.2.18-h5 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e10.2.8 through 10.2.10-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 10.2.10-h37 or 10.2.18-h5 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e10.2.0 through 10.2.7-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 10.2.7-h35 or 10.2.18-h5 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eAll other older\u003cbr\u003eunsupported\u003cbr\u003ePAN-OS versions\u003c/td\u003e\u003ctd\u003e\u003c/td\u003e\u003ctd\u003eUpgrade to a supported fixed version.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePrisma Access\u003c/td\u003e\u003ctd\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e"
                }
              ],
              "value": "VERSION           MINOR VERSION RANGE          SUGGESTED SOLUTION\nCloud NGFW                                     No action needed.\nPAN-OS 12.1       12.1.2 through 12.1.4-h*     Upgrade to 12.1.4-h7 or 12.1.5 or later.\nPAN-OS 11.2       11.2.8 through 11.2.10-h*    Upgrade to 11.2.10-h9 or 11.2.11 or later.\n                  11.2.5 through 11.2.7-h*     Upgrade to 11.2.7-h16 or 11.2.11 or later.\n                  11.2.0 through 11.2.4-h*     Upgrade to 11.2.4-h18 or 11.2.11 or later.\nPAN-OS 11.1       11.1.11 through 11.1.13-h*   Upgrade to 11.1.13-h7 or 11.1.14 or later.\n                  11.1.7 through 11.1.10-h*    Upgrade to 11.1.10-h27 or 11.1.14 or later.\n                  11.1.5 through 11.1.6-h*     Upgrade to 11.1.6-h33 or 11.1.14 or later.\n                  11.1.0 through 11.1.4-h*     Upgrade to 11.1.4-h34 or 11.1.14 or later.\nPAN-OS 10.2       10.2.17 through 10.2.18-h*   Upgrade to 10.2.18-h5 or later.\n                  10.2.14 through 10.2.16-h*   Upgrade to 10.2.16-h8 or 10.2.18-h5 or later.\n                  10.2.11 through 10.2.13-h*   Upgrade to 10.2.13-h22 or 10.2.18-h5 or later.\n                  10.2.8 through 10.2.10-h*    Upgrade to 10.2.10-h37 or 10.2.18-h5 or later.\n                  10.2.0 through 10.2.7-h*     Upgrade to 10.2.7-h35 or 10.2.18-h5 or later.\nAll other older                                Upgrade to a supported fixed version.\nunsupported\nPAN-OS versions\nPrisma Access                                  No action needed."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-10T16:00:00.000Z",
              "value": "Initial publication."
            }
          ],
          "title": "PAN-OS: Privilege Escalation (PE) Vulnerability in the Command Line Interface (CLI)",
          "workarounds": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eThe vast majority of firewalls already follow Palo Alto Networks\u0027 and industry best practices. However, if you have not already, we strongly recommend that you secure access to your management interface according to our \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"\u003ebest practice deployment guidelines\u003c/a\u003e. Specifically, you should restrict management interface access to only trusted internal IP addresses.\u003c/p\u003e\u003cp\u003eReview information about how to secure management access to your Palo Alto Networks firewalls:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"\u003ePalo Alto Networks LIVEcommunity article\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices\"\u003ePalo Alto Networks official and detailed technical documentation\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e"
                }
              ],
              "value": "The vast majority of firewalls already follow Palo Alto Networks\u0027 and industry best practices. However, if you have not already, we strongly recommend that you secure access to your management interface according to our best practice deployment guidelines (https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431). Specifically, you should restrict management interface access to only trusted internal IP addresses.\n\nReview information about how to secure management access to your Palo Alto Networks firewalls:\n\n * Palo Alto Networks LIVEcommunity article (https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431)\n * Palo Alto Networks official and detailed technical documentation (https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices)"
            }
          ],
          "x_affectedList": [
            "PAN-OS 12.1.4-h6",
            "PAN-OS 12.1.4-h5",
            "PAN-OS 12.1.4-h3",
            "PAN-OS 12.1.4-h2",
            "PAN-OS 12.1.4",
            "PAN-OS 12.1.3-h3",
            "PAN-OS 12.1.3-h1",
            "PAN-OS 12.1.3",
            "PAN-OS 12.1.2",
            "PAN-OS 11.2.10-h8",
            "PAN-OS 11.2.10-h7",
            "PAN-OS 11.2.10-h6",
            "PAN-OS 11.2.10-h5",
            "PAN-OS 11.2.10-h4",
            "PAN-OS 11.2.10-h3",
            "PAN-OS 11.2.10-h2",
            "PAN-OS 11.2.10-h1",
            "PAN-OS 11.2.10",
            "PAN-OS 11.2.9",
            "PAN-OS 11.2.8",
            "PAN-OS 11.2.7-h15",
            "PAN-OS 11.2.7-h14",
            "PAN-OS 11.2.7-h13",
            "PAN-OS 11.2.7-h12",
            "PAN-OS 11.2.7-h11",
            "PAN-OS 11.2.7-h10",
            "PAN-OS 11.2.7-h8",
            "PAN-OS 11.2.7-h7",
            "PAN-OS 11.2.7-h4",
            "PAN-OS 11.2.7-h3",
            "PAN-OS 11.2.7-h2",
            "PAN-OS 11.2.7-h1",
            "PAN-OS 11.2.7",
            "PAN-OS 11.2.6",
            "PAN-OS 11.2.5",
            "PAN-OS 11.2.4-h17",
            "PAN-OS 11.2.4-h15",
            "PAN-OS 11.2.4-h14",
            "PAN-OS 11.2.4-h12",
            "PAN-OS 11.2.4-h11",
            "PAN-OS 11.2.4-h10",
            "PAN-OS 11.2.4-h9",
            "PAN-OS 11.2.4-h8",
            "PAN-OS 11.2.4-h7",
            "PAN-OS 11.2.4-h6",
            "PAN-OS 11.2.4-h5",
            "PAN-OS 11.2.4-h4",
            "PAN-OS 11.2.4-h3",
            "PAN-OS 11.2.4-h2",
            "PAN-OS 11.2.4-h1",
            "PAN-OS 11.2.4",
            "PAN-OS 11.2.3-h5",
            "PAN-OS 11.2.3-h4",
            "PAN-OS 11.2.3-h3",
            "PAN-OS 11.2.3-h2",
            "PAN-OS 11.2.3-h1",
            "PAN-OS 11.2.3",
            "PAN-OS 11.2.2-h2",
            "PAN-OS 11.2.2-h1",
            "PAN-OS 11.2.1-h1",
            "PAN-OS 11.2.1",
            "PAN-OS 11.2.0-h1",
            "PAN-OS 11.2.0",
            "PAN-OS 11.1.13-h6",
            "PAN-OS 11.1.13-h5",
            "PAN-OS 11.1.13-h3",
            "PAN-OS 11.1.13-h2",
            "PAN-OS 11.1.13-h1",
            "PAN-OS 11.1.13",
            "PAN-OS 11.1.12",
            "PAN-OS 11.1.11",
            "PAN-OS 11.1.10-h26",
            "PAN-OS 11.1.10-h25",
            "PAN-OS 11.1.10-h21",
            "PAN-OS 11.1.10-h12",
            "PAN-OS 11.1.10-h10",
            "PAN-OS 11.1.10-h9",
            "PAN-OS 11.1.10-h7",
            "PAN-OS 11.1.10-h5",
            "PAN-OS 11.1.10-h4",
            "PAN-OS 11.1.10-h1",
            "PAN-OS 11.1.10",
            "PAN-OS 11.1.9",
            "PAN-OS 11.1.8",
            "PAN-OS 11.1.6-h32",
            "PAN-OS 11.1.6-h29",
            "PAN-OS 11.1.6-h25",
            "PAN-OS 11.1.6-h23",
            "PAN-OS 11.1.6-h22",
            "PAN-OS 11.1.6-h21",
            "PAN-OS 11.1.6-h20",
            "PAN-OS 11.1.6-h19",
            "PAN-OS 11.1.6-h18",
            "PAN-OS 11.1.6-h17",
            "PAN-OS 11.1.6-h14",
            "PAN-OS 11.1.6-h10",
            "PAN-OS 11.1.6-h7",
            "PAN-OS 11.1.6-h6",
            "PAN-OS 11.1.6-h4",
            "PAN-OS 11.1.6-h3",
            "PAN-OS 11.1.6-h2",
            "PAN-OS 11.1.6-h1",
            "PAN-OS 11.1.6",
            "PAN-OS 11.1.5-h1",
            "PAN-OS 11.1.5",
            "PAN-OS 11.1.4-h33",
            "PAN-OS 11.1.4-h32",
            "PAN-OS 11.1.4-h27",
            "PAN-OS 11.1.4-h25",
            "PAN-OS 11.1.4-h18",
            "PAN-OS 11.1.4-h17",
            "PAN-OS 11.1.4-h15",
            "PAN-OS 11.1.4-h13",
            "PAN-OS 11.1.4-h12",
            "PAN-OS 11.1.4-h11",
            "PAN-OS 11.1.4-h10",
            "PAN-OS 11.1.4-h9",
            "PAN-OS 11.1.4-h8",
            "PAN-OS 11.1.4-h7",
            "PAN-OS 11.1.4-h6",
            "PAN-OS 11.1.4-h5",
            "PAN-OS 11.1.4-h4",
            "PAN-OS 11.1.4-h3",
            "PAN-OS 11.1.4-h2",
            "PAN-OS 11.1.4-h1",
            "PAN-OS 11.1.4",
            "PAN-OS 11.1.3-h13",
            "PAN-OS 11.1.3-h12",
            "PAN-OS 11.1.3-h11",
            "PAN-OS 11.1.3-h10",
            "PAN-OS 11.1.3-h9",
            "PAN-OS 11.1.3-h8",
            "PAN-OS 11.1.3-h7",
            "PAN-OS 11.1.3-h6",
            "PAN-OS 11.1.3-h5",
            "PAN-OS 11.1.3-h4",
            "PAN-OS 11.1.3-h3",
            "PAN-OS 11.1.3-h2",
            "PAN-OS 11.1.3-h1",
            "PAN-OS 11.1.3",
            "PAN-OS 11.1.2-h18",
            "PAN-OS 11.1.2-h17",
            "PAN-OS 11.1.2-h16",
            "PAN-OS 11.1.2-h15",
            "PAN-OS 11.1.2-h14",
            "PAN-OS 11.1.2-h13",
            "PAN-OS 11.1.2-h12",
            "PAN-OS 11.1.2-h11",
            "PAN-OS 11.1.2-h10",
            "PAN-OS 11.1.2-h9",
            "PAN-OS 11.1.2-h8",
            "PAN-OS 11.1.2-h7",
            "PAN-OS 11.1.2-h6",
            "PAN-OS 11.1.2-h5",
            "PAN-OS 11.1.2-h4",
            "PAN-OS 11.1.2-h3",
            "PAN-OS 11.1.2-h2",
            "PAN-OS 11.1.2-h1",
            "PAN-OS 11.1.2",
            "PAN-OS 11.1.1-h2",
            "PAN-OS 11.1.1-h1",
            "PAN-OS 11.1.1",
            "PAN-OS 11.1.0-h4",
            "PAN-OS 11.1.0-h3",
            "PAN-OS 11.1.0-h2",
            "PAN-OS 11.1.0-h1",
            "PAN-OS 11.1.0",
            "PAN-OS 10.2.18-h1",
            "PAN-OS 10.2.18",
            "PAN-OS 10.2.17",
            "PAN-OS 10.2.16-h7",
            "PAN-OS 10.2.16-h6",
            "PAN-OS 10.2.16-h4",
            "PAN-OS 10.2.16-h1",
            "PAN-OS 10.2.16",
            "PAN-OS 10.2.15",
            "PAN-OS 10.2.14-h1",
            "PAN-OS 10.2.14",
            "PAN-OS 10.2.13-h21",
            "PAN-OS 10.2.13-h18",
            "PAN-OS 10.2.13-h16",
            "PAN-OS 10.2.13-h15",
            "PAN-OS 10.2.13-h10",
            "PAN-OS 10.2.13-h7",
            "PAN-OS 10.2.13-h5",
            "PAN-OS 10.2.13-h4",
            "PAN-OS 10.2.13-h3",
            "PAN-OS 10.2.13-h2",
            "PAN-OS 10.2.13-h1",
            "PAN-OS 10.2.13",
            "PAN-OS 10.2.12-h6",
            "PAN-OS 10.2.12-h5",
            "PAN-OS 10.2.12-h4",
            "PAN-OS 10.2.12-h3",
            "PAN-OS 10.2.12-h2",
            "PAN-OS 10.2.12-h1",
            "PAN-OS 10.2.12",
            "PAN-OS 10.2.11-h13",
            "PAN-OS 10.2.11-h12",
            "PAN-OS 10.2.11-h11",
            "PAN-OS 10.2.11-h10",
            "PAN-OS 10.2.11-h9",
            "PAN-OS 10.2.11-h8",
            "PAN-OS 10.2.11-h7",
            "PAN-OS 10.2.11-h6",
            "PAN-OS 10.2.11-h5",
            "PAN-OS 10.2.11-h4",
            "PAN-OS 10.2.11-h3",
            "PAN-OS 10.2.11-h2",
            "PAN-OS 10.2.11-h1",
            "PAN-OS 10.2.11",
            "PAN-OS 10.2.10-h36",
            "PAN-OS 10.2.10-h31",
            "PAN-OS 10.2.10-h30",
            "PAN-OS 10.2.10-h27",
            "PAN-OS 10.2.10-h26",
            "PAN-OS 10.2.10-h23",
            "PAN-OS 10.2.10-h21",
            "PAN-OS 10.2.10-h18",
            "PAN-OS 10.2.10-h17",
            "PAN-OS 10.2.10-h14",
            "PAN-OS 10.2.10-h13",
            "PAN-OS 10.2.10-h12",
            "PAN-OS 10.2.10-h11",
            "PAN-OS 10.2.10-h10",
            "PAN-OS 10.2.10-h9",
            "PAN-OS 10.2.10-h8",
            "PAN-OS 10.2.10-h7",
            "PAN-OS 10.2.10-h6",
            "PAN-OS 10.2.10-h5",
            "PAN-OS 10.2.10-h4",
            "PAN-OS 10.2.10-h3",
            "PAN-OS 10.2.10-h2",
            "PAN-OS 10.2.10-h1",
            "PAN-OS 10.2.10",
            "PAN-OS 10.2.9-h21",
            "PAN-OS 10.2.9-h20",
            "PAN-OS 10.2.9-h19",
            "PAN-OS 10.2.9-h18",
            "PAN-OS 10.2.9-h17",
            "PAN-OS 10.2.9-h16",
            "PAN-OS 10.2.9-h15",
            "PAN-OS 10.2.9-h14",
            "PAN-OS 10.2.9-h13",
            "PAN-OS 10.2.9-h12",
            "PAN-OS 10.2.9-h11",
            "PAN-OS 10.2.9-h10",
            "PAN-OS 10.2.9-h9",
            "PAN-OS 10.2.9-h8",
            "PAN-OS 10.2.9-h7",
            "PAN-OS 10.2.9-h6",
            "PAN-OS 10.2.9-h5",
            "PAN-OS 10.2.9-h4",
            "PAN-OS 10.2.9-h3",
            "PAN-OS 10.2.9-h2",
            "PAN-OS 10.2.9-h1",
            "PAN-OS 10.2.9",
            "PAN-OS 10.2.8-h21",
            "PAN-OS 10.2.8-h20",
            "PAN-OS 10.2.8-h19",
            "PAN-OS 10.2.8-h18",
            "PAN-OS 10.2.8-h17",
            "PAN-OS 10.2.8-h16",
            "PAN-OS 10.2.8-h15",
            "PAN-OS 10.2.8-h14",
            "PAN-OS 10.2.8-h13",
            "PAN-OS 10.2.8-h12",
            "PAN-OS 10.2.8-h11",
            "PAN-OS 10.2.8-h10",
            "PAN-OS 10.2.8-h9",
            "PAN-OS 10.2.8-h8",
            "PAN-OS 10.2.8-h7",
            "PAN-OS 10.2.8-h6",
            "PAN-OS 10.2.8-h5",
            "PAN-OS 10.2.8-h4",
            "PAN-OS 10.2.8-h3",
            "PAN-OS 10.2.8-h2",
            "PAN-OS 10.2.8-h1",
            "PAN-OS 10.2.8",
            "PAN-OS 10.2.7-h34",
            "PAN-OS 10.2.7-h32",
            "PAN-OS 10.2.7-h24",
            "PAN-OS 10.2.7-h23",
            "PAN-OS 10.2.7-h22",
            "PAN-OS 10.2.7-h21",
            "PAN-OS 10.2.7-h20",
            "PAN-OS 10.2.7-h19",
            "PAN-OS 10.2.7-h18",
            "PAN-OS 10.2.7-h17",
            "PAN-OS 10.2.7-h16",
            "PAN-OS 10.2.7-h15",
            "PAN-OS 10.2.7-h14",
            "PAN-OS 10.2.7-h13",
            "PAN-OS 10.2.7-h12",
            "PAN-OS 10.2.7-h11",
            "PAN-OS 10.2.7-h10",
            "PAN-OS 10.2.7-h9",
            "PAN-OS 10.2.7-h8",
            "PAN-OS 10.2.7-h7",
            "PAN-OS 10.2.7-h6",
            "PAN-OS 10.2.7-h5",
            "PAN-OS 10.2.7-h4",
            "PAN-OS 10.2.7-h3",
            "PAN-OS 10.2.7-h2",
            "PAN-OS 10.2.7-h1",
            "PAN-OS 10.2.7",
            "PAN-OS 10.2.6-h6",
            "PAN-OS 10.2.6-h5",
            "PAN-OS 10.2.6-h4",
            "PAN-OS 10.2.6-h3",
            "PAN-OS 10.2.6-h2",
            "PAN-OS 10.2.6-h1",
            "PAN-OS 10.2.6",
            "PAN-OS 10.2.5-h9",
            "PAN-OS 10.2.5-h8",
            "PAN-OS 10.2.5-h7",
            "PAN-OS 10.2.5-h6",
            "PAN-OS 10.2.5-h5",
            "PAN-OS 10.2.5-h4",
            "PAN-OS 10.2.5-h3",
            "PAN-OS 10.2.5-h2",
            "PAN-OS 10.2.5-h1",
            "PAN-OS 10.2.5",
            "PAN-OS 10.2.4-h32",
            "PAN-OS 10.2.4-h31",
            "PAN-OS 10.2.4-h30",
            "PAN-OS 10.2.4-h29",
            "PAN-OS 10.2.4-h28",
            "PAN-OS 10.2.4-h27",
            "PAN-OS 10.2.4-h26",
            "PAN-OS 10.2.4-h25",
            "PAN-OS 10.2.4-h24",
            "PAN-OS 10.2.4-h23",
            "PAN-OS 10.2.4-h22",
            "PAN-OS 10.2.4-h21",
            "PAN-OS 10.2.4-h20",
            "PAN-OS 10.2.4-h19",
            "PAN-OS 10.2.4-h18",
            "PAN-OS 10.2.4-h17",
            "PAN-OS 10.2.4-h16",
            "PAN-OS 10.2.4-h15",
            "PAN-OS 10.2.4-h14",
            "PAN-OS 10.2.4-h13",
            "PAN-OS 10.2.4-h12",
            "PAN-OS 10.2.4-h11",
            "PAN-OS 10.2.4-h10",
            "PAN-OS 10.2.4-h9",
            "PAN-OS 10.2.4-h8",
            "PAN-OS 10.2.4-h7",
            "PAN-OS 10.2.4-h6",
            "PAN-OS 10.2.4-h5",
            "PAN-OS 10.2.4-h4",
            "PAN-OS 10.2.4-h3",
            "PAN-OS 10.2.4-h2",
            "PAN-OS 10.2.4-h1",
            "PAN-OS 10.2.4",
            "PAN-OS 10.2.3-h14",
            "PAN-OS 10.2.3-h13",
            "PAN-OS 10.2.3-h12",
            "PAN-OS 10.2.3-h11",
            "PAN-OS 10.2.3-h10",
            "PAN-OS 10.2.3-h9",
            "PAN-OS 10.2.3-h8",
            "PAN-OS 10.2.3-h7",
            "PAN-OS 10.2.3-h6",
            "PAN-OS 10.2.3-h5",
            "PAN-OS 10.2.3-h4",
            "PAN-OS 10.2.3-h3",
            "PAN-OS 10.2.3-h2",
            "PAN-OS 10.2.3-h1",
            "PAN-OS 10.2.3",
            "PAN-OS 10.2.2-h6",
            "PAN-OS 10.2.2-h5",
            "PAN-OS 10.2.2-h4",
            "PAN-OS 10.2.2-h3",
            "PAN-OS 10.2.2-h2",
            "PAN-OS 10.2.2-h1",
            "PAN-OS 10.2.2",
            "PAN-OS 10.2.1-h3",
            "PAN-OS 10.2.1-h2",
            "PAN-OS 10.2.1-h1",
            "PAN-OS 10.2.1",
            "PAN-OS 10.2.0-h4",
            "PAN-OS 10.2.0-h3",
            "PAN-OS 10.2.0-h2",
            "PAN-OS 10.2.0-h1",
            "PAN-OS 10.2.0"
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "assignerShortName": "palo_alto",
        "cveId": "CVE-2026-0272",
        "datePublished": "2026-06-10T21:01:10.714Z",
        "dateReserved": "2025-11-03T20:44:31.995Z",
        "dateUpdated": "2026-06-11T10:17:40.792Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0271 (GCVE-0-2026-0271)

    Vulnerability from cvelistv5 – Published: 2026-06-10 20:59 – Updated: 2026-06-11 13:48
    VLAI
    Title
    Prisma Access Agent: Local Privilege Escalation by Authorized Users
    Summary
    A privilege escalation (PE) vulnerability in the Palo Alto Networks Prisma Access Agent app on Linux devices enables a local user to execute code with elevated privileges. This does not impact Prisma Access Agent on Windows, macOS, iOS, Android, or ChromeOS.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-732 - Incorrect Permission Assignment for Critical Resource
    Assigner
    References
    Impacted products
    Date Public
    2026-06-10 16:00
    Credits
    Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0271",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-11T13:48:10.520535Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-11T13:48:17.999Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux"
              ],
              "product": "Prisma Access Agent",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "26.2.1",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "26.2.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "macOS",
                "Windows",
                "iOS",
                "Android",
                "Chrome OS"
              ],
              "product": "Prisma Access Agent",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "configurations": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "No special configuration is required to be affected by this issue."
                }
              ],
              "value": "No special configuration is required to be affected by this issue."
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:palo_alto_networks:prisma_access_agent:*:*:*:*:*:Linux:*:*",
                      "versionEndExcluding": "26.2.1",
                      "versionStartIncluding": "26.2.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "other",
              "value": "Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue."
            }
          ],
          "datePublic": "2026-06-10T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eA privilege escalation (PE) vulnerability in the Palo Alto Networks Prisma Access Agent app on Linux devices enables a local user to execute code with elevated privileges.\u003c/p\u003e\u003cp\u003eThis does not impact Prisma Access Agent on Windows, macOS, iOS, Android, or ChromeOS.\u003c/p\u003e"
                }
              ],
              "value": "A privilege escalation (PE) vulnerability in the Palo Alto Networks Prisma Access Agent app on Linux devices enables a local user to execute code with elevated privileges.\n\n\n\nThis does not impact Prisma Access Agent on Windows, macOS, iOS, Android, or ChromeOS."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
                }
              ],
              "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-233",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-233 Privilege Escalation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NO",
                "Recovery": "AUTOMATIC",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "UNREPORTED",
                "privilegesRequired": "LOW",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:A/V:D/RE:M/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-732",
                  "description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-10T20:59:51.879Z",
            "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
            "shortName": "palo_alto"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.paloaltonetworks.com/CVE-2026-0271"
            }
          ],
          "solutions": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003ctable class=\"tbl\"\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eVersion\u003cbr\u003e\u003c/th\u003e\u003cth\u003eMinor Version\u003cbr\u003e\u003c/th\u003e\u003cth\u003eSuggested Solution\u003cbr\u003e\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\n                                    \u003ctd\u003ePrisma Access Agent on Linux\u003cbr\u003e\u003c/td\u003e\n                                    \u003ctd\u003e25.7 through 26.2.0\u003c/td\u003e\n                                    \u003ctd\u003eUpgrade to 26.2.1 or later.\u003c/td\u003e\n                                \u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePrisma Access Agent All on macOS\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePrisma Access Agent All on Windows\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePrisma Access Agent All on iOS\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePrisma Access Agent All on Android\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePrisma Access Agent All on Chrome OS\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e"
                }
              ],
              "value": "VERSION                                MINOR VERSION         SUGGESTED SOLUTION\nPrisma Access Agent on Linux           25.7 through 26.2.0   Upgrade to 26.2.1 or later.\nPrisma Access Agent All on macOS                             No action needed.\nPrisma Access Agent All on Windows                           No action needed.\nPrisma Access Agent All on iOS                               No action needed.\nPrisma Access Agent All on Android                           No action needed.\nPrisma Access Agent All on Chrome OS                         No action needed."
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-10T16:00:00.000Z",
              "value": "Initial publication."
            }
          ],
          "title": "Prisma Access Agent: Local Privilege Escalation by Authorized Users",
          "workarounds": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "No known workarounds exist for this issue."
                }
              ],
              "value": "No known workarounds exist for this issue."
            }
          ],
          "x_affectedList": [
            "Prisma Access Agent   26.2.0"
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "assignerShortName": "palo_alto",
        "cveId": "CVE-2026-0271",
        "datePublished": "2026-06-10T20:59:51.879Z",
        "dateReserved": "2025-11-03T20:44:31.121Z",
        "dateUpdated": "2026-06-11T13:48:17.999Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0270 (GCVE-0-2026-0270)

    Vulnerability from cvelistv5 – Published: 2026-06-10 20:59 – Updated: 2026-06-12 03:55
    VLAI
    Title
    Cortex XSOAR: Path Traversal Vulnerability
    Summary
    A path traversal vulnerability in Palo Alto Networks Cortex XSOAR engine software running on Linux allows an unauthenticated attacker on an adjacent network, with the ability to intercept and manipulate network response traffic via a man-in-the-middle (MITM) attack, to write arbitrary files to the host.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Palo Alto Networks Cortex XSOAR Affected: 8.13 , < 8.13.0.11 (custom)
    Create a notification for this product.
    Palo Alto Networks Cortex XSOAR Affected: 8.12.0 (custom)
    Affected: 8.11.0 (custom)
    Affected: 8.10.0 (custom)
    Unaffected: 6.14.0 (custom)
    Unaffected: 6.13.0 (custom)
    Unaffected: 6.12.0 (custom)
    Create a notification for this product.
    Date Public
    2026-06-10 16:00
    Credits
    Palo Alto Networks thanks the internal security team for discovering and reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0270",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-11T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-12T03:55:34.115Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux"
              ],
              "product": "Cortex XSOAR",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "8.13.0.11",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "8.13.0.11",
                  "status": "affected",
                  "version": "8.13",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Cortex XSOAR",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.12.0",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "8.11.0",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "8.10.0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "6.14.0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "6.13.0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "6.12.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "configurations": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "No special configuration is required."
                }
              ],
              "value": "No special configuration is required."
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:palo_alto_networks:cortex_xsoar:*:*:*:*:*:Linux:*:*",
                      "versionEndExcluding": "8.13.0.11",
                      "versionStartIncluding": "8.13.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:palo_alto_networks:cortex_xsoar:*:*:*:*:*:*:*:*",
                      "versionStartIncluding": "8.12.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:palo_alto_networks:cortex_xsoar:*:*:*:*:*:*:*:*",
                      "versionStartIncluding": "8.11.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:palo_alto_networks:cortex_xsoar:*:*:*:*:*:*:*:*",
                      "versionStartIncluding": "8.10.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Palo Alto Networks thanks the internal security team for discovering and reporting this issue."
            }
          ],
          "datePublic": "2026-06-10T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003e\u003c/p\u003eA path traversal vulnerability in Palo Alto Networks Cortex XSOAR engine software running on Linux  allows an unauthenticated attacker on an adjacent network, with the ability to intercept and manipulate network response traffic via a man-in-the-middle (MITM) attack, to write arbitrary files to the host.\u003cbr\u003e\u003cp\u003e\u003c/p\u003e"
                }
              ],
              "value": "A path traversal vulnerability in Palo Alto Networks Cortex XSOAR engine software running on Linux  allows an unauthenticated attacker on an adjacent network, with the ability to intercept and manipulate network response traffic via a man-in-the-middle (MITM) attack, to write arbitrary files to the host."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
                }
              ],
              "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-88",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-88 OS Command Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "USER",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "ADJACENT",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "UNREPORTED",
                "privilegesRequired": "NONE",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:Y/R:U/V:D/RE:M/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-10T20:59:00.350Z",
            "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
            "shortName": "palo_alto"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.paloaltonetworks.com/CVE-2026-0270"
            },
            {
              "name": "CVE-2007-4559: Python tarfile module path traversal",
              "tags": [
                "related",
                "third-party-advisory"
              ],
              "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-4559"
            }
          ],
          "solutions": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003ctable\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eVersion\u003cbr\u003e\u003c/th\u003e\u003cth\u003eMinor Version\u003cbr\u003e\u003c/th\u003e\u003cth\u003eSuggested Solution\u003cbr\u003e\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\n                                    \u003ctd\u003eCortex XSOAR 8.13 on Linux\u003cbr\u003e\u003c/td\u003e\n                                    \u003ctd\u003e8.13.0\u003c/td\u003e\n                                    \u003ctd\u003eUpgrade to 8.13.0.11 or later.\u003c/td\u003e\n                                \u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e"
                }
              ],
              "value": "VERSION                      MINOR VERSION   SUGGESTED SOLUTION\nCortex XSOAR 8.13 on Linux   8.13.0          Upgrade to 8.13.0.11 or later."
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "timeline": [
            {
              "lang": "eng",
              "time": "2026-06-10T16:00:00.000Z",
              "value": "Initial publication"
            }
          ],
          "title": "Cortex XSOAR: Path Traversal Vulnerability",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Palo Alto Networks is not aware of any malicious exploitation of these issues."
                }
              ],
              "value": "Palo Alto Networks is not aware of any malicious exploitation of these issues."
            }
          ],
          "x_affectedList": [
            "Cortex XSOAR 8.13.0"
          ],
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "assignerShortName": "palo_alto",
        "cveId": "CVE-2026-0270",
        "datePublished": "2026-06-10T20:59:00.350Z",
        "dateReserved": "2025-11-03T20:44:30.311Z",
        "dateUpdated": "2026-06-12T03:55:34.115Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }