Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2026-AVI-0596
Vulnerability from certfr_avis - Published: 2026-05-15 - Updated: 2026-05-15
De multiples vulnérabilités ont été découvertes dans les produits Palo Alto Networks. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
L'éditeur indique que des correctifs seront publiés le 28 mai 2026.
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Palo Alto Networks | N/A | WildFire WF-500 et WF-500-B versions 12.1.4 antérieures à 12.1.4-h5 | ||
| Palo Alto Networks | GlobalProtect App | GlobalProtect App versions 6.0.x antérieures à 6.0.14 pour Android et ChromeOS | ||
| Palo Alto Networks | Prisma Access Browser | Prisma Access versions 10.2.x antérieures à 10.2.10-h36 | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 11.2.12 | ||
| Palo Alto Networks | N/A | Prisma SD-WAN ION versions 6.3.x antérieures à 6.3.6-b10 | ||
| Palo Alto Networks | N/A | WildFire WF-500 et WF-500-B versions 11.1.13 antérieures à 11.1.13-h5 | ||
| Palo Alto Networks | GlobalProtect App | GlobalProtect App versions 6.0.x antérieures à 6.0.11 pour Linux | ||
| Palo Alto Networks | N/A | WildFire WF-500 et WF-500-B versions 11.2.10 antérieures à 11.2.10-h6 | ||
| Palo Alto Networks | GlobalProtect App | GlobalProtect App versions 6.1.x antérieures à 6.1.13 pour Android et ChomeOS | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 11.2.7 antérieures à 11.2.7-h14 | ||
| Palo Alto Networks | Prisma Access Browser | Prisma Access Agent versions 25.x et 26.x antérieures à 26.2.1 pour Android et ChromeOS | ||
| Palo Alto Networks | N/A | WildFire WF-500 et WF-500-B versions 10.2.7 antérieures à 10.2.7-h34 | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 11.2.4 antérieures à 11.2.4-h17 | ||
| Palo Alto Networks | N/A | WildFire WF-500 et WF-500-B versions 11.1.6 antérieures à 11.1.6-h32 | ||
| Palo Alto Networks | N/A | Prisma SD-WAN ION versions 6.5.x antérieures à 6.5.3-b15 | ||
| Palo Alto Networks | N/A | WildFire WF-500 et WF-500-B versions 10.2.13 antérieures à 10.2.13-h21 | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 11.1.15 | ||
| Palo Alto Networks | N/A | Prisma SD-WAN ION versions 6.4.x antérieures à 6.4.3-b8 | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 10.2.7 antérieures à 10.2.7-h34 | ||
| Palo Alto Networks | N/A | Chronosphere Chronocollector versions antérieures à v0.116.0 | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 12.1.7 | ||
| Palo Alto Networks | N/A | Broker VM versions 30.0.x antérieures à 30.0.24 | ||
| Palo Alto Networks | N/A | WildFire WF-500 et WF-500-B versions 11.1.7 antérieures à 11.1.7-h6 | ||
| Palo Alto Networks | N/A | WildFire WF-500 et WF-500-B versions 11.1.10 antérieures à 11.1.10-h25 | ||
| Palo Alto Networks | N/A | Trust Protection Foundation versions 24.1.x antérieures à 24.1.13 | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 11.1.10 antérieures à 11.1.10-h25 | ||
| Palo Alto Networks | N/A | WildFire WF-500 et WF-500-B versions 11.2.12 | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 11.2.10 antérieures à 11.2.10-h7 | ||
| Palo Alto Networks | GlobalProtect App | GlobalProtect App versions 6.0.x antérieures à 6.0.13 pour macOS et Windows | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 10.2.16 antérieures à 10.2.16-h7 | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 11.1.7 antérieures à 11.1.7-h6 | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 12.1.4 antérieures à 12.1.4-h5 | ||
| Palo Alto Networks | Prisma Access Browser | Prisma Browser versions antérieures à 148.6.3.96 | ||
| Palo Alto Networks | N/A | Trust Protection Foundation versions 24.3.x antérieures à 24.3.6 | ||
| Palo Alto Networks | N/A | WildFire WF-500 et WF-500-B versions 11.1.4 antérieures à 11.1.4-h33 | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 11.1.4 antérieures à 11.1.4-h33 | ||
| Palo Alto Networks | N/A | WildFire WF-500 et WF-500-B versions 10.2.10 antérieures à 10.2.10-h36 | ||
| Palo Alto Networks | N/A | WildFire WF-500 et WF-500-B versions 10.2.18 antérieures à 10.2.18-h6 | ||
| Palo Alto Networks | N/A | Trust Protection Foundation versions 25.3.x antérieures à 25.3.3 | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 12.1.4 antérieures à 12.1.4-h6 | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 11.2.10 antérieures à 11.2.10-h6 | ||
| Palo Alto Networks | Prisma Access Browser | Prisma Access Agent (Endpoint DLP) versions 25.x à 26.x antérieures à 26.2.1 pour Windows et macOS | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 10.2.18 antérieures à 10.2.18-h6 | ||
| Palo Alto Networks | Prisma Access Browser | Prisma Access versions 11.2.x antérieures à 11.2.7-h13 | ||
| Palo Alto Networks | N/A | WildFire WF-500 et WF-500-B versions 10.2.16 antérieures à 10.2.16-h7 | ||
| Palo Alto Networks | GlobalProtect App | GlobalProtect App versions 6.3.x antérieures à 6.3.3-h2 pour Linux | ||
| Palo Alto Networks | N/A | GlobalProtect UWP App versions 6.3 antérieures à 6.3.3-h10 | ||
| Palo Alto Networks | N/A | WildFire WF-500 et WF-500-B versions 11.1.15 | ||
| Palo Alto Networks | GlobalProtect App | GlobalProtect App versions 6.3.x antérieures à 6.3.3-h10 pour Windows et macOS | ||
| Palo Alto Networks | N/A | WildFire WF-500 et WF-500-B versions 11.2.7 antérieures à 11.2.7-h13 | ||
| Palo Alto Networks | GlobalProtect App | GlobalProtect App versions 6.2.x antérieures à 6.2.8-h10 (6.2.8-948) | ||
| Palo Alto Networks | N/A | WildFire WF-500 et WF-500-B versions 11.2.4 antérieures à 11.2.4-h17 | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 11.1.6 antérieures à 11.1.6-h32 | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 11.1.13 antérieures à 11.1.13-h5 | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 10.2.10 antérieures à 10.2.10-h36 | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 11.2.7 antérieures à 11.2.7-h13 | ||
| Palo Alto Networks | N/A | WildFire WF-500 et WF-500-B versions 12.1.7 | ||
| Palo Alto Networks | N/A | Trust Protection Foundation versions 25.1.x antérieures à 25.1.8 | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 10.2.13 antérieures à 10.2.13-h21 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "WildFire WF-500 et WF-500-B versions 12.1.4 ant\u00e9rieures \u00e0 12.1.4-h5",
"product": {
"name": "N/A",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "GlobalProtect App versions 6.0.x ant\u00e9rieures \u00e0 6.0.14 pour Android et ChromeOS",
"product": {
"name": "GlobalProtect App",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Prisma Access versions 10.2.x ant\u00e9rieures \u00e0 10.2.10-h36",
"product": {
"name": "Prisma Access Browser",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 11.2.12",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Prisma SD-WAN ION versions 6.3.x ant\u00e9rieures \u00e0 6.3.6-b10",
"product": {
"name": "N/A",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "WildFire WF-500 et WF-500-B versions 11.1.13 ant\u00e9rieures \u00e0 11.1.13-h5",
"product": {
"name": "N/A",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "GlobalProtect App versions 6.0.x ant\u00e9rieures \u00e0 6.0.11 pour Linux",
"product": {
"name": "GlobalProtect App",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "WildFire WF-500 et WF-500-B versions 11.2.10 ant\u00e9rieures \u00e0 11.2.10-h6",
"product": {
"name": "N/A",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "GlobalProtect App versions 6.1.x ant\u00e9rieures \u00e0 6.1.13 pour Android et ChomeOS",
"product": {
"name": "GlobalProtect App",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 11.2.7 ant\u00e9rieures \u00e0 11.2.7-h14",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Prisma Access Agent versions 25.x et 26.x ant\u00e9rieures \u00e0 26.2.1 pour Android et ChromeOS",
"product": {
"name": "Prisma Access Browser",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "WildFire WF-500 et WF-500-B versions 10.2.7 ant\u00e9rieures \u00e0 10.2.7-h34",
"product": {
"name": "N/A",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 11.2.4 ant\u00e9rieures \u00e0 11.2.4-h17",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "WildFire WF-500 et WF-500-B versions 11.1.6 ant\u00e9rieures \u00e0 11.1.6-h32",
"product": {
"name": "N/A",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Prisma SD-WAN ION versions 6.5.x ant\u00e9rieures \u00e0 6.5.3-b15",
"product": {
"name": "N/A",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "WildFire WF-500 et WF-500-B versions 10.2.13 ant\u00e9rieures \u00e0 10.2.13-h21",
"product": {
"name": "N/A",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 11.1.15",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Prisma SD-WAN ION versions 6.4.x ant\u00e9rieures \u00e0 6.4.3-b8",
"product": {
"name": "N/A",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 10.2.7 ant\u00e9rieures \u00e0 10.2.7-h34",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Chronosphere Chronocollector versions ant\u00e9rieures \u00e0 v0.116.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 12.1.7",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Broker VM versions 30.0.x ant\u00e9rieures \u00e0 30.0.24",
"product": {
"name": "N/A",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "WildFire WF-500 et WF-500-B versions 11.1.7 ant\u00e9rieures \u00e0 11.1.7-h6",
"product": {
"name": "N/A",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "WildFire WF-500 et WF-500-B versions 11.1.10 ant\u00e9rieures \u00e0 11.1.10-h25",
"product": {
"name": "N/A",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Trust Protection Foundation versions 24.1.x ant\u00e9rieures \u00e0 24.1.13",
"product": {
"name": "N/A",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 11.1.10 ant\u00e9rieures \u00e0 11.1.10-h25",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "WildFire WF-500 et WF-500-B versions 11.2.12",
"product": {
"name": "N/A",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 11.2.10 ant\u00e9rieures \u00e0 11.2.10-h7",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "GlobalProtect App versions 6.0.x ant\u00e9rieures \u00e0 6.0.13 pour macOS et Windows",
"product": {
"name": "GlobalProtect App",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 10.2.16 ant\u00e9rieures \u00e0 10.2.16-h7",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 11.1.7 ant\u00e9rieures \u00e0 11.1.7-h6",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 12.1.4 ant\u00e9rieures \u00e0 12.1.4-h5",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Prisma Browser versions ant\u00e9rieures \u00e0 148.6.3.96",
"product": {
"name": "Prisma Access Browser",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Trust Protection Foundation versions 24.3.x ant\u00e9rieures \u00e0 24.3.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "WildFire WF-500 et WF-500-B versions 11.1.4 ant\u00e9rieures \u00e0 11.1.4-h33",
"product": {
"name": "N/A",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 11.1.4 ant\u00e9rieures \u00e0 11.1.4-h33",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "WildFire WF-500 et WF-500-B versions 10.2.10 ant\u00e9rieures \u00e0 10.2.10-h36",
"product": {
"name": "N/A",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "WildFire WF-500 et WF-500-B versions 10.2.18 ant\u00e9rieures \u00e0 10.2.18-h6",
"product": {
"name": "N/A",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Trust Protection Foundation versions 25.3.x ant\u00e9rieures \u00e0 25.3.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 12.1.4 ant\u00e9rieures \u00e0 12.1.4-h6",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 11.2.10 ant\u00e9rieures \u00e0 11.2.10-h6",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Prisma Access Agent (Endpoint DLP) versions 25.x \u00e0 26.x ant\u00e9rieures \u00e0 26.2.1 pour Windows et macOS",
"product": {
"name": "Prisma Access Browser",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 10.2.18 ant\u00e9rieures \u00e0 10.2.18-h6",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Prisma Access versions 11.2.x ant\u00e9rieures \u00e0 11.2.7-h13",
"product": {
"name": "Prisma Access Browser",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "WildFire WF-500 et WF-500-B versions 10.2.16 ant\u00e9rieures \u00e0 10.2.16-h7",
"product": {
"name": "N/A",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "GlobalProtect App versions 6.3.x ant\u00e9rieures \u00e0 6.3.3-h2 pour Linux",
"product": {
"name": "GlobalProtect App",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "GlobalProtect UWP App versions 6.3 ant\u00e9rieures \u00e0 6.3.3-h10",
"product": {
"name": "N/A",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "WildFire WF-500 et WF-500-B versions 11.1.15",
"product": {
"name": "N/A",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "GlobalProtect App versions 6.3.x ant\u00e9rieures \u00e0 6.3.3-h10 pour Windows et macOS",
"product": {
"name": "GlobalProtect App",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "WildFire WF-500 et WF-500-B versions 11.2.7 ant\u00e9rieures \u00e0 11.2.7-h13",
"product": {
"name": "N/A",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "GlobalProtect App versions 6.2.x ant\u00e9rieures \u00e0 6.2.8-h10 (6.2.8-948)",
"product": {
"name": "GlobalProtect App",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "WildFire WF-500 et WF-500-B versions 11.2.4 ant\u00e9rieures \u00e0 11.2.4-h17",
"product": {
"name": "N/A",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 11.1.6 ant\u00e9rieures \u00e0 11.1.6-h32",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 11.1.13 ant\u00e9rieures \u00e0 11.1.13-h5",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 10.2.10 ant\u00e9rieures \u00e0 10.2.10-h36",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 11.2.7 ant\u00e9rieures \u00e0 11.2.7-h13",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "WildFire WF-500 et WF-500-B versions 12.1.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Trust Protection Foundation versions 25.1.x ant\u00e9rieures \u00e0 25.1.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 10.2.13 ant\u00e9rieures \u00e0 10.2.13-h21",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
}
],
"affected_systems_content": "L\u0027\u00e9diteur indique que des correctifs seront publi\u00e9s le 28 mai 2026.",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-4678",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4678"
},
{
"name": "CVE-2026-4448",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4448"
},
{
"name": "CVE-2026-5914",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5914"
},
{
"name": "CVE-2026-5289",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5289"
},
{
"name": "CVE-2026-4460",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4460"
},
{
"name": "CVE-2026-5886",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5886"
},
{
"name": "CVE-2026-4445",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4445"
},
{
"name": "CVE-2026-5278",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5278"
},
{
"name": "CVE-2026-4444",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4444"
},
{
"name": "CVE-2026-4673",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4673"
},
{
"name": "CVE-2026-0264",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0264"
},
{
"name": "CVE-2026-0241",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0241"
},
{
"name": "CVE-2026-0251",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0251"
},
{
"name": "CVE-2026-4456",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4456"
},
{
"name": "CVE-2026-5272",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5272"
},
{
"name": "CVE-2026-7359",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-7359"
},
{
"name": "CVE-2026-4464",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4464"
},
{
"name": "CVE-2026-8022",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8022"
},
{
"name": "CVE-2026-7361",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-7361"
},
{
"name": "CVE-2026-5291",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5291"
},
{
"name": "CVE-2026-4457",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4457"
},
{
"name": "CVE-2026-4461",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4461"
},
{
"name": "CVE-2026-5876",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5876"
},
{
"name": "CVE-2026-6921",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6921"
},
{
"name": "CVE-2026-4447",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4447"
},
{
"name": "CVE-2026-5284",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5284"
},
{
"name": "CVE-2026-5881",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5881"
},
{
"name": "CVE-2026-5282",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5282"
},
{
"name": "CVE-2026-0249",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0249"
},
{
"name": "CVE-2026-4442",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4442"
},
{
"name": "CVE-2026-0263",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0263"
},
{
"name": "CVE-2026-5283",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5283"
},
{
"name": "CVE-2026-4676",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4676"
},
{
"name": "CVE-2026-0265",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0265"
},
{
"name": "CVE-2026-4675",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4675"
},
{
"name": "CVE-2026-0244",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0244"
},
{
"name": "CVE-2026-0258",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0258"
},
{
"name": "CVE-2026-4446",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4446"
},
{
"name": "CVE-2026-4679",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4679"
},
{
"name": "CVE-2026-4674",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4674"
},
{
"name": "CVE-2026-0256",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0256"
},
{
"name": "CVE-2026-0261",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0261"
},
{
"name": "CVE-2026-5274",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5274"
},
{
"name": "CVE-2026-4463",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4463"
},
{
"name": "CVE-2026-5909",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5909"
},
{
"name": "CVE-2026-0243",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0243"
},
{
"name": "CVE-2026-0242",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0242"
},
{
"name": "CVE-2026-4441",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4441"
},
{
"name": "CVE-2026-0239",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0239"
},
{
"name": "CVE-2026-7981",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-7981"
},
{
"name": "CVE-2026-5276",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5276"
},
{
"name": "CVE-2026-6305",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6305"
},
{
"name": "CVE-2026-0250",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0250"
},
{
"name": "CVE-2026-4439",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4439"
},
{
"name": "CVE-2026-5893",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5893"
},
{
"name": "CVE-2026-5285",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5285"
},
{
"name": "CVE-2026-4452",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4452"
},
{
"name": "CVE-2026-4462",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4462"
},
{
"name": "CVE-2026-4680",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4680"
},
{
"name": "CVE-2026-0237",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0237"
},
{
"name": "CVE-2026-4677",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4677"
},
{
"name": "CVE-2026-5919",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5919"
},
{
"name": "CVE-2026-6361",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6361"
},
{
"name": "CVE-2026-0238",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0238"
},
{
"name": "CVE-2026-8018",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8018"
},
{
"name": "CVE-2026-7363",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-7363"
},
{
"name": "CVE-2026-5273",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5273"
},
{
"name": "CVE-2026-4458",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4458"
},
{
"name": "CVE-2026-4459",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4459"
},
{
"name": "CVE-2026-0246",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0246"
},
{
"name": "CVE-2026-4450",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4450"
},
{
"name": "CVE-2026-5275",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5275"
},
{
"name": "CVE-2026-4455",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4455"
},
{
"name": "CVE-2026-0262",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0262"
},
{
"name": "CVE-2026-5280",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5280"
},
{
"name": "CVE-2026-5286",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5286"
},
{
"name": "CVE-2026-0257",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0257"
},
{
"name": "CVE-2026-5884",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5884"
},
{
"name": "CVE-2026-5287",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5287"
},
{
"name": "CVE-2026-4449",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4449"
},
{
"name": "CVE-2026-5277",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5277"
},
{
"name": "CVE-2026-7343",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-7343"
},
{
"name": "CVE-2026-5292",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5292"
},
{
"name": "CVE-2026-5290",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5290"
},
{
"name": "CVE-2026-0245",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0245"
},
{
"name": "CVE-2026-0248",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0248"
},
{
"name": "CVE-2026-0235",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0235"
},
{
"name": "CVE-2026-4451",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4451"
},
{
"name": "CVE-2026-4440",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4440"
},
{
"name": "CVE-2026-0247",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0247"
},
{
"name": "CVE-2026-0236",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0236"
},
{
"name": "CVE-2026-5281",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5281"
},
{
"name": "CVE-2026-0240",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0240"
},
{
"name": "CVE-2026-4443",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4443"
},
{
"name": "CVE-2026-5288",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5288"
},
{
"name": "CVE-2026-0259",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0259"
},
{
"name": "CVE-2026-5279",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5279"
},
{
"name": "CVE-2026-4453",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4453"
},
{
"name": "CVE-2026-4454",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4454"
}
],
"initial_release_date": "2026-05-15T00:00:00",
"last_revision_date": "2026-05-15T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0596",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-05-15T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Injection SQL (SQLi)"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Palo Alto Networks. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Palo Alto Networks",
"vendor_advisories": [
{
"published_at": "2026-05-13",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2026-0242",
"url": "https://security.paloaltonetworks.com/CVE-2026-0242"
},
{
"published_at": "2026-05-13",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2026-0251",
"url": "https://security.paloaltonetworks.com/CVE-2026-0251"
},
{
"published_at": "2026-05-13",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2026-0238",
"url": "https://security.paloaltonetworks.com/CVE-2026-0238"
},
{
"published_at": "2026-05-13",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2026-0263",
"url": "https://security.paloaltonetworks.com/CVE-2026-0263"
},
{
"published_at": "2026-05-13",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2026-0259",
"url": "https://security.paloaltonetworks.com/CVE-2026-0259"
},
{
"published_at": "2026-05-13",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2026-0257",
"url": "https://security.paloaltonetworks.com/CVE-2026-0257"
},
{
"published_at": "2026-05-13",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2026-0262",
"url": "https://security.paloaltonetworks.com/CVE-2026-0262"
},
{
"published_at": "2026-05-13",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2026-0243",
"url": "https://security.paloaltonetworks.com/CVE-2026-0243"
},
{
"published_at": "2026-05-13",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2026-0247",
"url": "https://security.paloaltonetworks.com/CVE-2026-0247"
},
{
"published_at": "2026-05-13",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2026-0261",
"url": "https://security.paloaltonetworks.com/CVE-2026-0261"
},
{
"published_at": "2026-05-13",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2026-0240",
"url": "https://security.paloaltonetworks.com/CVE-2026-0240"
},
{
"published_at": "2026-05-13",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2026-0239",
"url": "https://security.paloaltonetworks.com/CVE-2026-0239"
},
{
"published_at": "2026-05-13",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2026-0248",
"url": "https://security.paloaltonetworks.com/CVE-2026-0248"
},
{
"published_at": "2026-05-13",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2026-0246",
"url": "https://security.paloaltonetworks.com/CVE-2026-0246"
},
{
"published_at": "2026-05-13",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks PAN-SA-2026-0007",
"url": "https://security.paloaltonetworks.com/PAN-SA-2026-0007"
},
{
"published_at": "2026-05-13",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2026-0265",
"url": "https://security.paloaltonetworks.com/CVE-2026-0265"
},
{
"published_at": "2026-05-13",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2026-0250",
"url": "https://security.paloaltonetworks.com/CVE-2026-0250"
},
{
"published_at": "2026-05-13",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2026-0264",
"url": "https://security.paloaltonetworks.com/CVE-2026-0264"
},
{
"published_at": "2026-05-13",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2026-0256",
"url": "https://security.paloaltonetworks.com/CVE-2026-0256"
},
{
"published_at": "2026-05-13",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2026-0241",
"url": "https://security.paloaltonetworks.com/CVE-2026-0241"
},
{
"published_at": "2026-05-13",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2026-0245",
"url": "https://security.paloaltonetworks.com/CVE-2026-0245"
},
{
"published_at": "2026-05-13",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2026-0258",
"url": "https://security.paloaltonetworks.com/CVE-2026-0258"
},
{
"published_at": "2026-05-13",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2026-0249",
"url": "https://security.paloaltonetworks.com/CVE-2026-0249"
},
{
"published_at": "2026-05-13",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2026-0244",
"url": "https://security.paloaltonetworks.com/CVE-2026-0244"
}
]
}
CVE-2026-0259 (GCVE-0-2026-0259)
Vulnerability from cvelistv5 – Published: 2026-05-13 18:05 – Updated: 2026-05-13 18:57
VLAI
EPSS
Title
WildFire WF-500 and WF-500-B: Arbitrary File Read and Delete Vulnerability in WildFire Appliance (WF-500, WF-500-B)
Summary
An arbitrary File Read and Delete Vulnerability in Palo Alto Networks WildFire® WF-500 and WF-500-B appliances enables users to read sensitive information and delete arbitrary files. This vulnerability affects WF-500 and WF-500-B appliances running in the default non-FIPS configuration mode.
The WildFire Appliance (WF-500, WF-500-B) software update is now available to customers that use the WildFire Appliance (WF-500, WF-500-B) for on-premise sandboxing.
Please note that customers using the WildFire Public cloud service are NOT impacted by this vulnerability.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-73 - External Control of File Name or Path
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://security.paloaltonetworks.com/CVE-2026-0259 | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Palo Alto Networks | WildFire WF-500 and WF-500-B |
Affected:
12.1.0 , < 12.1.7, 12.1.4-h5
(custom)
Affected: 11.2.0 , < 11.2.11,11.2.7-h7 (custom) Affected: 11.1.0 , < 11.1.13,11.1.10-h8 (custom) Affected: 10.2.0 , < 10.2.18-h6, 10.2.16-h7, 10.2.13-h21, 10.2.10-h36, 10.2.7-h34 (custom) |
Date Public
2026-05-13 16:00
Credits
Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-0259",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-13T18:56:39.294156Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-13T18:57:18.638Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WildFire WF-500 and WF-500-B",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "12.1.7",
"status": "unaffected"
},
{
"at": "12.1.4-h5",
"status": "unaffected"
}
],
"lessThan": "12.1.7, 12.1.4-h5",
"status": "affected",
"version": "12.1.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "11.2.12",
"status": "unaffected"
},
{
"at": "11.2.10-h6",
"status": "unaffected"
},
{
"at": "11.2.7-h13",
"status": "unaffected"
},
{
"at": "11.2.4-h17",
"status": "unaffected"
}
],
"lessThan": "11.2.11,11.2.7-h7",
"status": "affected",
"version": "11.2.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "11.1.15",
"status": "unaffected"
},
{
"at": "11.1.13-h5",
"status": "unaffected"
},
{
"at": "11.1.10-h25",
"status": "unaffected"
},
{
"at": "11.1.7-h6",
"status": "unaffected"
},
{
"at": "11.1.6-h32",
"status": "unaffected"
},
{
"at": "11.1.4-h33",
"status": "unaffected"
}
],
"lessThan": "11.1.13,11.1.10-h8",
"status": "affected",
"version": "11.1.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "10.2.18-h6",
"status": "unaffected"
},
{
"at": "10.2.16-h7",
"status": "unaffected"
},
{
"at": "10.2.13-h21",
"status": "unaffected"
},
{
"at": "10.2.10-h36",
"status": "unaffected"
},
{
"at": "10.2.7-h34",
"status": "unaffected"
}
],
"lessThan": "10.2.18-h6, 10.2.16-h7, 10.2.13-h21, 10.2.10-h36, 10.2.7-h34",
"status": "affected",
"version": "10.2.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "No special configuration is required to be affected by this issue."
}
],
"value": "No special configuration is required to be affected by this issue."
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:palo_alto_networks:wildfire_wf-500_and_wf-500-b:*:*:*:*:*:*:*:*",
"versionEndExcluding": "12.1.7_12.1.4-h5",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:palo_alto_networks:wildfire_wf-500_and_wf-500-b:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.2.11_11.2.7-h7",
"versionStartIncluding": "11.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:palo_alto_networks:wildfire_wf-500_and_wf-500-b:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.1.13_11.1.10-h8",
"versionStartIncluding": "11.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:palo_alto_networks:wildfire_wf-500_and_wf-500-b:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.2.18-h6_10.2.16-h7_10.2.13-h21_10.2.10-h36_10.2.7-h34",
"versionStartIncluding": "10.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "other",
"value": "Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue."
}
],
"datePublic": "2026-05-13T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn arbitrary File Read and Delete Vulnerability in Palo Alto Networks WildFire\u00ae WF-500 and WF-500-B appliances enables users to read sensitive information and delete arbitrary files. This vulnerability affects WF-500 and WF-500-B appliances running in the default non-FIPS configuration mode.\u003c/p\u003e\u003cp\u003eThe WildFire Appliance (WF-500, WF-500-B) software update is now available to customers that use the WildFire Appliance (WF-500, WF-500-B) for on-premise sandboxing.\u003c/p\u003e\u003cp\u003ePlease note that customers using the WildFire Public cloud service are NOT impacted by this vulnerability.\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "An arbitrary File Read and Delete Vulnerability in Palo Alto Networks WildFire\u00ae WF-500 and WF-500-B appliances enables users to read sensitive information and delete arbitrary files. This vulnerability affects WF-500 and WF-500-B appliances running in the default non-FIPS configuration mode.\n\n\n\nThe WildFire Appliance (WF-500, WF-500-B) software update is now available to customers that use the WildFire Appliance (WF-500, WF-500-B) for on-premise sandboxing.\n\n\n\nPlease note that customers using the WildFire Public cloud service are NOT impacted by this vulnerability."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePalo Alto Networks is not aware of any malicious exploitation of this issue.\u003c/p\u003e"
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"impacts": [
{
"capecId": "CAPEC-597",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-597 Absolute Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"exploitMaturity": "UNREPORTED",
"privilegesRequired": "LOW",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/AU:Y/R:U/V:C/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-73",
"description": "CWE-73 External Control of File Name or Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-13T18:05:45.862Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2026-0259"
}
],
"solutions": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ctable class=\"tbl\"\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eVersion\u003c/th\u003e\u003cth\u003eMinor Version Range\u003c/th\u003e\u003cth\u003eSuggested Solution\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eWildFire WF-500 and WF-500-B 12.1\u003c/td\u003e\u003ctd\u003e12.1.5 through 12.1.6\u003c/td\u003e\u003ctd\u003eUpgrade to 12.1.7 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e12.1.2 through 12.1.4-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 12.1.4-h5 or 12.1.7 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eWildFire WF-500 and WF-500-B 11.2\u003c/td\u003e\u003ctd\u003e11.2.11 or later\u003c/td\u003e\u003ctd\u003eUpgrade to 11.2.12 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.2.8 through 11.2.10-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.2.10-h6 or 11.2.12 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.2.5 through 11.2.7-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.2.7-h13 or 11.2.12 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.2.0 through 11.2.4-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.2.4-h17 or 11.2.12 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eWildFire WF-500 and WF-500-B 11.1\u003c/td\u003e\u003ctd\u003e11.1.14 or later\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.15 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.1.11 through 11.1.13-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.13-h5 or 11.1.15 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.1.8 through 11.1.10-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.10-h25 or 11.1.15 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.1.7 through 11.1.7-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.7-h6 or 11.1.15 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.1.5 through 11.1.6-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.6-h32 or 11.1.15 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.1.0 through 11.1.4-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.4-h33 or 11.1.15 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eWildFire WF-500 and WF-500-B 10.2\u003c/td\u003e\u003ctd\u003e10.2.17 through 10.2.18-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 10.2.18-h6 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e10.2.14 through 10.2.16-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 10.2.16-h7 or 10.2.18-h6 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e10.2.11 through 10.2.13-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 10.2.13-h21 or 10.2.18-h6 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e10.2.8 through 10.2.10-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 10.2.10-h36 or 10.2.18-h6 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e10.2.0 through 10.2.7-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 10.2.7-h34 or 10.2.18-h6 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eWildFire WF-500 and WF-500-B 10.1\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e\u0026nbsp;All (EoL)\u003c/td\u003e\u003ctd\u003eNo fix planned. Upgrade to a supported version.\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e"
}
],
"value": "VERSION MINOR VERSION RANGE SUGGESTED SOLUTION\nWildFire WF-500 and WF-500-B 12.1 12.1.5 through 12.1.6 Upgrade to 12.1.7 or later.\n 12.1.2 through 12.1.4-h* Upgrade to 12.1.4-h5 or 12.1.7 or later.\nWildFire WF-500 and WF-500-B 11.2 11.2.11 or later Upgrade to 11.2.12 or later.\n 11.2.8 through 11.2.10-h* Upgrade to 11.2.10-h6 or 11.2.12 or later.\n 11.2.5 through 11.2.7-h* Upgrade to 11.2.7-h13 or 11.2.12 or later.\n 11.2.0 through 11.2.4-h* Upgrade to 11.2.4-h17 or 11.2.12 or later.\nWildFire WF-500 and WF-500-B 11.1 11.1.14 or later Upgrade to 11.1.15 or later.\n 11.1.11 through 11.1.13-h* Upgrade to 11.1.13-h5 or 11.1.15 or later.\n 11.1.8 through 11.1.10-h* Upgrade to 11.1.10-h25 or 11.1.15 or later.\n 11.1.7 through 11.1.7-h* Upgrade to 11.1.7-h6 or 11.1.15 or later.\n 11.1.5 through 11.1.6-h* Upgrade to 11.1.6-h32 or 11.1.15 or later.\n 11.1.0 through 11.1.4-h* Upgrade to 11.1.4-h33 or 11.1.15 or later.\nWildFire WF-500 and WF-500-B 10.2 10.2.17 through 10.2.18-h* Upgrade to 10.2.18-h6 or later.\n 10.2.14 through 10.2.16-h* Upgrade to 10.2.16-h7 or 10.2.18-h6 or later.\n 10.2.11 through 10.2.13-h* Upgrade to 10.2.13-h21 or 10.2.18-h6 or later.\n 10.2.8 through 10.2.10-h* Upgrade to 10.2.10-h36 or 10.2.18-h6 or later.\n 10.2.0 through 10.2.7-h* Upgrade to 10.2.7-h34 or 10.2.18-h6 or later.\nWildFire WF-500 and WF-500-B 10.1 All (EoL) No fix planned. Upgrade to a supported version."
}
],
"source": {
"discovery": "INTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2026-05-13T16:00:00.000Z",
"value": "Initial publication."
}
],
"title": "WildFire WF-500 and WF-500-B: Arbitrary File Read and Delete Vulnerability in WildFire Appliance (WF-500, WF-500-B)",
"workarounds": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eFor airgapped deployments, we strongly recommend that you secure WildFire 500 appliances by restricting access to only trusted internal IP addresses.\u003c/p\u003e\u003cp\u003eCustomers with a Threat Prevention subscription can block attacks for this vulnerability by enabling Threat ID 510010 (Applications and Threats content version 9100-10044 and later). \u003cbr\u003e\u003c/p\u003e\u003cb\u003e\u003c/b\u003e\u003cp\u003ePlease note that this Threat ID requires SSL Decryption.\u003c/p\u003e"
}
],
"value": "For airgapped deployments, we strongly recommend that you secure WildFire 500 appliances by restricting access to only trusted internal IP addresses.\n\nCustomers with a Threat Prevention subscription can block attacks for this vulnerability by enabling Threat ID 510010 (Applications and Threats content version 9100-10044 and later).\n\n\nPlease note that this Threat ID requires SSL Decryption."
}
],
"x_affectedList": [
"WildFire WF-500 and WF-500-B 12.1.0",
"WildFire WF-500 and WF-500-B 12.1.1",
"WildFire WF-500 and WF-500-B 12.1.2",
"WildFire WF-500 and WF-500-B 12.1.3",
"WildFire WF-500 and WF-500-B 11.2.0",
"WildFire WF-500 and WF-500-B 11.2.1",
"WildFire WF-500 and WF-500-B 11.2.2",
"WildFire WF-500 and WF-500-B 11.2.3",
"WildFire WF-500 and WF-500-B 11.1.0",
"WildFire WF-500 and WF-500-B 11.1.1",
"WildFire WF-500 and WF-500-B 11.1.2",
"WildFire WF-500 and WF-500-B 11.1.3",
"WildFire WF-500 and WF-500-B 10.2.0",
"WildFire WF-500 and WF-500-B 10.2.1",
"WildFire WF-500 and WF-500-B 10.2.2",
"WildFire WF-500 and WF-500-B 10.2.3",
"WildFire WF-500 and WF-500-B 10.2.4",
"WildFire WF-500 and WF-500-B 10.2.5",
"WildFire WF-500 and WF-500-B 10.2.6"
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2026-0259",
"datePublished": "2026-05-13T18:05:45.862Z",
"dateReserved": "2025-11-03T20:44:19.922Z",
"dateUpdated": "2026-05-13T18:57:18.638Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-0261 (GCVE-0-2026-0261)
Vulnerability from cvelistv5 – Published: 2026-05-13 17:59 – Updated: 2026-06-09 09:02
VLAI
EPSS
Title
PAN-OS: Authenticated Admin Command Injection Vulnerability
Summary
Multiple command injection vulnerabilities in Palo Alto Networks PAN-OS® software enable an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. To be able to exploit this issue, the user must have access to the PAN-OS CLI or Web UI.
The security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators and by restricting access to the management web interface to only trusted internal IP addresses according to our recommended best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .
This issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series).
Cloud NGFW and Prisma Access® are not impacted by these vulnerabilities.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://security.paloaltonetworks.com/CVE-2026-0261 | vendor-advisory |
| https://cert-portal.siemens.com/productcert/html/… |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| Palo Alto Networks | Cloud NGFW |
Unaffected:
All
(custom)
|
|
| Palo Alto Networks | PAN-OS |
Affected:
12.1.0 , < 12.1.7, 12.1.4-h5
(custom)
Affected: 11.2.0 , < 11.2.12, 11.2.10-h6, 11.2.7-h13, 11.2.4-h17 (custom) Affected: 11.1.0 , < 11.1.15, 11.1.13-h5, 11.1.10-h25, 11.1.7-h6, 11.1.6-h32, 11.1.4-h33 (custom) Affected: 10.2.0 , < 10.2.18-h6, 10.2.16-h7, 10.2.13-h21, 10.2.10-h36, 10.2.7-h34 (custom) cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h12:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h11:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h10:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h8:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h15:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h14:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h12:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h11:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h10:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h9:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h8:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h6:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.14:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h21:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h12:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h10:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h9:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h29:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h25:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h23:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h22:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h21:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h20:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h19:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h18:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h17:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h14:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h10:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h6:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h32:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h27:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h25:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h18:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h17:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h15:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h13:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h12:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h11:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h10:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h9:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h8:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h6:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h6:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h18:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h16:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h15:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h10:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h31:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h30:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h27:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h26:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h23:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h21:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h18:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h17:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h14:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h13:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h12:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h11:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h10:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h9:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h8:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h6:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h32:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h24:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h23:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h22:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h21:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h20:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h19:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h18:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h17:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h16:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h15:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h14:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h13:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h12:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h11:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h10:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h9:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h8:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h6:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:* |
|
| Palo Alto Networks | Prisma Access |
Unaffected:
All
(custom)
|
|
| Siemens | RUGGEDCOM APE1808 |
Affected:
0 , < *
(custom)
|
Date Public
2026-05-13 16:00
Credits
Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-0261",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-13T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T03:56:33.433Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM APE1808",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T09:02:45.434Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-967325.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Cloud NGFW",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "unaffected",
"version": "All",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h12:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h11:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h8:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h15:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h14:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h12:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h11:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h9:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h8:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.14:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h21:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h12:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h9:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h29:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h25:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h23:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h22:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h21:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h20:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h19:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h18:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h17:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h14:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h32:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h27:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h25:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h18:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h17:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h15:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h13:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h12:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h11:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h9:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h8:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h18:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h16:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h15:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h31:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h30:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h27:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h26:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h23:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h21:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h18:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h17:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h14:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h13:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h12:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h11:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h9:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h8:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h32:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h24:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h23:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h22:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h21:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h20:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h19:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h18:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h17:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h16:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h15:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h14:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h13:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h12:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h11:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h9:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h8:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "PAN-OS",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "12.1.7",
"status": "unaffected"
},
{
"at": "12.1.4-h5",
"status": "unaffected"
}
],
"lessThan": "12.1.7, 12.1.4-h5",
"status": "affected",
"version": "12.1.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "11.2.12",
"status": "unaffected"
},
{
"at": "11.2.10-h6",
"status": "unaffected"
},
{
"at": "11.2.7-h13",
"status": "unaffected"
},
{
"at": "11.2.4-h17",
"status": "unaffected"
}
],
"lessThan": "11.2.12, 11.2.10-h6, 11.2.7-h13, 11.2.4-h17",
"status": "affected",
"version": "11.2.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "11.1.15",
"status": "unaffected"
},
{
"at": "11.1.13-h5",
"status": "unaffected"
},
{
"at": "11.1.10-h25",
"status": "unaffected"
},
{
"at": "11.1.7-h6",
"status": "unaffected"
},
{
"at": "11.1.6-h32",
"status": "unaffected"
},
{
"at": "11.1.4-h33",
"status": "unaffected"
}
],
"lessThan": "11.1.15, 11.1.13-h5, 11.1.10-h25, 11.1.7-h6, 11.1.6-h32, 11.1.4-h33",
"status": "affected",
"version": "11.1.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "10.2.18-h6",
"status": "unaffected"
},
{
"at": "10.2.16-h7",
"status": "unaffected"
},
{
"at": "10.2.13-h21",
"status": "unaffected"
},
{
"at": "10.2.10-h36",
"status": "unaffected"
},
{
"at": "10.2.7-h34",
"status": "unaffected"
}
],
"lessThan": "10.2.18-h6, 10.2.16-h7, 10.2.13-h21, 10.2.10-h36, 10.2.7-h34",
"status": "affected",
"version": "10.2.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Prisma Access",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "unaffected",
"version": "All",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eNo special configuration is required to be affected by this issue.\u003c/p\u003e"
}
],
"value": "No special configuration is required to be affected by this issue."
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:palo_alto_networks:cloud_ngfw:all:*:*:*:*:*:*:*",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "12.1.7_12.1.4-h5",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.2.12_11.2.10-h6_11.2.7-h13_11.2.4-h17",
"versionStartIncluding": "11.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.1.15_11.1.13-h5_11.1.10-h25_11.1.7-h6_11.1.6-h32_11.1.4-h33",
"versionStartIncluding": "11.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.2.18-h6_10.2.16-h7_10.2.13-h21_10.2.10-h36_10.2.7-h34",
"versionStartIncluding": "10.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:palo_alto_networks:prisma_access:all:*:*:*:*:*:*:*",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "other",
"value": "Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue."
}
],
"datePublic": "2026-05-13T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMultiple command injection vulnerabilities in Palo Alto Networks PAN-OS\u00ae software enable an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. To be able to exploit this issue, the user must have access to the PAN-OS CLI or Web UI.\u003c/p\u003e\u003cp\u003eThe security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators and by restricting access to the management web interface to only trusted internal IP addresses according to our recommended \u003ca href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"\u003ebest practice deployment guidelines\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eThis issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series).\u003c/p\u003e\u003cp\u003eCloud NGFW and Prisma Access\u00ae are not impacted by these vulnerabilities.\u003c/p\u003e"
}
],
"value": "Multiple command injection vulnerabilities in Palo Alto Networks PAN-OS\u00ae software enable an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. To be able to exploit this issue, the user must have access to the PAN-OS CLI or Web UI.\n\n\n\nThe security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators and by restricting access to the management web interface to only trusted internal IP addresses according to our recommended best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .\n\n\n\nThis issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series).\n\n\n\nCloud NGFW and Prisma Access\u00ae are not impacted by these vulnerabilities."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePalo Alto Networks is not aware of any malicious exploitation of these issues.\u003c/p\u003e"
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of these issues."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"exploitMaturity": "UNREPORTED",
"privilegesRequired": "HIGH",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:C/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "The risk is highest when you allow access to the management interface from external IP addresses on the internet."
}
]
},
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"exploitMaturity": "UNREPORTED",
"privilegesRequired": "HIGH",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "You can reduce the risk of exploitation by restricting access to a jump box that is the only system allowed to access the management interface."
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-13T17:59:31.408Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2026-0261"
}
],
"solutions": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ctable class=\"tbl\"\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eVersion\u003cbr\u003e\u003c/th\u003e\u003cth\u003eMinor Version\u003cbr\u003e\u003c/th\u003e\u003cth\u003eSuggested Solution\u003cbr\u003e\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eCloud NGFW\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003ePAN-OS 12.1\u003cbr\u003e\u003c/td\u003e\n \u003ctd\u003e12.1.5 through 12.1.6\u003c/td\u003e\n \u003ctd\u003eUpgrade to 12.1.7 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd\u003e12.1.2 through 12.1.4-h*\u003c/td\u003e\n \u003ctd\u003eUpgrade to 12.1.4-h5 or 12.1.7 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003ePAN-OS 11.2\u003cbr\u003e\u003c/td\u003e\n \u003ctd\u003e11.2.11 or later\u003c/td\u003e\n \u003ctd\u003eUpgrade to 11.2.12 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd\u003e11.2.8 through 11.2.10-h*\u003c/td\u003e\n \u003ctd\u003eUpgrade to 11.2.10-h6 or 11.2.12 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd\u003e11.2.5 through 11.2.7-h*\u003c/td\u003e\n \u003ctd\u003eUpgrade to 11.2.7-h13 or 11.2.12 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd\u003e11.2.0 through 11.2.4-h*\u003c/td\u003e\n \u003ctd\u003eUpgrade to 11.2.4-h17 or 11.2.12 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003ePAN-OS 11.1\u003cbr\u003e\u003c/td\u003e\n \u003ctd\u003e11.1.14 or later\u003c/td\u003e\n \u003ctd\u003eUpgrade to 11.1.15 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd\u003e11.1.11 through 11.1.13-h*\u003c/td\u003e\n \u003ctd\u003eUpgrade to 11.1.13-h5 or 11.1.15 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd\u003e11.1.8 through 11.1.10-h*\u003c/td\u003e\n \u003ctd\u003eUpgrade to 11.1.10-h25 or 11.1.15 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd\u003e11.1.7 through 11.1.7-h*\u003c/td\u003e\n \u003ctd\u003eUpgrade to 11.1.7-h6 or 11.1.15 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd\u003e11.1.5 through 11.1.6-h*\u003c/td\u003e\n \u003ctd\u003eUpgrade to 11.1.6-h32 or 11.1.15 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd\u003e11.1.0 through 11.1.4-h*\u003c/td\u003e\n \u003ctd\u003eUpgrade to 11.1.4-h33 or 11.1.15 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003ePAN-OS 10.2\u003cbr\u003e\u003c/td\u003e\n \u003ctd\u003e10.2.17 through 10.2.18-h*\u003c/td\u003e\n \u003ctd\u003eUpgrade to 10.2.18-h6 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd\u003e10.2.14 through 10.2.16-h*\u003c/td\u003e\n \u003ctd\u003eUpgrade to 10.2.16-h7 or 10.2.18-h6 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd\u003e10.2.11 through 10.2.13-h*\u003c/td\u003e\n \u003ctd\u003eUpgrade to 10.2.13-h21 or 10.2.18-h6 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd\u003e10.2.8 through 10.2.10-h*\u003c/td\u003e\n \u003ctd\u003eUpgrade to 10.2.10-h36 or 10.2.18-h6 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd\u003e10.2.0 through 10.2.7-h*\u003c/td\u003e\n \u003ctd\u003eUpgrade to 10.2.7-h34 or 10.2.18-h6 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eAll older\u003cbr\u003eunsupported\u003cbr\u003ePAN-OS versions\u003c/td\u003e\u003ctd\u003e\u0026nbsp;\u003c/td\u003e\u003ctd\u003eUpgrade to a supported fixed version.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePrisma Access\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e"
}
],
"value": "VERSION MINOR VERSION SUGGESTED SOLUTION\nCloud NGFW No action needed.\nPAN-OS 12.1 12.1.5 through 12.1.6 Upgrade to 12.1.7 or later.\n 12.1.2 through 12.1.4-h* Upgrade to 12.1.4-h5 or 12.1.7 or later.\nPAN-OS 11.2 11.2.11 or later Upgrade to 11.2.12 or later.\n 11.2.8 through 11.2.10-h* Upgrade to 11.2.10-h6 or 11.2.12 or later.\n 11.2.5 through 11.2.7-h* Upgrade to 11.2.7-h13 or 11.2.12 or later.\n 11.2.0 through 11.2.4-h* Upgrade to 11.2.4-h17 or 11.2.12 or later.\nPAN-OS 11.1 11.1.14 or later Upgrade to 11.1.15 or later.\n 11.1.11 through 11.1.13-h* Upgrade to 11.1.13-h5 or 11.1.15 or later.\n 11.1.8 through 11.1.10-h* Upgrade to 11.1.10-h25 or 11.1.15 or later.\n 11.1.7 through 11.1.7-h* Upgrade to 11.1.7-h6 or 11.1.15 or later.\n 11.1.5 through 11.1.6-h* Upgrade to 11.1.6-h32 or 11.1.15 or later.\n 11.1.0 through 11.1.4-h* Upgrade to 11.1.4-h33 or 11.1.15 or later.\nPAN-OS 10.2 10.2.17 through 10.2.18-h* Upgrade to 10.2.18-h6 or later.\n 10.2.14 through 10.2.16-h* Upgrade to 10.2.16-h7 or 10.2.18-h6 or later.\n 10.2.11 through 10.2.13-h* Upgrade to 10.2.13-h21 or 10.2.18-h6 or later.\n 10.2.8 through 10.2.10-h* Upgrade to 10.2.10-h36 or 10.2.18-h6 or later.\n 10.2.0 through 10.2.7-h* Upgrade to 10.2.7-h34 or 10.2.18-h6 or later.\nAll older Upgrade to a supported fixed version.\nunsupported\nPAN-OS versions\nPrisma Access No action needed."
}
],
"source": {
"discovery": "INTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2026-05-13T16:00:00.000Z",
"value": "Initial publication."
}
],
"title": "PAN-OS: Authenticated Admin Command Injection Vulnerability",
"workarounds": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe vast majority of firewalls already follow Palo Alto Networks\u0027 and industry best practices. However, if you have not already, we strongly recommend that you secure access to your management interface according to our \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"\u003ebest practice deployment guidelines\u003c/a\u003e. Specifically, you should restrict management interface access to only trusted internal IP addresses.\u003c/p\u003e\u003cp\u003eReview information about how to secure management access to your Palo Alto Networks firewalls:\u003c/p\u003e\u003cul\u003e\u003cli\u003ePalo Alto Networks LIVEcommunity article:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"\u003ehttps://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\u003c/a\u003e\u003c/li\u003e\u003cli\u003ePalo Alto Networks official and detailed technical documentation:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices\"\u003ehttps://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eCustomers with a Threat Prevention subscription can block attacks for this vulnerability by enabling Threat IDs 510017, 510018 and 510024 and can detect attacks for this vulnerability by enabling Threat IDs 510021, 510025 and 510026 (from Applications and Threats content version 9100-10044 and later). For these Threat IDs to protect against attacks for this vulnerability:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#id59206398-3dab-4b2f-9b4b-7ea500d036ba\"\u003eRoute incoming traffic for the MGT port through a DP port\u003c/a\u003e, e.g., enabling management profile on a DP interface for management access.\u003c/li\u003e\u003cli\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#id112f7714-8995-4496-bbf9-781e63dec71c\"\u003eReplace the Certificate for Inbound Traffic Management\u003c/a\u003e.\u003c/li\u003e\u003cli\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#idbbd82587-17a2-42b4-9245-d3714e1e13a2\"\u003eDecrypt inbound traffic to the management interface\u003c/a\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#idbbd82587-17a2-42b4-9245-d3714e1e13a2\"\u003e so the firewall can inspect it\u003c/a\u003e.\u003c/li\u003e\u003cli\u003eEnable threat prevention on the inbound traffic to management services.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "The vast majority of firewalls already follow Palo Alto Networks\u0027 and industry best practices. However, if you have not already, we strongly recommend that you secure access to your management interface according to our best practice deployment guidelines (https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431). Specifically, you should restrict management interface access to only trusted internal IP addresses.\n\nReview information about how to secure management access to your Palo Alto Networks firewalls:\n\n * Palo Alto Networks LIVEcommunity article: https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\n * Palo Alto Networks official and detailed technical documentation: https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices\n\nCustomers with a Threat Prevention subscription can block attacks for this vulnerability by enabling Threat IDs 510017, 510018 and 510024 and can detect attacks for this vulnerability by enabling Threat IDs 510021, 510025 and 510026 (from Applications and Threats content version 9100-10044 and later). For these Threat IDs to protect against attacks for this vulnerability:\n\n\n\n * Route incoming traffic for the MGT port through a DP port (https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#id59206398-3dab-4b2f-9b4b-7ea500d036ba), e.g., enabling management profile on a DP interface for management access.\n * Replace the Certificate for Inbound Traffic Management (https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#id112f7714-8995-4496-bbf9-781e63dec71c).\n * Decrypt inbound traffic to the management interface (https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#idbbd82587-17a2-42b4-9245-d3714e1e13a2) so the firewall can inspect it (https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#idbbd82587-17a2-42b4-9245-d3714e1e13a2).\n * Enable threat prevention on the inbound traffic to management services."
}
],
"x_affectedList": [
"PAN-OS 12.1.6",
"PAN-OS 12.1.5",
"PAN-OS 12.1.4-h3",
"PAN-OS 12.1.4-h2",
"PAN-OS 12.1.4",
"PAN-OS 12.1.3-h3",
"PAN-OS 12.1.3-h1",
"PAN-OS 12.1.3",
"PAN-OS 12.1.2",
"PAN-OS 11.2.11",
"PAN-OS 11.2.10-h4",
"PAN-OS 11.2.10-h3",
"PAN-OS 11.2.10-h2",
"PAN-OS 11.2.10-h1",
"PAN-OS 11.2.10",
"PAN-OS 11.2.9",
"PAN-OS 11.2.8",
"PAN-OS 11.2.7-h11",
"PAN-OS 11.2.7-h10",
"PAN-OS 11.2.7-h8",
"PAN-OS 11.2.7-h7",
"PAN-OS 11.2.7-h4",
"PAN-OS 11.2.7-h3",
"PAN-OS 11.2.7-h2",
"PAN-OS 11.2.7-h1",
"PAN-OS 11.2.7",
"PAN-OS 11.2.6",
"PAN-OS 11.2.5",
"PAN-OS 11.2.4-h15",
"PAN-OS 11.2.4-h14",
"PAN-OS 11.2.4-h12",
"PAN-OS 11.2.4-h11",
"PAN-OS 11.2.4-h10",
"PAN-OS 11.2.4-h9",
"PAN-OS 11.2.4-h8",
"PAN-OS 11.2.4-h7",
"PAN-OS 11.2.4-h6",
"PAN-OS 11.2.4-h5",
"PAN-OS 11.2.4-h4",
"PAN-OS 11.2.4-h3",
"PAN-OS 11.2.4-h2",
"PAN-OS 11.2.4-h1",
"PAN-OS 11.2.4",
"PAN-OS 11.2.3-h5",
"PAN-OS 11.2.3-h4",
"PAN-OS 11.2.3-h3",
"PAN-OS 11.2.3-h2",
"PAN-OS 11.2.3-h1",
"PAN-OS 11.2.3",
"PAN-OS 11.2.2-h2",
"PAN-OS 11.2.2-h1",
"PAN-OS 11.2.1-h1",
"PAN-OS 11.2.1",
"PAN-OS 11.2.0-h1",
"PAN-OS 11.2.0",
"PAN-OS 11.1.13-h3",
"PAN-OS 11.1.13-h2",
"PAN-OS 11.1.13-h1",
"PAN-OS 11.1.13",
"PAN-OS 11.1.12",
"PAN-OS 11.1.11",
"PAN-OS 11.1.10-h21",
"PAN-OS 11.1.10-h12",
"PAN-OS 11.1.10-h10",
"PAN-OS 11.1.10-h9",
"PAN-OS 11.1.10-h7",
"PAN-OS 11.1.10-h5",
"PAN-OS 11.1.10-h4",
"PAN-OS 11.1.10-h1",
"PAN-OS 11.1.10",
"PAN-OS 11.1.9",
"PAN-OS 11.1.8",
"PAN-OS 11.1.6-h29",
"PAN-OS 11.1.6-h25",
"PAN-OS 11.1.6-h23",
"PAN-OS 11.1.6-h22",
"PAN-OS 11.1.6-h21",
"PAN-OS 11.1.6-h20",
"PAN-OS 11.1.6-h19",
"PAN-OS 11.1.6-h18",
"PAN-OS 11.1.6-h17",
"PAN-OS 11.1.6-h14",
"PAN-OS 11.1.6-h10",
"PAN-OS 11.1.6-h7",
"PAN-OS 11.1.6-h6",
"PAN-OS 11.1.6-h4",
"PAN-OS 11.1.6-h3",
"PAN-OS 11.1.6-h2",
"PAN-OS 11.1.6-h1",
"PAN-OS 11.1.6",
"PAN-OS 11.1.5-h1",
"PAN-OS 11.1.5",
"PAN-OS 11.1.4-h27",
"PAN-OS 11.1.4-h25",
"PAN-OS 11.1.4-h18",
"PAN-OS 11.1.4-h17",
"PAN-OS 11.1.4-h15",
"PAN-OS 11.1.4-h13",
"PAN-OS 11.1.4-h12",
"PAN-OS 11.1.4-h11",
"PAN-OS 11.1.4-h10",
"PAN-OS 11.1.4-h9",
"PAN-OS 11.1.4-h8",
"PAN-OS 11.1.4-h7",
"PAN-OS 11.1.4-h6",
"PAN-OS 11.1.4-h5",
"PAN-OS 11.1.4-h4",
"PAN-OS 11.1.4-h3",
"PAN-OS 11.1.4-h2",
"PAN-OS 11.1.4-h1",
"PAN-OS 11.1.4",
"PAN-OS 11.1.3-h13",
"PAN-OS 11.1.3-h12",
"PAN-OS 11.1.3-h11",
"PAN-OS 11.1.3-h10",
"PAN-OS 11.1.3-h9",
"PAN-OS 11.1.3-h8",
"PAN-OS 11.1.3-h7",
"PAN-OS 11.1.3-h6",
"PAN-OS 11.1.3-h5",
"PAN-OS 11.1.3-h4",
"PAN-OS 11.1.3-h3",
"PAN-OS 11.1.3-h2",
"PAN-OS 11.1.3-h1",
"PAN-OS 11.1.3",
"PAN-OS 11.1.2-h18",
"PAN-OS 11.1.2-h17",
"PAN-OS 11.1.2-h16",
"PAN-OS 11.1.2-h15",
"PAN-OS 11.1.2-h14",
"PAN-OS 11.1.2-h13",
"PAN-OS 11.1.2-h12",
"PAN-OS 11.1.2-h11",
"PAN-OS 11.1.2-h10",
"PAN-OS 11.1.2-h9",
"PAN-OS 11.1.2-h8",
"PAN-OS 11.1.2-h7",
"PAN-OS 11.1.2-h6",
"PAN-OS 11.1.2-h5",
"PAN-OS 11.1.2-h4",
"PAN-OS 11.1.2-h3",
"PAN-OS 11.1.2-h2",
"PAN-OS 11.1.2-h1",
"PAN-OS 11.1.2",
"PAN-OS 11.1.1-h2",
"PAN-OS 11.1.1-h1",
"PAN-OS 11.1.1",
"PAN-OS 11.1.0-h4",
"PAN-OS 11.1.0-h3",
"PAN-OS 11.1.0-h2",
"PAN-OS 11.1.0-h1",
"PAN-OS 11.1.0",
"PAN-OS 10.2.18-h1",
"PAN-OS 10.2.18",
"PAN-OS 10.2.17",
"PAN-OS 10.2.16-h6",
"PAN-OS 10.2.16-h4",
"PAN-OS 10.2.16-h1",
"PAN-OS 10.2.16",
"PAN-OS 10.2.15",
"PAN-OS 10.2.14-h1",
"PAN-OS 10.2.14",
"PAN-OS 10.2.13-h18",
"PAN-OS 10.2.13-h16",
"PAN-OS 10.2.13-h15",
"PAN-OS 10.2.13-h10",
"PAN-OS 10.2.13-h7",
"PAN-OS 10.2.13-h5",
"PAN-OS 10.2.13-h4",
"PAN-OS 10.2.13-h3",
"PAN-OS 10.2.13-h2",
"PAN-OS 10.2.13-h1",
"PAN-OS 10.2.13",
"PAN-OS 10.2.12-h6",
"PAN-OS 10.2.12-h5",
"PAN-OS 10.2.12-h4",
"PAN-OS 10.2.12-h3",
"PAN-OS 10.2.12-h2",
"PAN-OS 10.2.12-h1",
"PAN-OS 10.2.12",
"PAN-OS 10.2.11-h13",
"PAN-OS 10.2.11-h12",
"PAN-OS 10.2.11-h11",
"PAN-OS 10.2.11-h10",
"PAN-OS 10.2.11-h9",
"PAN-OS 10.2.11-h8",
"PAN-OS 10.2.11-h7",
"PAN-OS 10.2.11-h6",
"PAN-OS 10.2.11-h5",
"PAN-OS 10.2.11-h4",
"PAN-OS 10.2.11-h3",
"PAN-OS 10.2.11-h2",
"PAN-OS 10.2.11-h1",
"PAN-OS 10.2.11",
"PAN-OS 10.2.10-h31",
"PAN-OS 10.2.10-h30",
"PAN-OS 10.2.10-h27",
"PAN-OS 10.2.10-h26",
"PAN-OS 10.2.10-h23",
"PAN-OS 10.2.10-h21",
"PAN-OS 10.2.10-h18",
"PAN-OS 10.2.10-h17",
"PAN-OS 10.2.10-h14",
"PAN-OS 10.2.10-h13",
"PAN-OS 10.2.10-h12",
"PAN-OS 10.2.10-h11",
"PAN-OS 10.2.10-h10",
"PAN-OS 10.2.10-h9",
"PAN-OS 10.2.10-h8",
"PAN-OS 10.2.10-h7",
"PAN-OS 10.2.10-h6",
"PAN-OS 10.2.10-h5",
"PAN-OS 10.2.10-h4",
"PAN-OS 10.2.10-h3",
"PAN-OS 10.2.10-h2",
"PAN-OS 10.2.10-h1",
"PAN-OS 10.2.10",
"PAN-OS 10.2.9-h21",
"PAN-OS 10.2.9-h20",
"PAN-OS 10.2.9-h19",
"PAN-OS 10.2.9-h18",
"PAN-OS 10.2.9-h17",
"PAN-OS 10.2.9-h16",
"PAN-OS 10.2.9-h15",
"PAN-OS 10.2.9-h14",
"PAN-OS 10.2.9-h13",
"PAN-OS 10.2.9-h12",
"PAN-OS 10.2.9-h11",
"PAN-OS 10.2.9-h10",
"PAN-OS 10.2.9-h9",
"PAN-OS 10.2.9-h8",
"PAN-OS 10.2.9-h7",
"PAN-OS 10.2.9-h6",
"PAN-OS 10.2.9-h5",
"PAN-OS 10.2.9-h4",
"PAN-OS 10.2.9-h3",
"PAN-OS 10.2.9-h2",
"PAN-OS 10.2.9-h1",
"PAN-OS 10.2.9",
"PAN-OS 10.2.8-h21",
"PAN-OS 10.2.8-h20",
"PAN-OS 10.2.8-h19",
"PAN-OS 10.2.8-h18",
"PAN-OS 10.2.8-h17",
"PAN-OS 10.2.8-h16",
"PAN-OS 10.2.8-h15",
"PAN-OS 10.2.8-h14",
"PAN-OS 10.2.8-h13",
"PAN-OS 10.2.8-h12",
"PAN-OS 10.2.8-h11",
"PAN-OS 10.2.8-h10",
"PAN-OS 10.2.8-h9",
"PAN-OS 10.2.8-h8",
"PAN-OS 10.2.8-h7",
"PAN-OS 10.2.8-h6",
"PAN-OS 10.2.8-h5",
"PAN-OS 10.2.8-h4",
"PAN-OS 10.2.8-h3",
"PAN-OS 10.2.8-h2",
"PAN-OS 10.2.8-h1",
"PAN-OS 10.2.8",
"PAN-OS 10.2.7-h32",
"PAN-OS 10.2.7-h24",
"PAN-OS 10.2.7-h23",
"PAN-OS 10.2.7-h22",
"PAN-OS 10.2.7-h21",
"PAN-OS 10.2.7-h20",
"PAN-OS 10.2.7-h19",
"PAN-OS 10.2.7-h18",
"PAN-OS 10.2.7-h17",
"PAN-OS 10.2.7-h16",
"PAN-OS 10.2.7-h15",
"PAN-OS 10.2.7-h14",
"PAN-OS 10.2.7-h13",
"PAN-OS 10.2.7-h12",
"PAN-OS 10.2.7-h11",
"PAN-OS 10.2.7-h10",
"PAN-OS 10.2.7-h9",
"PAN-OS 10.2.7-h8",
"PAN-OS 10.2.7-h7",
"PAN-OS 10.2.7-h6",
"PAN-OS 10.2.7-h5",
"PAN-OS 10.2.7-h4",
"PAN-OS 10.2.7-h3",
"PAN-OS 10.2.7-h2",
"PAN-OS 10.2.7-h1",
"PAN-OS 10.2.7",
"PAN-OS 10.2.6-h6",
"PAN-OS 10.2.6-h5",
"PAN-OS 10.2.6-h4",
"PAN-OS 10.2.6-h3",
"PAN-OS 10.2.6-h2",
"PAN-OS 10.2.6-h1",
"PAN-OS 10.2.6",
"PAN-OS 10.2.5-h9",
"PAN-OS 10.2.5-h8",
"PAN-OS 10.2.5-h7",
"PAN-OS 10.2.5-h6",
"PAN-OS 10.2.5-h5",
"PAN-OS 10.2.5-h4",
"PAN-OS 10.2.5-h3",
"PAN-OS 10.2.5-h2",
"PAN-OS 10.2.5-h1",
"PAN-OS 10.2.5",
"PAN-OS 10.2.4-h32",
"PAN-OS 10.2.4-h31",
"PAN-OS 10.2.4-h30",
"PAN-OS 10.2.4-h29",
"PAN-OS 10.2.4-h28",
"PAN-OS 10.2.4-h27",
"PAN-OS 10.2.4-h26",
"PAN-OS 10.2.4-h25",
"PAN-OS 10.2.4-h24",
"PAN-OS 10.2.4-h23",
"PAN-OS 10.2.4-h22",
"PAN-OS 10.2.4-h21",
"PAN-OS 10.2.4-h20",
"PAN-OS 10.2.4-h19",
"PAN-OS 10.2.4-h18",
"PAN-OS 10.2.4-h17",
"PAN-OS 10.2.4-h16",
"PAN-OS 10.2.4-h15",
"PAN-OS 10.2.4-h14",
"PAN-OS 10.2.4-h13",
"PAN-OS 10.2.4-h12",
"PAN-OS 10.2.4-h11",
"PAN-OS 10.2.4-h10",
"PAN-OS 10.2.4-h9",
"PAN-OS 10.2.4-h8",
"PAN-OS 10.2.4-h7",
"PAN-OS 10.2.4-h6",
"PAN-OS 10.2.4-h5",
"PAN-OS 10.2.4-h4",
"PAN-OS 10.2.4-h3",
"PAN-OS 10.2.4-h2",
"PAN-OS 10.2.4-h1",
"PAN-OS 10.2.4",
"PAN-OS 10.2.3-h14",
"PAN-OS 10.2.3-h13",
"PAN-OS 10.2.3-h12",
"PAN-OS 10.2.3-h11",
"PAN-OS 10.2.3-h10",
"PAN-OS 10.2.3-h9",
"PAN-OS 10.2.3-h8",
"PAN-OS 10.2.3-h7",
"PAN-OS 10.2.3-h6",
"PAN-OS 10.2.3-h5",
"PAN-OS 10.2.3-h4",
"PAN-OS 10.2.3-h3",
"PAN-OS 10.2.3-h2",
"PAN-OS 10.2.3-h1",
"PAN-OS 10.2.3",
"PAN-OS 10.2.2-h6",
"PAN-OS 10.2.2-h5",
"PAN-OS 10.2.2-h4",
"PAN-OS 10.2.2-h3",
"PAN-OS 10.2.2-h2",
"PAN-OS 10.2.2-h1",
"PAN-OS 10.2.2",
"PAN-OS 10.2.1-h3",
"PAN-OS 10.2.1-h2",
"PAN-OS 10.2.1-h1",
"PAN-OS 10.2.1",
"PAN-OS 10.2.0-h4",
"PAN-OS 10.2.0-h3",
"PAN-OS 10.2.0-h2",
"PAN-OS 10.2.0-h1",
"PAN-OS 10.2.0"
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2026-0261",
"datePublished": "2026-05-13T17:59:31.408Z",
"dateReserved": "2025-11-03T20:44:22.040Z",
"dateUpdated": "2026-06-09T09:02:45.434Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-0262 (GCVE-0-2026-0262)
Vulnerability from cvelistv5 – Published: 2026-05-13 17:49 – Updated: 2026-06-09 09:02
VLAI
EPSS
Title
PAN-OS: Denial of Service Vulnerabilities in Network Traffic Parsing
Summary
Multiple denial of service vulnerabilities in Palo Alto Networks PAN-OS® software allow an unauthenticated attacker with network access to cause a denial of service (DoS) condition by sending specially crafted network traffic.
Panorama and Cloud NGFW are not impacted by these vulnerabilities.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-754 - Improper Check for Unusual or Exceptional Conditions
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://security.paloaltonetworks.com/CVE-2026-0262 | vendor-advisory |
| https://cert-portal.siemens.com/productcert/html/… |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| Palo Alto Networks | Cloud NGFW |
Unaffected:
All
(custom)
|
|
| Palo Alto Networks | PAN-OS |
Affected:
12.1.0 , < 12.1.7, 12.1.4-h5
(custom)
Affected: 11.2.0 , < 11.2.12, 11.2.10-h6, 11.2.7-h13, 11.2.4-h17 (custom) Affected: 11.1.0 , < 11.1.15, 11.1.13-h5, 11.1.10-h25, 11.1.7-h6, 11.1.6-h32, 11.1.4-h33 (custom) Affected: 10.2.0 , < 10.2.18-h6, 10.2.16-h7, 10.2.13-h21, 10.2.10-h36, 10.2.7-h34 (custom) cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h12:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h11:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h10:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h8:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h15:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h14:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h12:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h11:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h10:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h9:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h8:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h6:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.14:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h21:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h12:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h10:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h9:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h29:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h25:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h23:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h22:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h21:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h20:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h19:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h18:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h17:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h14:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h10:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h6:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h32:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h27:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h25:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h18:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h17:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h15:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h13:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h12:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h11:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h10:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h9:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h8:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h6:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h6:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h18:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h16:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h15:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h10:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h31:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h30:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h27:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h26:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h23:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h21:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h18:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h17:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h14:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h13:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h12:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h11:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h10:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h9:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h8:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h6:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h32:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h24:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h23:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h22:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h21:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h20:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h19:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h18:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h17:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h16:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h15:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h14:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h13:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h12:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h11:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h10:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h9:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h8:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h6:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:* |
|
| Palo Alto Networks | Prisma Access |
Affected:
10.2.0 , < 10.2.10-h36
(custom)
Affected: 11.2.0 , < 11.2.7-h13 (custom) |
|
| Siemens | RUGGEDCOM APE1808 |
Affected:
0 , < *
(custom)
|
Date Public
2026-05-13 16:00
Credits
Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-0262",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-13T18:48:50.434924Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-13T18:49:05.116Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM APE1808",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T09:02:46.762Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-967325.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Azure/AWS"
],
"product": "Cloud NGFW",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "unaffected",
"version": "All",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h12:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h11:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h8:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h15:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h14:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h12:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h11:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h9:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h8:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.14:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h21:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h12:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h9:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h29:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h25:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h23:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h22:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h21:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h20:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h19:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h18:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h17:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h14:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h32:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h27:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h25:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h18:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h17:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h15:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h13:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h12:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h11:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h9:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h8:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h18:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h16:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h15:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h31:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h30:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h27:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h26:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h23:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h21:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h18:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h17:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h14:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h13:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h12:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h11:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h9:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h8:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h32:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h24:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h23:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h22:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h21:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h20:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h19:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h18:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h17:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h16:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h15:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h14:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h13:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h12:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h11:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h9:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h8:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "PAN-OS",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "12.1.7",
"status": "unaffected"
},
{
"at": "12.1.4-h5",
"status": "unaffected"
}
],
"lessThan": "12.1.7, 12.1.4-h5",
"status": "affected",
"version": "12.1.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "11.2.12",
"status": "unaffected"
},
{
"at": "11.2.10-h6",
"status": "unaffected"
},
{
"at": "11.2.7-h13",
"status": "unaffected"
},
{
"at": "11.2.4-h17",
"status": "unaffected"
}
],
"lessThan": "11.2.12, 11.2.10-h6, 11.2.7-h13, 11.2.4-h17",
"status": "affected",
"version": "11.2.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "11.1.15",
"status": "unaffected"
},
{
"at": "11.1.13-h5",
"status": "unaffected"
},
{
"at": "11.1.10-h25",
"status": "unaffected"
},
{
"at": "11.1.7-h6",
"status": "unaffected"
},
{
"at": "11.1.6-h32",
"status": "unaffected"
},
{
"at": "11.1.4-h33",
"status": "unaffected"
}
],
"lessThan": "11.1.15, 11.1.13-h5, 11.1.10-h25, 11.1.7-h6, 11.1.6-h32, 11.1.4-h33",
"status": "affected",
"version": "11.1.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "10.2.18-h6",
"status": "unaffected"
},
{
"at": "10.2.16-h7",
"status": "unaffected"
},
{
"at": "10.2.13-h21",
"status": "unaffected"
},
{
"at": "10.2.10-h36",
"status": "unaffected"
},
{
"at": "10.2.7-h34",
"status": "unaffected"
}
],
"lessThan": "10.2.18-h6, 10.2.16-h7, 10.2.13-h21, 10.2.10-h36, 10.2.7-h34",
"status": "affected",
"version": "10.2.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Prisma Access",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "10.2.10-h36",
"status": "unaffected"
}
],
"lessThan": "10.2.10-h36",
"status": "affected",
"version": "10.2.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "11.2.7-h13",
"status": "unaffected"
}
],
"lessThan": "11.2.7-h13",
"status": "affected",
"version": "11.2.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eNo special configuration is required to be affected by this issue.\u003c/p\u003e"
}
],
"value": "No special configuration is required to be affected by this issue."
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:palo_alto_networks:cloud_ngfw:all:*:azure_aws:*:*:*:*:*",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "12.1.7_12.1.4-h5",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.2.12_11.2.10-h6_11.2.7-h13_11.2.4-h17",
"versionStartIncluding": "11.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.1.15_11.1.13-h5_11.1.10-h25_11.1.7-h6_11.1.6-h32_11.1.4-h33",
"versionStartIncluding": "11.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.2.18-h6_10.2.16-h7_10.2.13-h21_10.2.10-h36_10.2.7-h34",
"versionStartIncluding": "10.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:palo_alto_networks:prisma_access:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.2.10-h36",
"versionStartIncluding": "10.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:palo_alto_networks:prisma_access:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.2.7-h13",
"versionStartIncluding": "11.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "other",
"value": "Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue."
}
],
"datePublic": "2026-05-13T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMultiple denial of service vulnerabilities in Palo Alto Networks PAN-OS\u00ae software allow an unauthenticated attacker with network access to cause a denial of service (DoS) condition by sending specially crafted network traffic. \u003cbr\u003e\u003cbr\u003ePanorama and Cloud NGFW are not impacted by these vulnerabilities.\u003c/p\u003e"
}
],
"value": "Multiple denial of service vulnerabilities in Palo Alto Networks PAN-OS\u00ae software allow an unauthenticated attacker with network access to cause a denial of service (DoS) condition by sending specially crafted network traffic. \n\nPanorama and Cloud NGFW are not impacted by these vulnerabilities."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePalo Alto Networks is not aware of any malicious exploitation of these issues.\u003c/p\u003e"
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of these issues."
}
],
"impacts": [
{
"capecId": "CAPEC-153",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-153 Input Data Manipulation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"exploitMaturity": "UNREPORTED",
"privilegesRequired": "NONE",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:C/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-13T17:49:43.620Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2026-0262"
}
],
"solutions": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ctable class=\"tbl\"\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eVersion\u003c/th\u003e\u003cth\u003eMinor Version\u003c/th\u003e\u003cth\u003eSuggested Solution\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e Cloud NGFW\u003c/td\u003e\u003ctd\u003e\u0026nbsp;\u003c/td\u003e\u003ctd\u003eNo action needed\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 12.1\u003c/td\u003e\u003ctd\u003e12.1.5 through 12.1.6\u003c/td\u003e\u003ctd\u003eUpgrade to 12.1.7 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e12.1.2 through 12.1.4-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 12.1.4-h5 or 12.1.7 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 11.2\u003c/td\u003e\u003ctd\u003e11.2.11 or later\u003c/td\u003e\u003ctd\u003eUpgrade to 11.2.12 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.2.8 through 11.2.10-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.2.10-h6 or 11.2.12 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.2.5 through 11.2.7-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.2.7-h13 or 11.2.12 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.2.0 through 11.2.4-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.2.4-h17 or 11.2.12 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 11.1\u003c/td\u003e\u003ctd\u003e11.1.14 or later\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.15 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.1.11 through 11.1.13-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.13-h5 or 11.1.15 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.1.8 through 11.1.10-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.10-h25 or 11.1.15 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e\u003cbr\u003e11.1.7 through 11.1.7-h*\u003cbr\u003e\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.7-h6 or 11.1.15 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.1.5 through 11.1.6-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.6-h32 or 11.1.15 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.1.0 through 11.1.4-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.4-h33 or 11.1.15 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 10.2\u003c/td\u003e\u003ctd\u003e10.2.17 through 10.2.18-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 10.2.18-h6 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u0026nbsp;\u003c/td\u003e\u003ctd\u003e10.2.14 through 10.2.16-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 10.2.16-h7 or 10.2.18-h6 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e10.2.11 through 10.2.13-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 10.2.13-h21 or 10.2.18-h6 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e10.2.8 through 10.2.10-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 10.2.10-h36 or 10.2.18-h6 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u0026nbsp;\u003c/td\u003e\u003ctd\u003e10.2.0 through 10.2.7-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 10.2.7-h34 or 10.2.18-h6 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePrisma Access 10.2\u003c/td\u003e\u003ctd\u003e\u003cspan\u003e10.2.0 through 10.2.10-h*\u003c/span\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan\u003eUpgrade to 10.2.10-h36 or later.\u003c/span\u003e \u003cbr\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePrisma Access 11.2\u003c/td\u003e\u003ctd\u003e11.2.0 through 11.2.7-h*\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e\u0026nbsp;Upgrade to 11.2.7-h13 or later.\u003cbr\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e All older unsupported PAN-OS versions\u003c/td\u003e\u003ctd\u003e\u0026nbsp;\u003c/td\u003e\u003ctd\u003e Upgrade to a supported fixed version.\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e"
}
],
"value": "VERSION MINOR VERSION SUGGESTED SOLUTION\nCloud NGFW No action needed\nPAN-OS 12.1 12.1.5 through 12.1.6 Upgrade to 12.1.7 or later.\n 12.1.2 through 12.1.4-h* Upgrade to 12.1.4-h5 or 12.1.7 or later.\nPAN-OS 11.2 11.2.11 or later Upgrade to 11.2.12 or later.\n 11.2.8 through 11.2.10-h* Upgrade to 11.2.10-h6 or 11.2.12 or later.\n 11.2.5 through 11.2.7-h* Upgrade to 11.2.7-h13 or 11.2.12 or later.\n 11.2.0 through 11.2.4-h* Upgrade to 11.2.4-h17 or 11.2.12 or later.\nPAN-OS 11.1 11.1.14 or later Upgrade to 11.1.15 or later.\n 11.1.11 through 11.1.13-h* Upgrade to 11.1.13-h5 or 11.1.15 or later.\n 11.1.8 through 11.1.10-h* Upgrade to 11.1.10-h25 or 11.1.15 or later.\n 11.1.7 through 11.1.7-h* Upgrade to 11.1.7-h6 or 11.1.15 or later.\n 11.1.5 through 11.1.6-h* Upgrade to 11.1.6-h32 or 11.1.15 or later.\n 11.1.0 through 11.1.4-h* Upgrade to 11.1.4-h33 or 11.1.15 or later.\nPAN-OS 10.2 10.2.17 through 10.2.18-h* Upgrade to 10.2.18-h6 or later.\n 10.2.14 through 10.2.16-h* Upgrade to 10.2.16-h7 or 10.2.18-h6 or later.\n 10.2.11 through 10.2.13-h* Upgrade to 10.2.13-h21 or 10.2.18-h6 or later.\n 10.2.8 through 10.2.10-h* Upgrade to 10.2.10-h36 or 10.2.18-h6 or later.\n 10.2.0 through 10.2.7-h* Upgrade to 10.2.7-h34 or 10.2.18-h6 or later.\nPrisma Access 10.2 10.2.0 through 10.2.10-h* Upgrade to 10.2.10-h36 or later.\nPrisma Access 11.2 11.2.0 through 11.2.7-h* Upgrade to 11.2.7-h13 or later.\nAll older unsupported PAN-OS versions Upgrade to a supported fixed version."
}
],
"source": {
"discovery": "INTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2026-05-13T16:00:00.000Z",
"value": "Initial publication."
}
],
"title": "PAN-OS: Denial of Service Vulnerabilities in Network Traffic Parsing",
"workarounds": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003c/p\u003e\u003cp\u003eCustomers with a Threat Prevention subscription can block attacks for this vulnerability by enabling Threat IDs 510011, 510015, 510022 (HTTP traffic only), and 510023 (from Applications and Threats content version 9100-10044 and later).\u003c/p\u003e\u003cp\u003ePlease note that all of the above Threat IDs require SSL Decryption.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "Customers with a Threat Prevention subscription can block attacks for this vulnerability by enabling Threat IDs 510011, 510015, 510022 (HTTP traffic only), and 510023 (from Applications and Threats content version 9100-10044 and later).\n\nPlease note that all of the above Threat IDs require SSL Decryption."
}
],
"x_affectedList": [
"PAN-OS 12.1.6",
"PAN-OS 12.1.5",
"PAN-OS 12.1.4-h3",
"PAN-OS 12.1.4-h2",
"PAN-OS 12.1.4",
"PAN-OS 12.1.3-h3",
"PAN-OS 12.1.3-h1",
"PAN-OS 12.1.3",
"PAN-OS 12.1.2",
"PAN-OS 11.2.11",
"PAN-OS 11.2.10-h5",
"PAN-OS 11.2.10-h4",
"PAN-OS 11.2.10-h3",
"PAN-OS 11.2.10-h2",
"PAN-OS 11.2.10-h1",
"PAN-OS 11.2.10",
"PAN-OS 11.2.9",
"PAN-OS 11.2.8",
"PAN-OS 11.2.7-h12",
"PAN-OS 11.2.7-h11",
"PAN-OS 11.2.7-h10",
"PAN-OS 11.2.7-h8",
"PAN-OS 11.2.7-h7",
"PAN-OS 11.2.7-h4",
"PAN-OS 11.2.7-h3",
"PAN-OS 11.2.7-h2",
"PAN-OS 11.2.7-h1",
"PAN-OS 11.2.7",
"PAN-OS 11.2.6",
"PAN-OS 11.2.5",
"PAN-OS 11.2.4-h15",
"PAN-OS 11.2.4-h14",
"PAN-OS 11.2.4-h12",
"PAN-OS 11.2.4-h11",
"PAN-OS 11.2.4-h10",
"PAN-OS 11.2.4-h9",
"PAN-OS 11.2.4-h8",
"PAN-OS 11.2.4-h7",
"PAN-OS 11.2.4-h6",
"PAN-OS 11.2.4-h5",
"PAN-OS 11.2.4-h4",
"PAN-OS 11.2.4-h3",
"PAN-OS 11.2.4-h2",
"PAN-OS 11.2.4-h1",
"PAN-OS 11.2.4",
"PAN-OS 11.2.3-h5",
"PAN-OS 11.2.3-h4",
"PAN-OS 11.2.3-h3",
"PAN-OS 11.2.3-h2",
"PAN-OS 11.2.3-h1",
"PAN-OS 11.2.3",
"PAN-OS 11.2.2-h2",
"PAN-OS 11.2.2-h1",
"PAN-OS 11.2.1-h1",
"PAN-OS 11.2.1",
"PAN-OS 11.2.0-h1",
"PAN-OS 11.2.0",
"PAN-OS 11.1.14",
"PAN-OS 11.1.13-h3",
"PAN-OS 11.1.13-h2",
"PAN-OS 11.1.13-h1",
"PAN-OS 11.1.13",
"PAN-OS 11.1.12",
"PAN-OS 11.1.11",
"PAN-OS 11.1.10-h21",
"PAN-OS 11.1.10-h12",
"PAN-OS 11.1.10-h10",
"PAN-OS 11.1.10-h9",
"PAN-OS 11.1.10-h7",
"PAN-OS 11.1.10-h5",
"PAN-OS 11.1.10-h4",
"PAN-OS 11.1.10-h1",
"PAN-OS 11.1.10",
"PAN-OS 11.1.9",
"PAN-OS 11.1.8",
"PAN-OS 11.1.6-h29",
"PAN-OS 11.1.6-h25",
"PAN-OS 11.1.6-h23",
"PAN-OS 11.1.6-h22",
"PAN-OS 11.1.6-h21",
"PAN-OS 11.1.6-h20",
"PAN-OS 11.1.6-h19",
"PAN-OS 11.1.6-h18",
"PAN-OS 11.1.6-h17",
"PAN-OS 11.1.6-h14",
"PAN-OS 11.1.6-h10",
"PAN-OS 11.1.6-h7",
"PAN-OS 11.1.6-h6",
"PAN-OS 11.1.6-h4",
"PAN-OS 11.1.6-h3",
"PAN-OS 11.1.6-h2",
"PAN-OS 11.1.6-h1",
"PAN-OS 11.1.6",
"PAN-OS 11.1.5-h1",
"PAN-OS 11.1.5",
"PAN-OS 11.1.4-h32",
"PAN-OS 11.1.4-h27",
"PAN-OS 11.1.4-h25",
"PAN-OS 11.1.4-h18",
"PAN-OS 11.1.4-h17",
"PAN-OS 11.1.4-h15",
"PAN-OS 11.1.4-h13",
"PAN-OS 11.1.4-h12",
"PAN-OS 11.1.4-h11",
"PAN-OS 11.1.4-h10",
"PAN-OS 11.1.4-h9",
"PAN-OS 11.1.4-h8",
"PAN-OS 11.1.4-h7",
"PAN-OS 11.1.4-h6",
"PAN-OS 11.1.4-h5",
"PAN-OS 11.1.4-h4",
"PAN-OS 11.1.4-h3",
"PAN-OS 11.1.4-h2",
"PAN-OS 11.1.4-h1",
"PAN-OS 11.1.4",
"PAN-OS 11.1.3-h13",
"PAN-OS 11.1.3-h12",
"PAN-OS 11.1.3-h11",
"PAN-OS 11.1.3-h10",
"PAN-OS 11.1.3-h9",
"PAN-OS 11.1.3-h8",
"PAN-OS 11.1.3-h7",
"PAN-OS 11.1.3-h6",
"PAN-OS 11.1.3-h5",
"PAN-OS 11.1.3-h4",
"PAN-OS 11.1.3-h3",
"PAN-OS 11.1.3-h2",
"PAN-OS 11.1.3-h1",
"PAN-OS 11.1.3",
"PAN-OS 11.1.2-h18",
"PAN-OS 11.1.2-h17",
"PAN-OS 11.1.2-h16",
"PAN-OS 11.1.2-h15",
"PAN-OS 11.1.2-h14",
"PAN-OS 11.1.2-h13",
"PAN-OS 11.1.2-h12",
"PAN-OS 11.1.2-h11",
"PAN-OS 11.1.2-h10",
"PAN-OS 11.1.2-h9",
"PAN-OS 11.1.2-h8",
"PAN-OS 11.1.2-h7",
"PAN-OS 11.1.2-h6",
"PAN-OS 11.1.2-h5",
"PAN-OS 11.1.2-h4",
"PAN-OS 11.1.2-h3",
"PAN-OS 11.1.2-h2",
"PAN-OS 11.1.2-h1",
"PAN-OS 11.1.2",
"PAN-OS 11.1.1-h2",
"PAN-OS 11.1.1-h1",
"PAN-OS 11.1.1",
"PAN-OS 11.1.0-h4",
"PAN-OS 11.1.0-h3",
"PAN-OS 11.1.0-h2",
"PAN-OS 11.1.0-h1",
"PAN-OS 11.1.0",
"PAN-OS 10.2.18-h5",
"PAN-OS 10.2.18-h1",
"PAN-OS 10.2.18",
"PAN-OS 10.2.17",
"PAN-OS 10.2.16-h6",
"PAN-OS 10.2.16-h4",
"PAN-OS 10.2.16-h1",
"PAN-OS 10.2.16",
"PAN-OS 10.2.15",
"PAN-OS 10.2.14-h1",
"PAN-OS 10.2.14",
"PAN-OS 10.2.13-h18",
"PAN-OS 10.2.13-h16",
"PAN-OS 10.2.13-h15",
"PAN-OS 10.2.13-h10",
"PAN-OS 10.2.13-h7",
"PAN-OS 10.2.13-h5",
"PAN-OS 10.2.13-h4",
"PAN-OS 10.2.13-h3",
"PAN-OS 10.2.13-h2",
"PAN-OS 10.2.13-h1",
"PAN-OS 10.2.13",
"PAN-OS 10.2.12-h6",
"PAN-OS 10.2.12-h5",
"PAN-OS 10.2.12-h4",
"PAN-OS 10.2.12-h3",
"PAN-OS 10.2.12-h2",
"PAN-OS 10.2.12-h1",
"PAN-OS 10.2.12",
"PAN-OS 10.2.11-h13",
"PAN-OS 10.2.11-h12",
"PAN-OS 10.2.11-h11",
"PAN-OS 10.2.11-h10",
"PAN-OS 10.2.11-h9",
"PAN-OS 10.2.11-h8",
"PAN-OS 10.2.11-h7",
"PAN-OS 10.2.11-h6",
"PAN-OS 10.2.11-h5",
"PAN-OS 10.2.11-h4",
"PAN-OS 10.2.11-h3",
"PAN-OS 10.2.11-h2",
"PAN-OS 10.2.11-h1",
"PAN-OS 10.2.11",
"PAN-OS 10.2.10-h31",
"PAN-OS 10.2.10-h30",
"PAN-OS 10.2.10-h27",
"PAN-OS 10.2.10-h26",
"PAN-OS 10.2.10-h23",
"PAN-OS 10.2.10-h21",
"PAN-OS 10.2.10-h18",
"PAN-OS 10.2.10-h17",
"PAN-OS 10.2.10-h14",
"PAN-OS 10.2.10-h13",
"PAN-OS 10.2.10-h12",
"PAN-OS 10.2.10-h11",
"PAN-OS 10.2.10-h10",
"PAN-OS 10.2.10-h9",
"PAN-OS 10.2.10-h8",
"PAN-OS 10.2.10-h7",
"PAN-OS 10.2.10-h6",
"PAN-OS 10.2.10-h5",
"PAN-OS 10.2.10-h4",
"PAN-OS 10.2.10-h3",
"PAN-OS 10.2.10-h2",
"PAN-OS 10.2.10-h1",
"PAN-OS 10.2.10",
"PAN-OS 10.2.9-h21",
"PAN-OS 10.2.9-h20",
"PAN-OS 10.2.9-h19",
"PAN-OS 10.2.9-h18",
"PAN-OS 10.2.9-h17",
"PAN-OS 10.2.9-h16",
"PAN-OS 10.2.9-h15",
"PAN-OS 10.2.9-h14",
"PAN-OS 10.2.9-h13",
"PAN-OS 10.2.9-h12",
"PAN-OS 10.2.9-h11",
"PAN-OS 10.2.9-h10",
"PAN-OS 10.2.9-h9",
"PAN-OS 10.2.9-h8",
"PAN-OS 10.2.9-h7",
"PAN-OS 10.2.9-h6",
"PAN-OS 10.2.9-h5",
"PAN-OS 10.2.9-h4",
"PAN-OS 10.2.9-h3",
"PAN-OS 10.2.9-h2",
"PAN-OS 10.2.9-h1",
"PAN-OS 10.2.9",
"PAN-OS 10.2.8-h21",
"PAN-OS 10.2.8-h20",
"PAN-OS 10.2.8-h19",
"PAN-OS 10.2.8-h18",
"PAN-OS 10.2.8-h17",
"PAN-OS 10.2.8-h16",
"PAN-OS 10.2.8-h15",
"PAN-OS 10.2.8-h14",
"PAN-OS 10.2.8-h13",
"PAN-OS 10.2.8-h12",
"PAN-OS 10.2.8-h11",
"PAN-OS 10.2.8-h10",
"PAN-OS 10.2.8-h9",
"PAN-OS 10.2.8-h8",
"PAN-OS 10.2.8-h7",
"PAN-OS 10.2.8-h6",
"PAN-OS 10.2.8-h5",
"PAN-OS 10.2.8-h4",
"PAN-OS 10.2.8-h3",
"PAN-OS 10.2.8-h2",
"PAN-OS 10.2.8-h1",
"PAN-OS 10.2.8",
"PAN-OS 10.2.7-h32",
"PAN-OS 10.2.7-h24",
"PAN-OS 10.2.7-h23",
"PAN-OS 10.2.7-h22",
"PAN-OS 10.2.7-h21",
"PAN-OS 10.2.7-h20",
"PAN-OS 10.2.7-h19",
"PAN-OS 10.2.7-h18",
"PAN-OS 10.2.7-h17",
"PAN-OS 10.2.7-h16",
"PAN-OS 10.2.7-h15",
"PAN-OS 10.2.7-h14",
"PAN-OS 10.2.7-h13",
"PAN-OS 10.2.7-h12",
"PAN-OS 10.2.7-h11",
"PAN-OS 10.2.7-h10",
"PAN-OS 10.2.7-h9",
"PAN-OS 10.2.7-h8",
"PAN-OS 10.2.7-h7",
"PAN-OS 10.2.7-h6",
"PAN-OS 10.2.7-h5",
"PAN-OS 10.2.7-h4",
"PAN-OS 10.2.7-h3",
"PAN-OS 10.2.7-h2",
"PAN-OS 10.2.7-h1",
"PAN-OS 10.2.7",
"PAN-OS 10.2.6-h6",
"PAN-OS 10.2.6-h5",
"PAN-OS 10.2.6-h4",
"PAN-OS 10.2.6-h3",
"PAN-OS 10.2.6-h2",
"PAN-OS 10.2.6-h1",
"PAN-OS 10.2.6",
"PAN-OS 10.2.5-h9",
"PAN-OS 10.2.5-h8",
"PAN-OS 10.2.5-h7",
"PAN-OS 10.2.5-h6",
"PAN-OS 10.2.5-h5",
"PAN-OS 10.2.5-h4",
"PAN-OS 10.2.5-h3",
"PAN-OS 10.2.5-h2",
"PAN-OS 10.2.5-h1",
"PAN-OS 10.2.5",
"PAN-OS 10.2.4-h32",
"PAN-OS 10.2.4-h31",
"PAN-OS 10.2.4-h30",
"PAN-OS 10.2.4-h29",
"PAN-OS 10.2.4-h28",
"PAN-OS 10.2.4-h27",
"PAN-OS 10.2.4-h26",
"PAN-OS 10.2.4-h25",
"PAN-OS 10.2.4-h24",
"PAN-OS 10.2.4-h23",
"PAN-OS 10.2.4-h22",
"PAN-OS 10.2.4-h21",
"PAN-OS 10.2.4-h20",
"PAN-OS 10.2.4-h19",
"PAN-OS 10.2.4-h18",
"PAN-OS 10.2.4-h17",
"PAN-OS 10.2.4-h16",
"PAN-OS 10.2.4-h15",
"PAN-OS 10.2.4-h14",
"PAN-OS 10.2.4-h13",
"PAN-OS 10.2.4-h12",
"PAN-OS 10.2.4-h11",
"PAN-OS 10.2.4-h10",
"PAN-OS 10.2.4-h9",
"PAN-OS 10.2.4-h8",
"PAN-OS 10.2.4-h7",
"PAN-OS 10.2.4-h6",
"PAN-OS 10.2.4-h5",
"PAN-OS 10.2.4-h4",
"PAN-OS 10.2.4-h3",
"PAN-OS 10.2.4-h2",
"PAN-OS 10.2.4-h1",
"PAN-OS 10.2.4",
"PAN-OS 10.2.3-h14",
"PAN-OS 10.2.3-h13",
"PAN-OS 10.2.3-h12",
"PAN-OS 10.2.3-h11",
"PAN-OS 10.2.3-h10",
"PAN-OS 10.2.3-h9",
"PAN-OS 10.2.3-h8",
"PAN-OS 10.2.3-h7",
"PAN-OS 10.2.3-h6",
"PAN-OS 10.2.3-h5",
"PAN-OS 10.2.3-h4",
"PAN-OS 10.2.3-h3",
"PAN-OS 10.2.3-h2",
"PAN-OS 10.2.3-h1",
"PAN-OS 10.2.3",
"PAN-OS 10.2.2-h6",
"PAN-OS 10.2.2-h5",
"PAN-OS 10.2.2-h4",
"PAN-OS 10.2.2-h3",
"PAN-OS 10.2.2-h2",
"PAN-OS 10.2.2-h1",
"PAN-OS 10.2.2",
"PAN-OS 10.2.1-h3",
"PAN-OS 10.2.1-h2",
"PAN-OS 10.2.1-h1",
"PAN-OS 10.2.1",
"PAN-OS 10.2.0-h4",
"PAN-OS 10.2.0-h3",
"PAN-OS 10.2.0-h2",
"PAN-OS 10.2.0-h1",
"PAN-OS 10.2.0"
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2026-0262",
"datePublished": "2026-05-13T17:49:43.620Z",
"dateReserved": "2025-11-03T20:44:22.910Z",
"dateUpdated": "2026-06-09T09:02:46.762Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-0263 (GCVE-0-2026-0263)
Vulnerability from cvelistv5 – Published: 2026-05-13 17:47 – Updated: 2026-05-14 03:56
VLAI
EPSS
Title
PAN-OS: Remote Code Execution (RCE) in IKEv2 Processing
Summary
A buffer overflow vulnerability in the IKEv2 processing of Palo Alto Networks PAN-OS® software allows an unauthenticated network-based attacker to execute arbitrary code with elevated privileges on the firewall, or cause a denial of service (DoS) condition.
Panorama, Cloud NGFW, and Prisma® Access are not impacted by these vulnerabilities.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://security.paloaltonetworks.com/CVE-2026-0263 | vendor-advisory |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Palo Alto Networks | Cloud NGFW |
Unaffected:
All
(custom)
|
|
| Palo Alto Networks | PAN-OS |
Affected:
12.1.0 , < 12.1.7, 12.1.4-h5
(custom)
Affected: 11.2.0 , < 11.2.12, 11.2.10-h6, 11.2.7-h13, 11.2.4-h17 (custom) Affected: 11.1.0 , < 11.1.15, 11.1.13-h5, 11.1.10-h25, 11.1.7-h6, 11.1.6-h32, 11.1.4-h33 (custom) Unaffected: 10.2.0 (custom) cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h12:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h11:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h10:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h8:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h15:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h14:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h12:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h11:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h10:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h9:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h8:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h6:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.14:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h21:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h12:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h10:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h9:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h29:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h25:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h23:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h22:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h21:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h20:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h19:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h18:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h17:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h14:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h10:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h6:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h32:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h27:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h25:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h18:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h17:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h15:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h13:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h12:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h11:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h10:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h9:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h8:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h6:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:* |
|
| Palo Alto Networks | Prisma Access |
Unaffected:
All
(custom)
|
Date Public
2026-05-13 16:00
Credits
our internal security research teams
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-0263",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-13T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T03:56:32.299Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Cloud NGFW",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "unaffected",
"version": "All",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h12:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h11:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h8:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h15:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h14:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h12:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h11:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h9:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h8:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.14:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h21:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h12:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h9:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h29:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h25:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h23:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h22:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h21:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h20:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h19:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h18:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h17:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h14:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h32:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h27:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h25:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h18:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h17:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h15:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h13:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h12:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h11:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h9:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h8:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "PAN-OS",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "12.1.7",
"status": "unaffected"
},
{
"at": "12.1.4-h5",
"status": "unaffected"
}
],
"lessThan": "12.1.7, 12.1.4-h5",
"status": "affected",
"version": "12.1.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "11.2.12",
"status": "unaffected"
},
{
"at": "11.2.10-h6",
"status": "unaffected"
},
{
"at": "11.2.7-h13",
"status": "unaffected"
},
{
"at": "11.2.4-h17",
"status": "unaffected"
}
],
"lessThan": "11.2.12, 11.2.10-h6, 11.2.7-h13, 11.2.4-h17",
"status": "affected",
"version": "11.2.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "11.1.15",
"status": "unaffected"
},
{
"at": "11.1.13-h5",
"status": "unaffected"
},
{
"at": "11.1.10-h25",
"status": "unaffected"
},
{
"at": "11.1.7-h6",
"status": "unaffected"
},
{
"at": "11.1.6-h32",
"status": "unaffected"
},
{
"at": "11.1.4-h33",
"status": "unaffected"
}
],
"lessThan": "11.1.15, 11.1.13-h5, 11.1.10-h25, 11.1.7-h6, 11.1.6-h32, 11.1.4-h33",
"status": "affected",
"version": "11.1.0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "10.2.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Prisma Access",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "unaffected",
"version": "All",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003c/p\u003eThis issue requires IKEv2 VPN tunnels that is configured with Post Quantum Cryptography (PQC).\u003cp\u003e\u003c/p\u003e"
}
],
"value": "This issue requires IKEv2 VPN tunnels that is configured with Post Quantum Cryptography (PQC)."
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:palo_alto_networks:cloud_ngfw:all:*:*:*:*:*:*:*",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "12.1.7_12.1.4-h5",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.2.12_11.2.10-h6_11.2.7-h13_11.2.4-h17",
"versionStartIncluding": "11.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.1.15_11.1.13-h5_11.1.10-h25_11.1.7-h6_11.1.6-h32_11.1.4-h33",
"versionStartIncluding": "11.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:palo_alto_networks:prisma_access:all:*:*:*:*:*:*:*",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "other",
"value": "our internal security research teams"
}
],
"datePublic": "2026-05-13T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA buffer overflow vulnerability in the IKEv2 processing of Palo Alto Networks PAN-OS\u00ae software allows an unauthenticated network-based attacker to execute arbitrary code with elevated privileges on the firewall, or cause a denial of service (DoS) condition.\u003cbr\u003e\u003c/p\u003ePanorama, Cloud NGFW, and Prisma\u003cspan\u003e\u00ae\u003c/span\u003e Access are not impacted by these vulnerabilities."
}
],
"value": "A buffer overflow vulnerability in the IKEv2 processing of Palo Alto Networks PAN-OS\u00ae software allows an unauthenticated network-based attacker to execute arbitrary code with elevated privileges on the firewall, or cause a denial of service (DoS) condition.\n\n\nPanorama, Cloud NGFW, and Prisma\u00ae Access are not impacted by these vulnerabilities."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePalo Alto Networks is not aware of any malicious exploitation of this issue.\u003c/p\u003e"
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"exploitMaturity": "UNREPORTED",
"privilegesRequired": "NONE",
"providerUrgency": "RED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N/E:U/AU:Y/R:U/V:C/RE:H/U:Red",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "HIGH"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-13T17:47:05.198Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2026-0263"
}
],
"solutions": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ctable class=\"tbl\"\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eVersion\u003c/th\u003e\u003cth\u003eMinor Version\u003c/th\u003e\u003cth\u003eSuggested Solution\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e Cloud NGFW\u003c/td\u003e\u003ctd\u003e\u0026nbsp;\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 12.1\u003c/td\u003e\u003ctd\u003e12.1.5 through 12.1.6\u003c/td\u003e\u003ctd\u003eUpgrade to 12.1.7 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e12.1.2 through 12.1.4-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 12.1.4-h5 or 12.1.7 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 11.2\u003c/td\u003e\u003ctd\u003e11.2.11 or later\u003c/td\u003e\u003ctd\u003eUpgrade to 11.2.12 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.2.8 through 11.2.10-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.2.10-h6 or 11.2.12 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.2.5 through 11.2.7-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.2.7-h13 or 11.2.12 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.2.0 through 11.2.4-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.2.4-h17 or 11.2.12 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 11.1\u003c/td\u003e\u003ctd\u003e11.1.14 or later\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.15 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.1.11 through 11.1.13-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.13-h5 or 11.1.15 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.1.8 through 11.1.10-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.10-h25 or 11.1.15 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.1.7 through 11.1.7-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.7-h6 or 11.1.15 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.1.5 through 11.1.6-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.6-h32 or 11.1.15 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.1.0 through 11.1.4-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.4-h33 or 11.1.15 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 10.2\u003c/td\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePrisma Access\u0026nbsp;\u003c/td\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u0026nbsp;\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e All older unsupported PAN-OS versions\u003c/td\u003e\u003ctd\u003e\u0026nbsp;\u003c/td\u003e\u003ctd\u003e Upgrade to a supported fixed version.\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e"
}
],
"value": "VERSION MINOR VERSION SUGGESTED SOLUTION\nCloud NGFW No action needed.\nPAN-OS 12.1 12.1.5 through 12.1.6 Upgrade to 12.1.7 or later.\n 12.1.2 through 12.1.4-h* Upgrade to 12.1.4-h5 or 12.1.7 or later.\nPAN-OS 11.2 11.2.11 or later Upgrade to 11.2.12 or later.\n 11.2.8 through 11.2.10-h* Upgrade to 11.2.10-h6 or 11.2.12 or later.\n 11.2.5 through 11.2.7-h* Upgrade to 11.2.7-h13 or 11.2.12 or later.\n 11.2.0 through 11.2.4-h* Upgrade to 11.2.4-h17 or 11.2.12 or later.\nPAN-OS 11.1 11.1.14 or later Upgrade to 11.1.15 or later.\n 11.1.11 through 11.1.13-h* Upgrade to 11.1.13-h5 or 11.1.15 or later.\n 11.1.8 through 11.1.10-h* Upgrade to 11.1.10-h25 or 11.1.15 or later.\n 11.1.7 through 11.1.7-h* Upgrade to 11.1.7-h6 or 11.1.15 or later.\n 11.1.5 through 11.1.6-h* Upgrade to 11.1.6-h32 or 11.1.15 or later.\n 11.1.0 through 11.1.4-h* Upgrade to 11.1.4-h33 or 11.1.15 or later.\nPAN-OS 10.2 No action needed.\nPrisma Access No action needed. \nAll older unsupported PAN-OS versions Upgrade to a supported fixed version."
}
],
"source": {
"discovery": "INTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2026-05-13T16:00:00.000Z",
"value": "Initial publication."
}
],
"title": "PAN-OS: Remote Code Execution (RCE) in IKEv2 Processing",
"workarounds": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003c/p\u003e\u003cp\u003eCustomers using IKEv2 VPN can mitigate this issue by configuring IKEv2 VPN tunnels only with NIST approved Post Quantum Cryptography (PQC) ciphers.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "Customers using IKEv2 VPN can mitigate this issue by configuring IKEv2 VPN tunnels only with NIST approved Post Quantum Cryptography (PQC) ciphers."
}
],
"x_affectedList": [
"PAN-OS 12.1.6",
"PAN-OS 12.1.5",
"PAN-OS 12.1.4-h3",
"PAN-OS 12.1.4-h2",
"PAN-OS 12.1.4",
"PAN-OS 12.1.3-h3",
"PAN-OS 12.1.3-h1",
"PAN-OS 12.1.3",
"PAN-OS 12.1.2",
"PAN-OS 11.2.11",
"PAN-OS 11.2.10-h5",
"PAN-OS 11.2.10-h4",
"PAN-OS 11.2.10-h3",
"PAN-OS 11.2.10-h2",
"PAN-OS 11.2.10-h1",
"PAN-OS 11.2.10",
"PAN-OS 11.2.9",
"PAN-OS 11.2.8",
"PAN-OS 11.2.7-h12",
"PAN-OS 11.2.7-h11",
"PAN-OS 11.2.7-h10",
"PAN-OS 11.2.7-h8",
"PAN-OS 11.2.7-h7",
"PAN-OS 11.2.7-h4",
"PAN-OS 11.2.7-h3",
"PAN-OS 11.2.7-h2",
"PAN-OS 11.2.7-h1",
"PAN-OS 11.2.7",
"PAN-OS 11.2.6",
"PAN-OS 11.2.5",
"PAN-OS 11.2.4-h15",
"PAN-OS 11.2.4-h14",
"PAN-OS 11.2.4-h12",
"PAN-OS 11.2.4-h11",
"PAN-OS 11.2.4-h10",
"PAN-OS 11.2.4-h9",
"PAN-OS 11.2.4-h8",
"PAN-OS 11.2.4-h7",
"PAN-OS 11.2.4-h6",
"PAN-OS 11.2.4-h5",
"PAN-OS 11.2.4-h4",
"PAN-OS 11.2.4-h3",
"PAN-OS 11.2.4-h2",
"PAN-OS 11.2.4-h1",
"PAN-OS 11.2.4",
"PAN-OS 11.2.3-h5",
"PAN-OS 11.2.3-h4",
"PAN-OS 11.2.3-h3",
"PAN-OS 11.2.3-h2",
"PAN-OS 11.2.3-h1",
"PAN-OS 11.2.3",
"PAN-OS 11.2.2-h2",
"PAN-OS 11.2.2-h1",
"PAN-OS 11.2.1-h1",
"PAN-OS 11.2.1",
"PAN-OS 11.2.0-h1",
"PAN-OS 11.2.0",
"PAN-OS 11.1.14",
"PAN-OS 11.1.13-h3",
"PAN-OS 11.1.13-h2",
"PAN-OS 11.1.13-h1",
"PAN-OS 11.1.13",
"PAN-OS 11.1.12",
"PAN-OS 11.1.11",
"PAN-OS 11.1.10-h21",
"PAN-OS 11.1.10-h12",
"PAN-OS 11.1.10-h10",
"PAN-OS 11.1.10-h9",
"PAN-OS 11.1.10-h7",
"PAN-OS 11.1.10-h5",
"PAN-OS 11.1.10-h4",
"PAN-OS 11.1.10-h1",
"PAN-OS 11.1.10",
"PAN-OS 11.1.9",
"PAN-OS 11.1.8",
"PAN-OS 11.1.6-h29",
"PAN-OS 11.1.6-h25",
"PAN-OS 11.1.6-h23",
"PAN-OS 11.1.6-h22",
"PAN-OS 11.1.6-h21",
"PAN-OS 11.1.6-h20",
"PAN-OS 11.1.6-h19",
"PAN-OS 11.1.6-h18",
"PAN-OS 11.1.6-h17",
"PAN-OS 11.1.6-h14",
"PAN-OS 11.1.6-h10",
"PAN-OS 11.1.6-h7",
"PAN-OS 11.1.6-h6",
"PAN-OS 11.1.6-h4",
"PAN-OS 11.1.6-h3",
"PAN-OS 11.1.6-h2",
"PAN-OS 11.1.6-h1",
"PAN-OS 11.1.6",
"PAN-OS 11.1.5-h1",
"PAN-OS 11.1.5",
"PAN-OS 11.1.4-h32",
"PAN-OS 11.1.4-h27",
"PAN-OS 11.1.4-h25",
"PAN-OS 11.1.4-h18",
"PAN-OS 11.1.4-h17",
"PAN-OS 11.1.4-h15",
"PAN-OS 11.1.4-h13",
"PAN-OS 11.1.4-h12",
"PAN-OS 11.1.4-h11",
"PAN-OS 11.1.4-h10",
"PAN-OS 11.1.4-h9",
"PAN-OS 11.1.4-h8",
"PAN-OS 11.1.4-h7",
"PAN-OS 11.1.4-h6",
"PAN-OS 11.1.4-h5",
"PAN-OS 11.1.4-h4",
"PAN-OS 11.1.4-h3",
"PAN-OS 11.1.4-h2",
"PAN-OS 11.1.4-h1",
"PAN-OS 11.1.4",
"PAN-OS 11.1.3-h13",
"PAN-OS 11.1.3-h12",
"PAN-OS 11.1.3-h11",
"PAN-OS 11.1.3-h10",
"PAN-OS 11.1.3-h9",
"PAN-OS 11.1.3-h8",
"PAN-OS 11.1.3-h7",
"PAN-OS 11.1.3-h6",
"PAN-OS 11.1.3-h5",
"PAN-OS 11.1.3-h4",
"PAN-OS 11.1.3-h3",
"PAN-OS 11.1.3-h2",
"PAN-OS 11.1.3-h1",
"PAN-OS 11.1.3",
"PAN-OS 11.1.2-h18",
"PAN-OS 11.1.2-h17",
"PAN-OS 11.1.2-h16",
"PAN-OS 11.1.2-h15",
"PAN-OS 11.1.2-h14",
"PAN-OS 11.1.2-h13",
"PAN-OS 11.1.2-h12",
"PAN-OS 11.1.2-h11",
"PAN-OS 11.1.2-h10",
"PAN-OS 11.1.2-h9",
"PAN-OS 11.1.2-h8",
"PAN-OS 11.1.2-h7",
"PAN-OS 11.1.2-h6",
"PAN-OS 11.1.2-h5",
"PAN-OS 11.1.2-h4",
"PAN-OS 11.1.2-h3",
"PAN-OS 11.1.2-h2",
"PAN-OS 11.1.2-h1",
"PAN-OS 11.1.2",
"PAN-OS 11.1.1-h2",
"PAN-OS 11.1.1-h1",
"PAN-OS 11.1.1",
"PAN-OS 11.1.0-h4",
"PAN-OS 11.1.0-h3",
"PAN-OS 11.1.0-h2",
"PAN-OS 11.1.0-h1",
"PAN-OS 11.1.0"
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2026-0263",
"datePublished": "2026-05-13T17:47:05.198Z",
"dateReserved": "2025-11-03T20:44:23.944Z",
"dateUpdated": "2026-05-14T03:56:32.299Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-0264 (GCVE-0-2026-0264)
Vulnerability from cvelistv5 – Published: 2026-05-13 17:40 – Updated: 2026-06-09 09:02
VLAI
EPSS
Title
PAN-OS: Heap-Based Buffer Overflow in DNS Proxy and DNS Server Allows Unauthenticated Remote Code Execution
Summary
A buffer overflow vulnerability in the DNS proxy and DNS Server features of Palo Alto Networks PAN-OS® Software allows an unauthenticated attacker with network access to cause a denial of service (DoS) condition (all PAN-OS platforms except Cloud NGFW and Prisma Access) or potentially execute arbitrary code by sending specially crafted network traffic (PA-Series hardware only).
Panorama, Cloud NGFW, and Prisma® Access are not impacted by this vulnerability.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://security.paloaltonetworks.com/CVE-2026-0264 | vendor-advisory |
| https://cert-portal.siemens.com/productcert/html/… |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| Palo Alto Networks | Cloud NGFW |
Unaffected:
All
(custom)
|
|
| Palo Alto Networks | PAN-OS |
Affected:
12.1.0 , < 12.1.7, 12.1.4-h5
(custom)
Affected: 11.2.0 , < 11.2.12, 11.2.10-h6, 11.2.7-h13, 11.2.4-h17 (custom) Affected: 11.1.0 , < 11.1.15, 11.1.13-h5, 11.1.10-h25, 11.1.7-h6, 11.1.6-h32, 11.1.4-h33 (custom) Affected: 10.2.0 , < 10.2.18-h6, 10.2.16-h7, 10.2.13-h21, 10.2.10-h36, 10.2.7-h34 (custom) cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h11:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h10:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h8:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h15:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h14:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h12:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h11:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h10:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h9:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h8:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h6:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h21:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h12:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h10:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h9:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h29:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h25:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h23:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h22:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h21:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h20:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h19:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h18:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h17:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h14:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h10:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h6:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h27:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h25:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h18:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h17:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h15:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h13:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h12:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h11:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h10:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h9:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h8:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h6:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h6:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h18:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h16:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h15:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h10:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h31:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h30:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h27:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h26:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h23:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h21:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h18:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h17:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h14:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h13:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h12:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h11:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h10:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h9:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h8:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h6:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h32:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h24:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h23:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h22:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h21:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h20:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h19:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h18:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h17:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h16:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h15:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h14:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h13:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h12:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h11:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h10:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h9:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h8:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h6:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:* |
|
| Palo Alto Networks | Prisma Access |
Unaffected:
All
(custom)
|
|
| Siemens | RUGGEDCOM APE1808 |
Affected:
0 , < *
(custom)
|
Date Public
2026-05-13 16:00
Credits
Palo Alto Networks thanks an external reporter and our internal security research teams for discovering and reporting this issue.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-0264",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-13T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T03:56:31.192Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM APE1808",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T09:02:48.165Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-967325.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"AWS",
"Azure"
],
"product": "Cloud NGFW",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "unaffected",
"version": "All",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h11:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h8:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h15:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h14:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h12:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h11:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h9:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h8:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h21:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h12:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h9:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h29:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h25:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h23:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h22:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h21:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h20:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h19:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h18:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h17:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h14:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h27:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h25:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h18:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h17:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h15:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h13:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h12:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h11:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h9:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h8:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h18:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h16:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h15:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h31:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h30:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h27:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h26:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h23:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h21:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h18:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h17:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h14:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h13:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h12:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h11:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h9:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h8:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h32:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h24:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h23:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h22:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h21:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h20:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h19:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h18:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h17:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h16:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h15:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h14:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h13:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h12:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h11:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h9:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h8:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "PAN-OS",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "12.1.4-h5",
"status": "unaffected"
},
{
"at": "12.1.7",
"status": "unaffected"
}
],
"lessThan": "12.1.7, 12.1.4-h5",
"status": "affected",
"version": "12.1.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "11.2.4-h17",
"status": "unaffected"
},
{
"at": "11.2.7-h13",
"status": "unaffected"
},
{
"at": "11.2.10-h6",
"status": "unaffected"
},
{
"at": "11.2.12",
"status": "unaffected"
}
],
"lessThan": "11.2.12, 11.2.10-h6, 11.2.7-h13, 11.2.4-h17",
"status": "affected",
"version": "11.2.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "11.1.4-h33",
"status": "unaffected"
},
{
"at": "11.1.6-h32",
"status": "unaffected"
},
{
"at": "11.1.7-h6",
"status": "unaffected"
},
{
"at": "11.1.10-h25",
"status": "unaffected"
},
{
"at": "11.1.13-h5",
"status": "unaffected"
},
{
"at": "11.1.15",
"status": "unaffected"
}
],
"lessThan": "11.1.15, 11.1.13-h5, 11.1.10-h25, 11.1.7-h6, 11.1.6-h32, 11.1.4-h33",
"status": "affected",
"version": "11.1.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "10.2.7-h34",
"status": "unaffected"
},
{
"at": "10.2.10-h36",
"status": "unaffected"
},
{
"at": "10.2.13-h21",
"status": "unaffected"
},
{
"at": "10.2.16-h7",
"status": "unaffected"
},
{
"at": "10.2.18-h6",
"status": "unaffected"
}
],
"lessThan": "10.2.18-h6, 10.2.16-h7, 10.2.13-h21, 10.2.10-h36, 10.2.7-h34",
"status": "affected",
"version": "10.2.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Prisma Access",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "unaffected",
"version": "All",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThis issue is applicable only to PAN-OS firewalls if either of the following conditions are true:\u003c/p\u003e\u003col\u003e\u003cli\u003eDNS Proxy is enabled (\u003cb\u003eNetwork \u0026gt; DNS Proxy\u003c/b\u003e)\u0026nbsp;\u003cb\u003eAND \u003c/b\u003ea network interface is attached to DNS Proxy.\u0026nbsp;\u003cbr\u003e\u003cb\u003eOR\u003c/b\u003e\u003cbr\u003e\u003c/li\u003e\u003cli\u003eThe DNS server (\u003cb\u003eDevice\u003c/b\u003e\u0026nbsp;\u0026gt;\u003cb\u003e Setup \u003c/b\u003e\u0026gt; \u003cb\u003eServices\u003c/b\u003e) configured on NGFW is a compromised public untrusted IP address.\u003cbr\u003e\u003cbr\u003e\u003c/li\u003e\u003c/ol\u003e\u003cp\u003eThe risk is higher if the interface is externally exposed to an untrusted network.\u0026nbsp;Further documentation on \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClFcCAK\"\u003econfiguring DNS Proxy can be found here\u003c/a\u003e.\u003c/p\u003e"
}
],
"value": "This issue is applicable only to PAN-OS firewalls if either of the following conditions are true:\n\n 1. DNS Proxy is enabled (Network \u003e DNS Proxy) AND a network interface is attached to DNS Proxy. \n OR\n \n 2. The DNS server (Device \u003e Setup \u003e Services) configured on NGFW is a compromised public untrusted IP address.\n \n \n\nThe risk is higher if the interface is externally exposed to an untrusted network. Further documentation on configuring DNS Proxy can be found here (https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClFcCAK)."
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:palo_alto_networks:cloud_ngfw:all:*:aws:*:*:*:*:*",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:palo_alto_networks:cloud_ngfw:all:*:azure:*:*:*:*:*",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "12.1.7_12.1.4-h5",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.2.12_11.2.10-h6_11.2.7-h13_11.2.4-h17",
"versionStartIncluding": "11.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.1.15_11.1.13-h5_11.1.10-h25_11.1.7-h6_11.1.6-h32_11.1.4-h33",
"versionStartIncluding": "11.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.2.18-h6_10.2.16-h7_10.2.13-h21_10.2.10-h36_10.2.7-h34",
"versionStartIncluding": "10.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:palo_alto_networks:prisma_access:all:*:*:*:*:*:*:*",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "other",
"value": "Palo Alto Networks thanks an external reporter and our internal security research teams for discovering and reporting this issue."
}
],
"datePublic": "2026-05-13T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA buffer overflow vulnerability in the DNS proxy and DNS Server features of Palo Alto Networks PAN-OS\u00ae Software allows an unauthenticated attacker with network access to cause a denial of service (DoS) condition (all PAN-OS platforms except Cloud NGFW and Prisma Access) or potentially execute arbitrary code by sending specially crafted network traffic (PA-Series hardware only).\u003cbr\u003e\u003c/p\u003e\u003cp\u003ePanorama, Cloud NGFW, and Prisma\u003cspan\u003e\u00ae\u003c/span\u003e Access are not impacted by this vulnerability.\u003c/p\u003e"
}
],
"value": "A buffer overflow vulnerability in the DNS proxy and DNS Server features of Palo Alto Networks PAN-OS\u00ae Software allows an unauthenticated attacker with network access to cause a denial of service (DoS) condition (all PAN-OS platforms except Cloud NGFW and Prisma Access) or potentially execute arbitrary code by sending specially crafted network traffic (PA-Series hardware only).\n\n\n\n\nPanorama, Cloud NGFW, and Prisma\u00ae Access are not impacted by this vulnerability."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePalo Alto Networks is not aware of any malicious exploitation of this issue.\u003c/p\u003e"
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"exploitMaturity": "UNREPORTED",
"privilegesRequired": "NONE",
"providerUrgency": "RED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N/E:U/AU:Y/R:U/V:C/RE:H/U:Red",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "HIGH"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "The risk is highest for PA-Series hardware firewalls as there is a potential risk of arbitrary code execution"
}
]
},
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "AUTOMATIC",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"exploitMaturity": "UNREPORTED",
"privilegesRequired": "NONE",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/AU:Y/R:A/V:D/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "The risk is lower for VM-Series firewalls, as the impact is limited to a Denial of Service condition"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-13T17:40:36.602Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2026-0264"
}
],
"solutions": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ctable class=\"tbl\"\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eVersion\u003c/th\u003e\u003cth\u003eMinor Version\u003c/th\u003e\u003cth\u003eSuggested Solution\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e Cloud NGFW\u003c/td\u003e\u003ctd\u003e\u0026nbsp;\u003c/td\u003e\u003ctd\u003eNo action needed\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 12.1\u003c/td\u003e\u003ctd\u003e12.1.5 through 12.1.6\u003c/td\u003e\u003ctd\u003eUpgrade to 12.1.7 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e12.1.2 through 12.1.4-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 12.1.4-h5 or 12.1.7 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 11.2\u003c/td\u003e\u003ctd\u003e11.2.11 or later\u003c/td\u003e\u003ctd\u003eUpgrade to 11.2.12 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.2.8 through 11.2.10-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.2.10-h6 or 11.2.12 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.2.5 through 11.2.7-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.2.7-h13 or 11.2.10 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.2.0 through 11.2.4-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.2.4-h17 or 11.2.7 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 11.1\u003c/td\u003e\u003ctd\u003e11.1.14 or later\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.15 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.1.11 through 11.1.13-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.13-h5 or 11.1.15 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.1.8 through 11.1.10-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.10-h25 or 11.1.15 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.1.7 through 11.1.7-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.7-h6 or 11.1.15 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.1.5 through 11.1.6-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.6-h32 or 11.1.15 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.1.0 through 11.1.4-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.4-h33 or 11.1.15 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 10.2\u003c/td\u003e\u003ctd\u003e10.2.17 through 10.2.18-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 10.2.18-h6 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u0026nbsp;\u003c/td\u003e\u003ctd\u003e10.2.14 through 10.2.16-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 10.2.16-h7 or 10.2.18-h6 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e10.2.11 through 10.2.13-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 10.2.13-h21 or 10.2.18-h6 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e10.2.8 through 10.2.10-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 10.2.10-h36 or 10.2.18-h6 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u0026nbsp;\u003c/td\u003e\u003ctd\u003e10.2.0 through 10.2.7-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 10.2.7-h34 or 10.2.18-h6 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePrisma Access\u0026nbsp;\u003c/td\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u0026nbsp;\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e All older unsupported PAN-OS versions\u003c/td\u003e\u003ctd\u003e\u0026nbsp;\u003c/td\u003e\u003ctd\u003e Upgrade to a supported fixed version.\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e"
}
],
"value": "VERSION MINOR VERSION SUGGESTED SOLUTION\nCloud NGFW No action needed\nPAN-OS 12.1 12.1.5 through 12.1.6 Upgrade to 12.1.7 or later.\n 12.1.2 through 12.1.4-h* Upgrade to 12.1.4-h5 or 12.1.7 or later.\nPAN-OS 11.2 11.2.11 or later Upgrade to 11.2.12 or later.\n 11.2.8 through 11.2.10-h* Upgrade to 11.2.10-h6 or 11.2.12 or later.\n 11.2.5 through 11.2.7-h* Upgrade to 11.2.7-h13 or 11.2.10 or later.\n 11.2.0 through 11.2.4-h* Upgrade to 11.2.4-h17 or 11.2.7 or later.\nPAN-OS 11.1 11.1.14 or later Upgrade to 11.1.15 or later.\n 11.1.11 through 11.1.13-h* Upgrade to 11.1.13-h5 or 11.1.15 or later.\n 11.1.8 through 11.1.10-h* Upgrade to 11.1.10-h25 or 11.1.15 or later.\n 11.1.7 through 11.1.7-h* Upgrade to 11.1.7-h6 or 11.1.15 or later.\n 11.1.5 through 11.1.6-h* Upgrade to 11.1.6-h32 or 11.1.15 or later.\n 11.1.0 through 11.1.4-h* Upgrade to 11.1.4-h33 or 11.1.15 or later.\nPAN-OS 10.2 10.2.17 through 10.2.18-h* Upgrade to 10.2.18-h6 or later.\n 10.2.14 through 10.2.16-h* Upgrade to 10.2.16-h7 or 10.2.18-h6 or later.\n 10.2.11 through 10.2.13-h* Upgrade to 10.2.13-h21 or 10.2.18-h6 or later.\n 10.2.8 through 10.2.10-h* Upgrade to 10.2.10-h36 or 10.2.18-h6 or later.\n 10.2.0 through 10.2.7-h* Upgrade to 10.2.7-h34 or 10.2.18-h6 or later.\nPrisma Access No action needed. \nAll older unsupported PAN-OS versions Upgrade to a supported fixed version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2026-05-13T16:00:00.000Z",
"value": "Initial Publication."
}
],
"title": "PAN-OS: Heap-Based Buffer Overflow in DNS Proxy and DNS Server Allows Unauthenticated Remote Code Execution",
"workarounds": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Customers can mitigate the risk of this issue by taking either of the following actions:\u003cbr\u003e\u003cbr\u003eAction 1:\u0026nbsp;\u003cbr\u003e\u003cul\u003e\u003cli\u003eDisassociate DNS Proxy from externally accessible interfaces in order to reduce your attack surface;\u0026nbsp;\u003cb\u003eAND\u003c/b\u003e\u003c/li\u003e\u003cli\u003eConfigure DNS server with a RFC1918 or a public trusted IP address.\u003cbr\u003e\u003c/li\u003e\u003c/ul\u003e\u003cb\u003eOR\u0026nbsp;\u003c/b\u003eAction 2:\u003cbr\u003e\u003cul\u003e\u003cli\u003eDisable the DNS Proxy feature (\u003cb\u003eNetwork\u003c/b\u003e\u0026nbsp;\u0026gt; \u003cb\u003eDNS\u003c/b\u003e\u0026nbsp;\u003cb\u003eProxy\u003c/b\u003e) if it is not being used;\u0026nbsp;\u003cb\u003eAND\u003c/b\u003e\u003c/li\u003e\u003cli\u003eConfigure DNS server with a RFC1918 or a public trusted IP address.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eCustomers with a Threat Prevention subscription can block attacks for this vulnerability by enabling Threat ID 510027\u0026nbsp;from\u0026nbsp;Applications and Threats content version 9100-10044 and later.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "Customers can mitigate the risk of this issue by taking either of the following actions:\n\nAction 1: \n\n * Disassociate DNS Proxy from externally accessible interfaces in order to reduce your attack surface; AND\n * Configure DNS server with a RFC1918 or a public trusted IP address.\n \n\nOR Action 2:\n\n * Disable the DNS Proxy feature (Network \u003e DNS Proxy) if it is not being used; AND\n * Configure DNS server with a RFC1918 or a public trusted IP address.\n\nCustomers with a Threat Prevention subscription can block attacks for this vulnerability by enabling Threat ID 510027 from Applications and Threats content version 9100-10044 and later."
}
],
"x_affectedList": [
"PAN-OS 12.1.6",
"PAN-OS 12.1.5",
"PAN-OS 12.1.4-h3",
"PAN-OS 12.1.4-h2",
"PAN-OS 12.1.4",
"PAN-OS 12.1.3-h3",
"PAN-OS 12.1.3-h1",
"PAN-OS 12.1.3",
"PAN-OS 12.1.2",
"PAN-OS 11.2.11",
"PAN-OS 11.2.10-h4",
"PAN-OS 11.2.10-h3",
"PAN-OS 11.2.10-h2",
"PAN-OS 11.2.10-h1",
"PAN-OS 11.2.10",
"PAN-OS 11.2.9",
"PAN-OS 11.2.8",
"PAN-OS 11.2.7-h11",
"PAN-OS 11.2.7-h10",
"PAN-OS 11.2.7-h8",
"PAN-OS 11.2.7-h7",
"PAN-OS 11.2.7-h4",
"PAN-OS 11.2.7-h3",
"PAN-OS 11.2.7-h2",
"PAN-OS 11.2.7-h1",
"PAN-OS 11.2.7",
"PAN-OS 11.2.6",
"PAN-OS 11.2.5",
"PAN-OS 11.2.4-h15",
"PAN-OS 11.2.4-h14",
"PAN-OS 11.2.4-h12",
"PAN-OS 11.2.4-h11",
"PAN-OS 11.2.4-h10",
"PAN-OS 11.2.4-h9",
"PAN-OS 11.2.4-h8",
"PAN-OS 11.2.4-h7",
"PAN-OS 11.2.4-h6",
"PAN-OS 11.2.4-h5",
"PAN-OS 11.2.4-h4",
"PAN-OS 11.2.4-h3",
"PAN-OS 11.2.4-h2",
"PAN-OS 11.2.4-h1",
"PAN-OS 11.2.4",
"PAN-OS 11.2.3-h5",
"PAN-OS 11.2.3-h4",
"PAN-OS 11.2.3-h3",
"PAN-OS 11.2.3-h2",
"PAN-OS 11.2.3-h1",
"PAN-OS 11.2.3",
"PAN-OS 11.2.2-h2",
"PAN-OS 11.2.2-h1",
"PAN-OS 11.2.1-h1",
"PAN-OS 11.2.1",
"PAN-OS 11.2.0-h1",
"PAN-OS 11.2.0",
"PAN-OS 11.1.13-h3",
"PAN-OS 11.1.13-h2",
"PAN-OS 11.1.13-h1",
"PAN-OS 11.1.13",
"PAN-OS 11.1.12",
"PAN-OS 11.1.11",
"PAN-OS 11.1.10-h21",
"PAN-OS 11.1.10-h12",
"PAN-OS 11.1.10-h10",
"PAN-OS 11.1.10-h9",
"PAN-OS 11.1.10-h7",
"PAN-OS 11.1.10-h5",
"PAN-OS 11.1.10-h4",
"PAN-OS 11.1.10-h1",
"PAN-OS 11.1.10",
"PAN-OS 11.1.9",
"PAN-OS 11.1.8",
"PAN-OS 11.1.6-h29",
"PAN-OS 11.1.6-h25",
"PAN-OS 11.1.6-h23",
"PAN-OS 11.1.6-h22",
"PAN-OS 11.1.6-h21",
"PAN-OS 11.1.6-h20",
"PAN-OS 11.1.6-h19",
"PAN-OS 11.1.6-h18",
"PAN-OS 11.1.6-h17",
"PAN-OS 11.1.6-h14",
"PAN-OS 11.1.6-h10",
"PAN-OS 11.1.6-h7",
"PAN-OS 11.1.6-h6",
"PAN-OS 11.1.6-h4",
"PAN-OS 11.1.6-h3",
"PAN-OS 11.1.6-h2",
"PAN-OS 11.1.6-h1",
"PAN-OS 11.1.6",
"PAN-OS 11.1.5-h1",
"PAN-OS 11.1.5",
"PAN-OS 11.1.4-h27",
"PAN-OS 11.1.4-h25",
"PAN-OS 11.1.4-h18",
"PAN-OS 11.1.4-h17",
"PAN-OS 11.1.4-h15",
"PAN-OS 11.1.4-h13",
"PAN-OS 11.1.4-h12",
"PAN-OS 11.1.4-h11",
"PAN-OS 11.1.4-h10",
"PAN-OS 11.1.4-h9",
"PAN-OS 11.1.4-h8",
"PAN-OS 11.1.4-h7",
"PAN-OS 11.1.4-h6",
"PAN-OS 11.1.4-h5",
"PAN-OS 11.1.4-h4",
"PAN-OS 11.1.4-h3",
"PAN-OS 11.1.4-h2",
"PAN-OS 11.1.4-h1",
"PAN-OS 11.1.4",
"PAN-OS 11.1.3-h13",
"PAN-OS 11.1.3-h12",
"PAN-OS 11.1.3-h11",
"PAN-OS 11.1.3-h10",
"PAN-OS 11.1.3-h9",
"PAN-OS 11.1.3-h8",
"PAN-OS 11.1.3-h7",
"PAN-OS 11.1.3-h6",
"PAN-OS 11.1.3-h5",
"PAN-OS 11.1.3-h4",
"PAN-OS 11.1.3-h3",
"PAN-OS 11.1.3-h2",
"PAN-OS 11.1.3-h1",
"PAN-OS 11.1.3",
"PAN-OS 11.1.2-h18",
"PAN-OS 11.1.2-h17",
"PAN-OS 11.1.2-h16",
"PAN-OS 11.1.2-h15",
"PAN-OS 11.1.2-h14",
"PAN-OS 11.1.2-h13",
"PAN-OS 11.1.2-h12",
"PAN-OS 11.1.2-h11",
"PAN-OS 11.1.2-h10",
"PAN-OS 11.1.2-h9",
"PAN-OS 11.1.2-h8",
"PAN-OS 11.1.2-h7",
"PAN-OS 11.1.2-h6",
"PAN-OS 11.1.2-h5",
"PAN-OS 11.1.2-h4",
"PAN-OS 11.1.2-h3",
"PAN-OS 11.1.2-h2",
"PAN-OS 11.1.2-h1",
"PAN-OS 11.1.2",
"PAN-OS 11.1.1-h2",
"PAN-OS 11.1.1-h1",
"PAN-OS 11.1.1",
"PAN-OS 11.1.0-h4",
"PAN-OS 11.1.0-h3",
"PAN-OS 11.1.0-h2",
"PAN-OS 11.1.0-h1",
"PAN-OS 11.1.0",
"PAN-OS 10.2.18-h1",
"PAN-OS 10.2.18",
"PAN-OS 10.2.17",
"PAN-OS 10.2.16-h6",
"PAN-OS 10.2.16-h4",
"PAN-OS 10.2.16-h1",
"PAN-OS 10.2.16",
"PAN-OS 10.2.15",
"PAN-OS 10.2.14-h1",
"PAN-OS 10.2.14",
"PAN-OS 10.2.13-h18",
"PAN-OS 10.2.13-h16",
"PAN-OS 10.2.13-h15",
"PAN-OS 10.2.13-h10",
"PAN-OS 10.2.13-h7",
"PAN-OS 10.2.13-h5",
"PAN-OS 10.2.13-h4",
"PAN-OS 10.2.13-h3",
"PAN-OS 10.2.13-h2",
"PAN-OS 10.2.13-h1",
"PAN-OS 10.2.13",
"PAN-OS 10.2.12-h6",
"PAN-OS 10.2.12-h5",
"PAN-OS 10.2.12-h4",
"PAN-OS 10.2.12-h3",
"PAN-OS 10.2.12-h2",
"PAN-OS 10.2.12-h1",
"PAN-OS 10.2.12",
"PAN-OS 10.2.11-h13",
"PAN-OS 10.2.11-h12",
"PAN-OS 10.2.11-h11",
"PAN-OS 10.2.11-h10",
"PAN-OS 10.2.11-h9",
"PAN-OS 10.2.11-h8",
"PAN-OS 10.2.11-h7",
"PAN-OS 10.2.11-h6",
"PAN-OS 10.2.11-h5",
"PAN-OS 10.2.11-h4",
"PAN-OS 10.2.11-h3",
"PAN-OS 10.2.11-h2",
"PAN-OS 10.2.11-h1",
"PAN-OS 10.2.11",
"PAN-OS 10.2.10-h31",
"PAN-OS 10.2.10-h30",
"PAN-OS 10.2.10-h27",
"PAN-OS 10.2.10-h26",
"PAN-OS 10.2.10-h23",
"PAN-OS 10.2.10-h21",
"PAN-OS 10.2.10-h18",
"PAN-OS 10.2.10-h17",
"PAN-OS 10.2.10-h14",
"PAN-OS 10.2.10-h13",
"PAN-OS 10.2.10-h12",
"PAN-OS 10.2.10-h11",
"PAN-OS 10.2.10-h10",
"PAN-OS 10.2.10-h9",
"PAN-OS 10.2.10-h8",
"PAN-OS 10.2.10-h7",
"PAN-OS 10.2.10-h6",
"PAN-OS 10.2.10-h5",
"PAN-OS 10.2.10-h4",
"PAN-OS 10.2.10-h3",
"PAN-OS 10.2.10-h2",
"PAN-OS 10.2.10-h1",
"PAN-OS 10.2.10",
"PAN-OS 10.2.9-h21",
"PAN-OS 10.2.9-h20",
"PAN-OS 10.2.9-h19",
"PAN-OS 10.2.9-h18",
"PAN-OS 10.2.9-h17",
"PAN-OS 10.2.9-h16",
"PAN-OS 10.2.9-h15",
"PAN-OS 10.2.9-h14",
"PAN-OS 10.2.9-h13",
"PAN-OS 10.2.9-h12",
"PAN-OS 10.2.9-h11",
"PAN-OS 10.2.9-h10",
"PAN-OS 10.2.9-h9",
"PAN-OS 10.2.9-h8",
"PAN-OS 10.2.9-h7",
"PAN-OS 10.2.9-h6",
"PAN-OS 10.2.9-h5",
"PAN-OS 10.2.9-h4",
"PAN-OS 10.2.9-h3",
"PAN-OS 10.2.9-h2",
"PAN-OS 10.2.9-h1",
"PAN-OS 10.2.9",
"PAN-OS 10.2.8-h21",
"PAN-OS 10.2.8-h20",
"PAN-OS 10.2.8-h19",
"PAN-OS 10.2.8-h18",
"PAN-OS 10.2.8-h17",
"PAN-OS 10.2.8-h16",
"PAN-OS 10.2.8-h15",
"PAN-OS 10.2.8-h14",
"PAN-OS 10.2.8-h13",
"PAN-OS 10.2.8-h12",
"PAN-OS 10.2.8-h11",
"PAN-OS 10.2.8-h10",
"PAN-OS 10.2.8-h9",
"PAN-OS 10.2.8-h8",
"PAN-OS 10.2.8-h7",
"PAN-OS 10.2.8-h6",
"PAN-OS 10.2.8-h5",
"PAN-OS 10.2.8-h4",
"PAN-OS 10.2.8-h3",
"PAN-OS 10.2.8-h2",
"PAN-OS 10.2.8-h1",
"PAN-OS 10.2.8",
"PAN-OS 10.2.7-h32",
"PAN-OS 10.2.7-h24",
"PAN-OS 10.2.7-h23",
"PAN-OS 10.2.7-h22",
"PAN-OS 10.2.7-h21",
"PAN-OS 10.2.7-h20",
"PAN-OS 10.2.7-h19",
"PAN-OS 10.2.7-h18",
"PAN-OS 10.2.7-h17",
"PAN-OS 10.2.7-h16",
"PAN-OS 10.2.7-h15",
"PAN-OS 10.2.7-h14",
"PAN-OS 10.2.7-h13",
"PAN-OS 10.2.7-h12",
"PAN-OS 10.2.7-h11",
"PAN-OS 10.2.7-h10",
"PAN-OS 10.2.7-h9",
"PAN-OS 10.2.7-h8",
"PAN-OS 10.2.7-h7",
"PAN-OS 10.2.7-h6",
"PAN-OS 10.2.7-h5",
"PAN-OS 10.2.7-h4",
"PAN-OS 10.2.7-h3",
"PAN-OS 10.2.7-h2",
"PAN-OS 10.2.7-h1",
"PAN-OS 10.2.7",
"PAN-OS 10.2.6-h6",
"PAN-OS 10.2.6-h5",
"PAN-OS 10.2.6-h4",
"PAN-OS 10.2.6-h3",
"PAN-OS 10.2.6-h2",
"PAN-OS 10.2.6-h1",
"PAN-OS 10.2.6",
"PAN-OS 10.2.5-h9",
"PAN-OS 10.2.5-h8",
"PAN-OS 10.2.5-h7",
"PAN-OS 10.2.5-h6",
"PAN-OS 10.2.5-h5",
"PAN-OS 10.2.5-h4",
"PAN-OS 10.2.5-h3",
"PAN-OS 10.2.5-h2",
"PAN-OS 10.2.5-h1",
"PAN-OS 10.2.5",
"PAN-OS 10.2.4-h32",
"PAN-OS 10.2.4-h31",
"PAN-OS 10.2.4-h30",
"PAN-OS 10.2.4-h29",
"PAN-OS 10.2.4-h28",
"PAN-OS 10.2.4-h27",
"PAN-OS 10.2.4-h26",
"PAN-OS 10.2.4-h25",
"PAN-OS 10.2.4-h24",
"PAN-OS 10.2.4-h23",
"PAN-OS 10.2.4-h22",
"PAN-OS 10.2.4-h21",
"PAN-OS 10.2.4-h20",
"PAN-OS 10.2.4-h19",
"PAN-OS 10.2.4-h18",
"PAN-OS 10.2.4-h17",
"PAN-OS 10.2.4-h16",
"PAN-OS 10.2.4-h15",
"PAN-OS 10.2.4-h14",
"PAN-OS 10.2.4-h13",
"PAN-OS 10.2.4-h12",
"PAN-OS 10.2.4-h11",
"PAN-OS 10.2.4-h10",
"PAN-OS 10.2.4-h9",
"PAN-OS 10.2.4-h8",
"PAN-OS 10.2.4-h7",
"PAN-OS 10.2.4-h6",
"PAN-OS 10.2.4-h5",
"PAN-OS 10.2.4-h4",
"PAN-OS 10.2.4-h3",
"PAN-OS 10.2.4-h2",
"PAN-OS 10.2.4-h1",
"PAN-OS 10.2.4",
"PAN-OS 10.2.3-h14",
"PAN-OS 10.2.3-h13",
"PAN-OS 10.2.3-h12",
"PAN-OS 10.2.3-h11",
"PAN-OS 10.2.3-h10",
"PAN-OS 10.2.3-h9",
"PAN-OS 10.2.3-h8",
"PAN-OS 10.2.3-h7",
"PAN-OS 10.2.3-h6",
"PAN-OS 10.2.3-h5",
"PAN-OS 10.2.3-h4",
"PAN-OS 10.2.3-h3",
"PAN-OS 10.2.3-h2",
"PAN-OS 10.2.3-h1",
"PAN-OS 10.2.3",
"PAN-OS 10.2.2-h6",
"PAN-OS 10.2.2-h5",
"PAN-OS 10.2.2-h4",
"PAN-OS 10.2.2-h3",
"PAN-OS 10.2.2-h2",
"PAN-OS 10.2.2-h1",
"PAN-OS 10.2.2",
"PAN-OS 10.2.1-h3",
"PAN-OS 10.2.1-h2",
"PAN-OS 10.2.1-h1",
"PAN-OS 10.2.1",
"PAN-OS 10.2.0-h4",
"PAN-OS 10.2.0-h3",
"PAN-OS 10.2.0-h2",
"PAN-OS 10.2.0-h1",
"PAN-OS 10.2.0"
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2026-0264",
"datePublished": "2026-05-13T17:40:36.602Z",
"dateReserved": "2025-11-03T20:44:24.711Z",
"dateUpdated": "2026-06-09T09:02:48.165Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-0265 (GCVE-0-2026-0265)
Vulnerability from cvelistv5 – Published: 2026-05-13 17:38 – Updated: 2026-06-09 09:02
VLAI
EPSS
Title
PAN-OS: Authentication Bypass with Cloud Authentication Service (CAS) enabled
Summary
An authentication bypass vulnerability in Palo Alto Networks PAN-OS® software enables an unauthenticated attacker with network access to bypass authentication controls when Cloud Authentication Service (CAS) is enabled.
The risk is higher if CAS is enabled on the management interface and lower when any other login interfaces are used.
The risk of this issue is greatly reduced if you secure access to the management web interface by restricting access to only trusted internal IP addresses according to our recommended best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .
This issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series).
Cloud NGFW and Prisma Access® are not impacted by this vulnerability.
Severity
7.2 (High)
4.8 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-347 - Improper Verification of Cryptographic Signature
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://security.paloaltonetworks.com/CVE-2026-0265 | vendor-advisory |
| https://cert-portal.siemens.com/productcert/html/… |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| Palo Alto Networks | Cloud NGFW |
Unaffected:
All
(custom)
|
|
| Palo Alto Networks | PAN-OS |
Affected:
12.1.0 , < 12.1.7, 12.1.4-h5
(custom)
Affected: 11.2.0 , < 11.2.12, 11.2.10-h6, 11.2.7-h13, 11.2.4-h17 (custom) Affected: 11.1.0 , < 11.1.15, 11.1.13-h5, 11.1.10-h25, 11.1.7-h6, 11.1.6-h32, 11.1.4-h33 (custom) Affected: 10.2.0 , < 10.2.18-h6, 10.2.16-h7, 10.2.13-h21, 10.2.10-h36, 10.2.7-h34 (custom) cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h12:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h11:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h10:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h8:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h15:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h14:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h12:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h11:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h10:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h9:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h8:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h6:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.14:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h21:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h12:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h10:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h9:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h29:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h25:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h23:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h22:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h21:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h20:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h19:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h18:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h17:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h14:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h10:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h6:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h32:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h27:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h25:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h18:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h17:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h15:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h13:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h12:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h11:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h10:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h9:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h8:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h6:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h6:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h18:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h16:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h15:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h10:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h31:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h30:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h27:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h26:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h23:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h21:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h18:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h17:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h14:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h13:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h12:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h11:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h10:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h9:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h8:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h6:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h32:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h24:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h23:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h22:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h21:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h20:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h19:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h18:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h17:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h16:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h15:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h14:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h13:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h12:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h11:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h10:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h9:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h8:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h6:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:* |
|
| Palo Alto Networks | Prisma Access |
Unaffected:
All
(custom)
|
|
| Siemens | RUGGEDCOM APE1808 |
Affected:
0 , < *
(custom)
|
Date Public
2026-05-13 16:00
Credits
Palo Alto Networks thanks Harsh Jaiswal from Hacktron AI and our internal security research teams for discovering and reporting this issue.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-0265",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-14T03:56:30.849776Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T10:31:44.019Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM APE1808",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T09:02:49.463Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-967325.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Cloud NGFW",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "unaffected",
"version": "All",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h12:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h11:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h8:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h15:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h14:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h12:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h11:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h9:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h8:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.14:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h21:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h12:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h9:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h29:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h25:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h23:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h22:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h21:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h20:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h19:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h18:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h17:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h14:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h32:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h27:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h25:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h18:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h17:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h15:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h13:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h12:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h11:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h9:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h8:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h18:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h16:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h15:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h31:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h30:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h27:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h26:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h23:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h21:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h18:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h17:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h14:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h13:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h12:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h11:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h9:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h8:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h32:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h24:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h23:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h22:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h21:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h20:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h19:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h18:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h17:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h16:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h15:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h14:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h13:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h12:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h11:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h9:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h8:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "PAN-OS",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "12.1.4-h5",
"status": "unaffected"
},
{
"at": "12.1.7",
"status": "unaffected"
}
],
"lessThan": "12.1.7, 12.1.4-h5",
"status": "affected",
"version": "12.1.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "11.2.4-h17",
"status": "unaffected"
},
{
"at": "11.2.7-h13",
"status": "unaffected"
},
{
"at": "11.2.10-h6",
"status": "unaffected"
},
{
"at": "11.2.12",
"status": "unaffected"
}
],
"lessThan": "11.2.12, 11.2.10-h6, 11.2.7-h13, 11.2.4-h17",
"status": "affected",
"version": "11.2.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "11.1.4-h33",
"status": "unaffected"
},
{
"at": "11.1.6-h32",
"status": "unaffected"
},
{
"at": "11.1.7-h6",
"status": "unaffected"
},
{
"at": "11.1.10-h25",
"status": "unaffected"
},
{
"at": "11.1.13-h5",
"status": "unaffected"
},
{
"at": "11.1.15",
"status": "unaffected"
}
],
"lessThan": "11.1.15, 11.1.13-h5, 11.1.10-h25, 11.1.7-h6, 11.1.6-h32, 11.1.4-h33",
"status": "affected",
"version": "11.1.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "10.2.7-h34",
"status": "unaffected"
},
{
"at": "10.2.10-h36",
"status": "unaffected"
},
{
"at": "10.2.13-h21",
"status": "unaffected"
},
{
"at": "10.2.16-h7",
"status": "unaffected"
},
{
"at": "10.2.18-h6",
"status": "unaffected"
}
],
"lessThan": "10.2.18-h6, 10.2.16-h7, 10.2.13-h21, 10.2.10-h36, 10.2.7-h34",
"status": "affected",
"version": "10.2.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Prisma Access",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "unaffected",
"version": "All",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCustomers are impacted if the following conditions are true:\u003c/p\u003e\u003col\u003e\u003cli\u003eAuthentication Profile with CAS is enabled \u003cb\u003eand\u003c/b\u003e\u003c/li\u003e\u003cli\u003eAuthentication profile is attached to a login interface.\u003c/li\u003e\u003c/ol\u003e\u003cp\u003eTo verify if you have CAS enabled, see our documentation on \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/ngfw/help/10-2/device/device-authentication-profile/configure-an-authentication-profile\"\u003eauthentication profile in management interface\u003c/a\u003e.\u0026nbsp;\u003c/p\u003e\u003cp\u003eTo verify if the CAS authentication profile is attached to your configurations in the PAN-OS management interface:\u003c/p\u003e\u003col\u003e\u003cli\u003eNavigate to \u003cb\u003eDevice\u003c/b\u003e\u0026nbsp;\u0026gt; \u003cb\u003eSetup\u003c/b\u003e\u0026nbsp;\u0026gt; \u003cb\u003eManagement\u003c/b\u003e\u0026nbsp;\u0026gt; \u003cb\u003eAuthentication Settings\u003c/b\u003e\u0026nbsp;\u0026gt; \u003cb\u003eAuthentication Profile\u003c/b\u003e.\u003c/li\u003e\u003cli\u003eNavigate to \u003cb\u003eDevice \u0026gt; User Identification \u0026gt; Authentication Portal Settings\u003c/b\u003e.\u003c/li\u003e\u003cli\u003eNavigate to \u003cb\u003eNetwork \u0026gt; Gateways \u0026gt; GlobalProtect Gateway Configuration\u003c/b\u003e.\u003c/li\u003e\u003cli\u003eNavigate to \u003cb\u003eNetwork \u0026gt; Portals \u0026gt; GlobalProtect Portal Configuration\u003c/b\u003e.\u003c/li\u003e\u003c/ol\u003e\u003cdiv\u003e\u003cp\u003eTo verify if the CAS authentication profile is attached to your configurations in the SCM profile:\u003c/p\u003e\u003col\u003e\u003cli\u003eNavigate to\u0026nbsp;\u003cb\u003eConfiguration \u0026gt; NGFW and Prisma Access\u003c/b\u003e in the SCM profile. Go to\u0026nbsp;\u003cb\u003eIdentity Services \u0026gt; Authentication \u0026gt; Authentication Profile\u003c/b\u003e.\u0026nbsp;\u0026nbsp;\u003c/li\u003e\u003cli\u003eNavigate to \u003cb\u003eDevice \u0026gt; Device Setup \u0026gt; Authentication and Accounting Settings \u0026gt; Authentication profile\u003c/b\u003e, and confirm the attached profile is set to CAS as auth method.\u003c/li\u003e\u003c/ol\u003e\u003c/div\u003e"
}
],
"value": "Customers are impacted if the following conditions are true:\n\n 1. Authentication Profile with CAS is enabled and\n 2. Authentication profile is attached to a login interface.\n\nTo verify if you have CAS enabled, see our documentation on authentication profile in management interface (https://docs.paloaltonetworks.com/ngfw/help/10-2/device/device-authentication-profile/configure-an-authentication-profile). \n\nTo verify if the CAS authentication profile is attached to your configurations in the PAN-OS management interface:\n\n 1. Navigate to Device \u003e Setup \u003e Management \u003e Authentication Settings \u003e Authentication Profile.\n 2. Navigate to Device \u003e User Identification \u003e Authentication Portal Settings.\n 3. Navigate to Network \u003e Gateways \u003e GlobalProtect Gateway Configuration.\n 4. Navigate to Network \u003e Portals \u003e GlobalProtect Portal Configuration.\n\nTo verify if the CAS authentication profile is attached to your configurations in the SCM profile:\n\n 1. Navigate to Configuration \u003e NGFW and Prisma Access in the SCM profile. Go to Identity Services \u003e Authentication \u003e Authentication Profile. \n 2. Navigate to Device \u003e Device Setup \u003e Authentication and Accounting Settings \u003e Authentication profile, and confirm the attached profile is set to CAS as auth method."
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:palo_alto_networks:cloud_ngfw:all:*:*:*:*:*:*:*",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "12.1.7_12.1.4-h5",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.2.12_11.2.10-h6_11.2.7-h13_11.2.4-h17",
"versionStartIncluding": "11.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.1.15_11.1.13-h5_11.1.10-h25_11.1.7-h6_11.1.6-h32_11.1.4-h33",
"versionStartIncluding": "11.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.2.18-h6_10.2.16-h7_10.2.13-h21_10.2.10-h36_10.2.7-h34",
"versionStartIncluding": "10.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:palo_alto_networks:prisma_access:all:*:*:*:*:*:*:*",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "other",
"value": "Palo Alto Networks thanks Harsh Jaiswal from Hacktron AI and our internal security research teams for discovering and reporting this issue."
}
],
"datePublic": "2026-05-13T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn authentication bypass vulnerability in Palo Alto Networks PAN-OS\u00ae software enables an unauthenticated attacker with network access to bypass authentication controls when Cloud Authentication Service (CAS) is enabled.\u003c/p\u003e\u003cp\u003eThe risk is higher if CAS is enabled on the management interface and lower when any other login interfaces are used.\u003cbr\u003e\u003cbr\u003eThe risk of this issue is greatly reduced if you secure access to the management web interface by restricting access to only trusted internal IP addresses according to our recommended \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"\u003ebest practice deployment guidelines\u003c/a\u003e.\u003cbr\u003e\u003cbr\u003eThis issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series).\u003cbr\u003e\u003cbr\u003eCloud NGFW and Prisma Access\u003cb\u003e\u003cspan\u003e\u00ae\u003c/span\u003e\u003c/b\u003e are not impacted by this vulnerability.\u003c/p\u003e"
}
],
"value": "An authentication bypass vulnerability in Palo Alto Networks PAN-OS\u00ae software enables an unauthenticated attacker with network access to bypass authentication controls when Cloud Authentication Service (CAS) is enabled.\n\n\n\nThe risk is higher if CAS is enabled on the management interface and lower when any other login interfaces are used.\n\nThe risk of this issue is greatly reduced if you secure access to the management web interface by restricting access to only trusted internal IP addresses according to our recommended best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .\n\nThis issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series).\n\nCloud NGFW and Prisma Access\u00ae are not impacted by this vulnerability."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePalo Alto Networks is not aware of any malicious exploitation of this issue.\u003c/p\u003e"
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"exploitMaturity": "UNREPORTED",
"privilegesRequired": "NONE",
"providerUrgency": "RED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Red",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "The risk is highest when you allow access to the management interface from external IP addresses on the internet."
}
]
},
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"exploitMaturity": "UNREPORTED",
"privilegesRequired": "NONE",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "If you configure restricted access to a jump box that is the only system allowed to access the management interface, you greatly reduce the risk of exploitation because attacks would require privileged access using only those IP addresses."
}
]
},
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 2.7,
"baseSeverity": "LOW",
"exploitMaturity": "UNREPORTED",
"privilegesRequired": "NONE",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "If authentication profile with CAS is enabled on any other login based interface, the risk is lower."
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347 Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-13T17:38:33.822Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2026-0265"
}
],
"solutions": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ctable class=\"tbl\"\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eVersion\u003c/th\u003e\u003cth\u003eMinor Version Range\u003c/th\u003e\u003cth\u003eSuggested Solution\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eCloud NGFW\u003c/td\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 12.1\u003c/td\u003e\u003ctd\u003e12.1.5 through 12.1.6\u003c/td\u003e\u003ctd\u003eUpgrade to 12.1.7 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e12.1.2 through 12.1.4-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 12.1.4-h5 or 12.1.7 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 11.2\u003c/td\u003e\u003ctd\u003e11.2.11 or later\u003c/td\u003e\u003ctd\u003eUpgrade to 11.2.12 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.2.8 through 11.2.10-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.2.10-h6 or 11.2.12 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.2.5 through 11.2.7-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.2.7-h13 or 11.2.12 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.2.0 through 11.2.4-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.2.4-h17 or 11.2.12 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 11.1\u003c/td\u003e\u003ctd\u003e11.1.14 or later\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.15 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.1.11 through 11.1.13-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.13-h5 or 11.1.15 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.1.8 through 11.1.10-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.10-h25 or 11.1.15 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.1.7 through 11.1.7-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.7-h6 or 11.1.15 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.1.5 through 11.1.6-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.6-h32 or 11.1.15 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.1.0 through 11.1.4-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.4-h33 or 11.1.15 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 10.2\u003c/td\u003e\u003ctd\u003e10.2.17 through 10.2.18-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 10.2.18-h6 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e10.2.14 through 10.2.16-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 10.2.16-h7 or 10.2.18-h6 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e10.2.11 through 10.2.13-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 10.2.13-h21 or 10.2.18-h6 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e10.2.8 through 10.2.10-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 10.2.10-h36 or 10.2.18-h6 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e10.2.0 through 10.2.7-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 10.2.7-h34 or 10.2.18-h6 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eAll older \u003cbr\u003eunsupported \u003cbr\u003ePAN-OS versions\u003c/td\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003eUpgrade to a supported fixed version.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePrisma Access\u003c/td\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e"
}
],
"value": "VERSION MINOR VERSION RANGE SUGGESTED SOLUTION\nCloud NGFW No action needed.\nPAN-OS 12.1 12.1.5 through 12.1.6 Upgrade to 12.1.7 or later.\n 12.1.2 through 12.1.4-h* Upgrade to 12.1.4-h5 or 12.1.7 or later.\nPAN-OS 11.2 11.2.11 or later Upgrade to 11.2.12 or later.\n 11.2.8 through 11.2.10-h* Upgrade to 11.2.10-h6 or 11.2.12 or later.\n 11.2.5 through 11.2.7-h* Upgrade to 11.2.7-h13 or 11.2.12 or later.\n 11.2.0 through 11.2.4-h* Upgrade to 11.2.4-h17 or 11.2.12 or later.\nPAN-OS 11.1 11.1.14 or later Upgrade to 11.1.15 or later.\n 11.1.11 through 11.1.13-h* Upgrade to 11.1.13-h5 or 11.1.15 or later.\n 11.1.8 through 11.1.10-h* Upgrade to 11.1.10-h25 or 11.1.15 or later.\n 11.1.7 through 11.1.7-h* Upgrade to 11.1.7-h6 or 11.1.15 or later.\n 11.1.5 through 11.1.6-h* Upgrade to 11.1.6-h32 or 11.1.15 or later.\n 11.1.0 through 11.1.4-h* Upgrade to 11.1.4-h33 or 11.1.15 or later.\nPAN-OS 10.2 10.2.17 through 10.2.18-h* Upgrade to 10.2.18-h6 or later.\n 10.2.14 through 10.2.16-h* Upgrade to 10.2.16-h7 or 10.2.18-h6 or later.\n 10.2.11 through 10.2.13-h* Upgrade to 10.2.13-h21 or 10.2.18-h6 or later.\n 10.2.8 through 10.2.10-h* Upgrade to 10.2.10-h36 or 10.2.18-h6 or later.\n 10.2.0 through 10.2.7-h* Upgrade to 10.2.7-h34 or 10.2.18-h6 or later.\nAll older Upgrade to a supported fixed version.\nunsupported\nPAN-OS versions\nPrisma Access No action needed."
}
],
"source": {
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2026-05-13T16:00:00.000Z",
"value": "Initial Publication."
}
],
"title": "PAN-OS: Authentication Bypass with Cloud Authentication Service (CAS) enabled",
"workarounds": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe vast majority of firewalls already follow Palo Alto Networks\u0027 and industry best practices. However, if you haven\u2019t already, we strongly recommend that you secure access to your management interface according to our best practice deployment guidelines. Specifically, you should restrict access to the management interface to only trusted internal IP addresses to prevent external access from the internet.\u003cbr\u003e\u003cbr\u003eReview information about how to secure management access to your Palo Alto Networks firewalls:\u003c/p\u003e\u003cul\u003e\u003cli\u003ePalo Alto Networks LIVEcommunity article: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"\u003ehttps://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\u003c/a\u003e\u003c/li\u003e\u003cli\u003ePalo Alto Networks official and more detailed technical documentation: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices\"\u003ehttps://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices\u003c/a\u003e\u0026nbsp;\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eTo temporarily mitigate this issue, customers can disable the Cloud Authentication Service (CAS) by changing the associated authentication profile to SAML, RADIUS, or other supported authentication methods.\u003c/p\u003e\u003cp\u003eCustomers with a Threat Prevention subscription can block attacks for this vulnerability by enabling Threat ID 510008 from Applications and Threats content version 9100-10044 and later. Threat ID 510008 depends on features present in PAN-OS 11.2 and above.\u003c/p\u003e\u003cspan\u003eTo ensure the Threat ID provides effective protection against this vulnerability, follow these steps\u003c/span\u003e:\u003cbr\u003e\u003cul\u003e\u003cli\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#id59206398-3dab-4b2f-9b4b-7ea500d036ba\"\u003eRoute incoming traffic for the MGT port through a DP port\u003c/a\u003e, e.g., enabling management profile on a DP interface for management access.\u0026nbsp;\u003c/li\u003e\u003cli\u003eEnsure that\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/globalprotect-articles/applying-vulnerability-protection-to-globalprotect-interfaces/ta-p/340184\"\u003evulnerability protection security profile is applied to your GlobalProtect interface\u003c/a\u003e.\u0026nbsp;\u003c/li\u003e\u003cli\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#id112f7714-8995-4496-bbf9-781e63dec71c\"\u003eReplace the default certificate for Inbound Traffic Management\u003c/a\u003e.\u0026nbsp;\u003c/li\u003e\u003cli\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#idbbd82587-17a2-42b4-9245-d3714e1e13a2\"\u003eDecrypt inbound traffic to the management interface so the firewall can inspect it\u003c/a\u003e.\u0026nbsp;\u003c/li\u003e\u003cli\u003eEnable Threat Prevention on the inbound traffic to management services.\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "The vast majority of firewalls already follow Palo Alto Networks\u0027 and industry best practices. However, if you haven\u2019t already, we strongly recommend that you secure access to your management interface according to our best practice deployment guidelines. Specifically, you should restrict access to the management interface to only trusted internal IP addresses to prevent external access from the internet.\n\nReview information about how to secure management access to your Palo Alto Networks firewalls:\n\n * Palo Alto Networks LIVEcommunity article: https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\n * Palo Alto Networks official and more detailed technical documentation: https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices \n\nTo temporarily mitigate this issue, customers can disable the Cloud Authentication Service (CAS) by changing the associated authentication profile to SAML, RADIUS, or other supported authentication methods.\n\nCustomers with a Threat Prevention subscription can block attacks for this vulnerability by enabling Threat ID 510008 from Applications and Threats content version 9100-10044 and later. Threat ID 510008 depends on features present in PAN-OS 11.2 and above.\n\nTo ensure the Threat ID provides effective protection against this vulnerability, follow these steps:\n\n * Route incoming traffic for the MGT port through a DP port (https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#id59206398-3dab-4b2f-9b4b-7ea500d036ba), e.g., enabling management profile on a DP interface for management access. \n * Ensure that vulnerability protection security profile is applied to your GlobalProtect interface (https://live.paloaltonetworks.com/t5/globalprotect-articles/applying-vulnerability-protection-to-globalprotect-interfaces/ta-p/340184). \n * Replace the default certificate for Inbound Traffic Management (https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#id112f7714-8995-4496-bbf9-781e63dec71c). \n * Decrypt inbound traffic to the management interface so the firewall can inspect it (https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#idbbd82587-17a2-42b4-9245-d3714e1e13a2). \n * Enable Threat Prevention on the inbound traffic to management services."
}
],
"x_affectedList": [
"PAN-OS 12.1.6",
"PAN-OS 12.1.5",
"PAN-OS 12.1.4-h3",
"PAN-OS 12.1.4-h2",
"PAN-OS 12.1.4",
"PAN-OS 12.1.3-h3",
"PAN-OS 12.1.3-h1",
"PAN-OS 12.1.3",
"PAN-OS 12.1.2",
"PAN-OS 11.2.11",
"PAN-OS 11.2.10-h5",
"PAN-OS 11.2.10-h4",
"PAN-OS 11.2.10-h3",
"PAN-OS 11.2.10-h2",
"PAN-OS 11.2.10-h1",
"PAN-OS 11.2.10",
"PAN-OS 11.2.9",
"PAN-OS 11.2.8",
"PAN-OS 11.2.7-h12",
"PAN-OS 11.2.7-h11",
"PAN-OS 11.2.7-h10",
"PAN-OS 11.2.7-h8",
"PAN-OS 11.2.7-h7",
"PAN-OS 11.2.7-h4",
"PAN-OS 11.2.7-h3",
"PAN-OS 11.2.7-h2",
"PAN-OS 11.2.7-h1",
"PAN-OS 11.2.7",
"PAN-OS 11.2.6",
"PAN-OS 11.2.5",
"PAN-OS 11.2.4-h15",
"PAN-OS 11.2.4-h14",
"PAN-OS 11.2.4-h12",
"PAN-OS 11.2.4-h11",
"PAN-OS 11.2.4-h10",
"PAN-OS 11.2.4-h9",
"PAN-OS 11.2.4-h8",
"PAN-OS 11.2.4-h7",
"PAN-OS 11.2.4-h6",
"PAN-OS 11.2.4-h5",
"PAN-OS 11.2.4-h4",
"PAN-OS 11.2.4-h3",
"PAN-OS 11.2.4-h2",
"PAN-OS 11.2.4-h1",
"PAN-OS 11.2.4",
"PAN-OS 11.2.3-h5",
"PAN-OS 11.2.3-h4",
"PAN-OS 11.2.3-h3",
"PAN-OS 11.2.3-h2",
"PAN-OS 11.2.3-h1",
"PAN-OS 11.2.3",
"PAN-OS 11.2.2-h2",
"PAN-OS 11.2.2-h1",
"PAN-OS 11.2.1-h1",
"PAN-OS 11.2.1",
"PAN-OS 11.2.0-h1",
"PAN-OS 11.2.0",
"PAN-OS 11.1.14",
"PAN-OS 11.1.13-h3",
"PAN-OS 11.1.13-h2",
"PAN-OS 11.1.13-h1",
"PAN-OS 11.1.13",
"PAN-OS 11.1.12",
"PAN-OS 11.1.11",
"PAN-OS 11.1.10-h21",
"PAN-OS 11.1.10-h12",
"PAN-OS 11.1.10-h10",
"PAN-OS 11.1.10-h9",
"PAN-OS 11.1.10-h7",
"PAN-OS 11.1.10-h5",
"PAN-OS 11.1.10-h4",
"PAN-OS 11.1.10-h1",
"PAN-OS 11.1.10",
"PAN-OS 11.1.9",
"PAN-OS 11.1.8",
"PAN-OS 11.1.6-h29",
"PAN-OS 11.1.6-h25",
"PAN-OS 11.1.6-h23",
"PAN-OS 11.1.6-h22",
"PAN-OS 11.1.6-h21",
"PAN-OS 11.1.6-h20",
"PAN-OS 11.1.6-h19",
"PAN-OS 11.1.6-h18",
"PAN-OS 11.1.6-h17",
"PAN-OS 11.1.6-h14",
"PAN-OS 11.1.6-h10",
"PAN-OS 11.1.6-h7",
"PAN-OS 11.1.6-h6",
"PAN-OS 11.1.6-h4",
"PAN-OS 11.1.6-h3",
"PAN-OS 11.1.6-h2",
"PAN-OS 11.1.6-h1",
"PAN-OS 11.1.6",
"PAN-OS 11.1.5-h1",
"PAN-OS 11.1.5",
"PAN-OS 11.1.4-h32",
"PAN-OS 11.1.4-h27",
"PAN-OS 11.1.4-h25",
"PAN-OS 11.1.4-h18",
"PAN-OS 11.1.4-h17",
"PAN-OS 11.1.4-h15",
"PAN-OS 11.1.4-h13",
"PAN-OS 11.1.4-h12",
"PAN-OS 11.1.4-h11",
"PAN-OS 11.1.4-h10",
"PAN-OS 11.1.4-h9",
"PAN-OS 11.1.4-h8",
"PAN-OS 11.1.4-h7",
"PAN-OS 11.1.4-h6",
"PAN-OS 11.1.4-h5",
"PAN-OS 11.1.4-h4",
"PAN-OS 11.1.4-h3",
"PAN-OS 11.1.4-h2",
"PAN-OS 11.1.4-h1",
"PAN-OS 11.1.4",
"PAN-OS 11.1.3-h13",
"PAN-OS 11.1.3-h12",
"PAN-OS 11.1.3-h11",
"PAN-OS 11.1.3-h10",
"PAN-OS 11.1.3-h9",
"PAN-OS 11.1.3-h8",
"PAN-OS 11.1.3-h7",
"PAN-OS 11.1.3-h6",
"PAN-OS 11.1.3-h5",
"PAN-OS 11.1.3-h4",
"PAN-OS 11.1.3-h3",
"PAN-OS 11.1.3-h2",
"PAN-OS 11.1.3-h1",
"PAN-OS 11.1.3",
"PAN-OS 11.1.2-h18",
"PAN-OS 11.1.2-h17",
"PAN-OS 11.1.2-h16",
"PAN-OS 11.1.2-h15",
"PAN-OS 11.1.2-h14",
"PAN-OS 11.1.2-h13",
"PAN-OS 11.1.2-h12",
"PAN-OS 11.1.2-h11",
"PAN-OS 11.1.2-h10",
"PAN-OS 11.1.2-h9",
"PAN-OS 11.1.2-h8",
"PAN-OS 11.1.2-h7",
"PAN-OS 11.1.2-h6",
"PAN-OS 11.1.2-h5",
"PAN-OS 11.1.2-h4",
"PAN-OS 11.1.2-h3",
"PAN-OS 11.1.2-h2",
"PAN-OS 11.1.2-h1",
"PAN-OS 11.1.2",
"PAN-OS 11.1.1-h2",
"PAN-OS 11.1.1-h1",
"PAN-OS 11.1.1",
"PAN-OS 11.1.0-h4",
"PAN-OS 11.1.0-h3",
"PAN-OS 11.1.0-h2",
"PAN-OS 11.1.0-h1",
"PAN-OS 11.1.0",
"PAN-OS 10.2.18-h5",
"PAN-OS 10.2.18-h1",
"PAN-OS 10.2.18",
"PAN-OS 10.2.17",
"PAN-OS 10.2.16-h6",
"PAN-OS 10.2.16-h4",
"PAN-OS 10.2.16-h1",
"PAN-OS 10.2.16",
"PAN-OS 10.2.15",
"PAN-OS 10.2.14-h1",
"PAN-OS 10.2.14",
"PAN-OS 10.2.13-h18",
"PAN-OS 10.2.13-h16",
"PAN-OS 10.2.13-h15",
"PAN-OS 10.2.13-h10",
"PAN-OS 10.2.13-h7",
"PAN-OS 10.2.13-h5",
"PAN-OS 10.2.13-h4",
"PAN-OS 10.2.13-h3",
"PAN-OS 10.2.13-h2",
"PAN-OS 10.2.13-h1",
"PAN-OS 10.2.13",
"PAN-OS 10.2.12-h6",
"PAN-OS 10.2.12-h5",
"PAN-OS 10.2.12-h4",
"PAN-OS 10.2.12-h3",
"PAN-OS 10.2.12-h2",
"PAN-OS 10.2.12-h1",
"PAN-OS 10.2.12",
"PAN-OS 10.2.11-h13",
"PAN-OS 10.2.11-h12",
"PAN-OS 10.2.11-h11",
"PAN-OS 10.2.11-h10",
"PAN-OS 10.2.11-h9",
"PAN-OS 10.2.11-h8",
"PAN-OS 10.2.11-h7",
"PAN-OS 10.2.11-h6",
"PAN-OS 10.2.11-h5",
"PAN-OS 10.2.11-h4",
"PAN-OS 10.2.11-h3",
"PAN-OS 10.2.11-h2",
"PAN-OS 10.2.11-h1",
"PAN-OS 10.2.11",
"PAN-OS 10.2.10-h31",
"PAN-OS 10.2.10-h30",
"PAN-OS 10.2.10-h27",
"PAN-OS 10.2.10-h26",
"PAN-OS 10.2.10-h23",
"PAN-OS 10.2.10-h21",
"PAN-OS 10.2.10-h18",
"PAN-OS 10.2.10-h17",
"PAN-OS 10.2.10-h14",
"PAN-OS 10.2.10-h13",
"PAN-OS 10.2.10-h12",
"PAN-OS 10.2.10-h11",
"PAN-OS 10.2.10-h10",
"PAN-OS 10.2.10-h9",
"PAN-OS 10.2.10-h8",
"PAN-OS 10.2.10-h7",
"PAN-OS 10.2.10-h6",
"PAN-OS 10.2.10-h5",
"PAN-OS 10.2.10-h4",
"PAN-OS 10.2.10-h3",
"PAN-OS 10.2.10-h2",
"PAN-OS 10.2.10-h1",
"PAN-OS 10.2.10",
"PAN-OS 10.2.9-h21",
"PAN-OS 10.2.9-h20",
"PAN-OS 10.2.9-h19",
"PAN-OS 10.2.9-h18",
"PAN-OS 10.2.9-h17",
"PAN-OS 10.2.9-h16",
"PAN-OS 10.2.9-h15",
"PAN-OS 10.2.9-h14",
"PAN-OS 10.2.9-h13",
"PAN-OS 10.2.9-h12",
"PAN-OS 10.2.9-h11",
"PAN-OS 10.2.9-h10",
"PAN-OS 10.2.9-h9",
"PAN-OS 10.2.9-h8",
"PAN-OS 10.2.9-h7",
"PAN-OS 10.2.9-h6",
"PAN-OS 10.2.9-h5",
"PAN-OS 10.2.9-h4",
"PAN-OS 10.2.9-h3",
"PAN-OS 10.2.9-h2",
"PAN-OS 10.2.9-h1",
"PAN-OS 10.2.9",
"PAN-OS 10.2.8-h21",
"PAN-OS 10.2.8-h20",
"PAN-OS 10.2.8-h19",
"PAN-OS 10.2.8-h18",
"PAN-OS 10.2.8-h17",
"PAN-OS 10.2.8-h16",
"PAN-OS 10.2.8-h15",
"PAN-OS 10.2.8-h14",
"PAN-OS 10.2.8-h13",
"PAN-OS 10.2.8-h12",
"PAN-OS 10.2.8-h11",
"PAN-OS 10.2.8-h10",
"PAN-OS 10.2.8-h9",
"PAN-OS 10.2.8-h8",
"PAN-OS 10.2.8-h7",
"PAN-OS 10.2.8-h6",
"PAN-OS 10.2.8-h5",
"PAN-OS 10.2.8-h4",
"PAN-OS 10.2.8-h3",
"PAN-OS 10.2.8-h2",
"PAN-OS 10.2.8-h1",
"PAN-OS 10.2.8",
"PAN-OS 10.2.7-h32",
"PAN-OS 10.2.7-h24",
"PAN-OS 10.2.7-h23",
"PAN-OS 10.2.7-h22",
"PAN-OS 10.2.7-h21",
"PAN-OS 10.2.7-h20",
"PAN-OS 10.2.7-h19",
"PAN-OS 10.2.7-h18",
"PAN-OS 10.2.7-h17",
"PAN-OS 10.2.7-h16",
"PAN-OS 10.2.7-h15",
"PAN-OS 10.2.7-h14",
"PAN-OS 10.2.7-h13",
"PAN-OS 10.2.7-h12",
"PAN-OS 10.2.7-h11",
"PAN-OS 10.2.7-h10",
"PAN-OS 10.2.7-h9",
"PAN-OS 10.2.7-h8",
"PAN-OS 10.2.7-h7",
"PAN-OS 10.2.7-h6",
"PAN-OS 10.2.7-h5",
"PAN-OS 10.2.7-h4",
"PAN-OS 10.2.7-h3",
"PAN-OS 10.2.7-h2",
"PAN-OS 10.2.7-h1",
"PAN-OS 10.2.7",
"PAN-OS 10.2.6-h6",
"PAN-OS 10.2.6-h5",
"PAN-OS 10.2.6-h4",
"PAN-OS 10.2.6-h3",
"PAN-OS 10.2.6-h2",
"PAN-OS 10.2.6-h1",
"PAN-OS 10.2.6",
"PAN-OS 10.2.5-h9",
"PAN-OS 10.2.5-h8",
"PAN-OS 10.2.5-h7",
"PAN-OS 10.2.5-h6",
"PAN-OS 10.2.5-h5",
"PAN-OS 10.2.5-h4",
"PAN-OS 10.2.5-h3",
"PAN-OS 10.2.5-h2",
"PAN-OS 10.2.5-h1",
"PAN-OS 10.2.5",
"PAN-OS 10.2.4-h32",
"PAN-OS 10.2.4-h31",
"PAN-OS 10.2.4-h30",
"PAN-OS 10.2.4-h29",
"PAN-OS 10.2.4-h28",
"PAN-OS 10.2.4-h27",
"PAN-OS 10.2.4-h26",
"PAN-OS 10.2.4-h25",
"PAN-OS 10.2.4-h24",
"PAN-OS 10.2.4-h23",
"PAN-OS 10.2.4-h22",
"PAN-OS 10.2.4-h21",
"PAN-OS 10.2.4-h20",
"PAN-OS 10.2.4-h19",
"PAN-OS 10.2.4-h18",
"PAN-OS 10.2.4-h17",
"PAN-OS 10.2.4-h16",
"PAN-OS 10.2.4-h15",
"PAN-OS 10.2.4-h14",
"PAN-OS 10.2.4-h13",
"PAN-OS 10.2.4-h12",
"PAN-OS 10.2.4-h11",
"PAN-OS 10.2.4-h10",
"PAN-OS 10.2.4-h9",
"PAN-OS 10.2.4-h8",
"PAN-OS 10.2.4-h7",
"PAN-OS 10.2.4-h6",
"PAN-OS 10.2.4-h5",
"PAN-OS 10.2.4-h4",
"PAN-OS 10.2.4-h3",
"PAN-OS 10.2.4-h2",
"PAN-OS 10.2.4-h1",
"PAN-OS 10.2.4",
"PAN-OS 10.2.3-h14",
"PAN-OS 10.2.3-h13",
"PAN-OS 10.2.3-h12",
"PAN-OS 10.2.3-h11",
"PAN-OS 10.2.3-h10",
"PAN-OS 10.2.3-h9",
"PAN-OS 10.2.3-h8",
"PAN-OS 10.2.3-h7",
"PAN-OS 10.2.3-h6",
"PAN-OS 10.2.3-h5",
"PAN-OS 10.2.3-h4",
"PAN-OS 10.2.3-h3",
"PAN-OS 10.2.3-h2",
"PAN-OS 10.2.3-h1",
"PAN-OS 10.2.3",
"PAN-OS 10.2.2-h6",
"PAN-OS 10.2.2-h5",
"PAN-OS 10.2.2-h4",
"PAN-OS 10.2.2-h3",
"PAN-OS 10.2.2-h2",
"PAN-OS 10.2.2-h1",
"PAN-OS 10.2.2",
"PAN-OS 10.2.1-h3",
"PAN-OS 10.2.1-h2",
"PAN-OS 10.2.1-h1",
"PAN-OS 10.2.1",
"PAN-OS 10.2.0-h4",
"PAN-OS 10.2.0-h3",
"PAN-OS 10.2.0-h2",
"PAN-OS 10.2.0-h1",
"PAN-OS 10.2.0"
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2026-0265",
"datePublished": "2026-05-13T17:38:33.822Z",
"dateReserved": "2025-11-03T20:44:25.538Z",
"dateUpdated": "2026-06-09T09:02:49.463Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4439 (GCVE-0-2026-4439)
Vulnerability from cvelistv5 – Published: 2026-03-20 01:34 – Updated: 2026-03-21 04:01
VLAI
EPSS
Summary
Out of bounds memory access in WebGL in Google Chrome on Android prior to 146.0.7680.153 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-4439",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-20T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-21T04:01:30.689Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "146.0.7680.153",
"status": "affected",
"version": "146.0.7680.153",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out of bounds memory access in WebGL in Google Chrome on Android prior to 146.0.7680.153 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out of bounds memory access",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-20T01:34:43.403Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_18.html"
},
{
"url": "https://issues.chromium.org/issues/475877320"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-4439",
"datePublished": "2026-03-20T01:34:43.403Z",
"dateReserved": "2026-03-19T20:23:47.193Z",
"dateUpdated": "2026-03-21T04:01:30.689Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4440 (GCVE-0-2026-4440)
Vulnerability from cvelistv5 – Published: 2026-03-20 01:34 – Updated: 2026-03-21 04:01
VLAI
EPSS
Summary
Out of bounds read and write in WebGL in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Critical)
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-4440",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-20T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-21T04:01:31.838Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "146.0.7680.153",
"status": "affected",
"version": "146.0.7680.153",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out of bounds read and write in WebGL in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Critical)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out of bounds read and write",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-20T01:34:44.077Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_18.html"
},
{
"url": "https://issues.chromium.org/issues/485935305"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-4440",
"datePublished": "2026-03-20T01:34:44.077Z",
"dateReserved": "2026-03-19T20:23:47.604Z",
"dateUpdated": "2026-03-21T04:01:31.838Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4441 (GCVE-0-2026-4441)
Vulnerability from cvelistv5 – Published: 2026-03-20 01:34 – Updated: 2026-03-21 04:01
VLAI
EPSS
Summary
Use after free in Base in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-416 - Use after free
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-4441",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-20T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-21T04:01:24.650Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "146.0.7680.153",
"status": "affected",
"version": "146.0.7680.153",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use after free in Base in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "Use after free",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-20T01:34:44.671Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_18.html"
},
{
"url": "https://issues.chromium.org/issues/489381399"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-4441",
"datePublished": "2026-03-20T01:34:44.671Z",
"dateReserved": "2026-03-19T20:23:48.029Z",
"dateUpdated": "2026-03-21T04:01:24.650Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4442 (GCVE-0-2026-4442)
Vulnerability from cvelistv5 – Published: 2026-03-20 01:34 – Updated: 2026-03-21 04:01
VLAI
EPSS
Summary
Heap buffer overflow in CSS in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-122 - Heap buffer overflow
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-4442",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-20T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-21T04:01:23.380Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "146.0.7680.153",
"status": "affected",
"version": "146.0.7680.153",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Heap buffer overflow in CSS in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap buffer overflow",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-20T01:34:45.297Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_18.html"
},
{
"url": "https://issues.chromium.org/issues/484751092"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-4442",
"datePublished": "2026-03-20T01:34:45.297Z",
"dateReserved": "2026-03-19T20:23:48.592Z",
"dateUpdated": "2026-03-21T04:01:23.380Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…