NCSC-2026-0227

Vulnerability from csaf_ncscnl - Published: 2026-07-13 08:27 - Updated: 2026-07-13 08:27
Summary
Kwetsbaarheden verholpen in Palo Alto Networks PAN-OS
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions: NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein. NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory. This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten: Palo Alto Networks heeft meerdere kwetsbaarheden verholpen in PAN-OS software, specifiek in PA-Series en VM-Series firewalls, evenals Panorama management platforms.
Interpretaties: De kwetsbaarheden betreffen verschillende onderdelen van PAN-OS. - Er zijn meerdere cross-site scripting (XSS) kwetsbaarheden in de User-ID Authentication Portal, GlobalProtect gateway/portal en Clientless VPN modules, die ongeauthenticeerde aanvallers in staat stellen om willekeurige JavaScript-code uit te voeren. - Een IPv6-pakketverwerkingsfout maakt het mogelijk om firewall security policies te omzeilen, waardoor toegang tot normaal beschermde services mogelijk is. - Een informatielek laat een ongeauthenticeerde aanvaller met netwerktoegang tot de management webinterface toe om sessietokens te verkrijgen via een kwaadaardige link. - Daarnaast bestaat er een kwetsbaarheid waardoor ongeauthenticeerde aanvallers bestanden kunnen verwijderen uit een tijdelijke map via de management webinterface. - De Large Scale VPN (LSVPN) feature kent een authenticatie-omzeilingsfout, waarmee onbevoegden site-to-site VPN-verbindingen kunnen opzetten, en een XML-injectie die kan leiden tot ongeautoriseerde informatietoegang of datacorruptie. - Een server-side request forgery (SSRF) kwetsbaarheid maakt het mogelijk voor geauthenticeerde beheerders om ongeautoriseerde verzoeken naar interne services te sturen. - Verder is er een command injection kwetsbaarheid in de management plane die geauthenticeerde beheerders root-toegang tot het besturingssysteem kan geven. - Meerdere denial of service (DoS) kwetsbaarheden kunnen door ongeauthenticeerde aanvallers een firewall in onderhoudsmodus dwingen, wat de normale werking verstoort. - Tenslotte zijn er buffer overflow kwetsbaarheden in de User-ID Terminal Server Agent die DoS of remote code execution mogelijk maken. De Cloud NGFW en Prisma Access producten zijn niet getroffen door deze kwetsbaarheden. Beperking van toegang tot de management interface tot vertrouwde interne IP-adressen vermindert het risico op exploitatie.
Oplossingen: Palo Alto Networks heeft updates uitgebracht om de kwetsbaarheden in PAN-OS te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans: medium
Schade: high
CWE-20: Improper Input Validation
CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-131: Incorrect Calculation of Buffer Size
CWE-306: Missing Authentication for Critical Function
CWE-524: Use of Cache Containing Sensitive Information
CWE-754: Improper Check for Unusual or Exceptional Conditions
CWE-787: Out-of-bounds Write
CWE-918: Server-Side Request Forgery (SSRF)

Multiple cross-site scripting vulnerabilities in Palo Alto Networks PAN-OS software's User-ID Authentication Portal, GlobalProtect gateway/portal, and Clientless VPN allow unauthenticated attackers to execute malicious JavaScript, affecting PA-Series, VM-Series firewalls, and Panorama but not Cloud NGFW.

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Affected products
Product Identifier Version Remediation
vers:unknown/*
Palo Alto Networks / PAN-OS
vers:unknown/*
vers:unknown/*
Palo Alto Networks / Panorama
vers:unknown/*

A vulnerability in Palo Alto Networks PAN-OS IPv6 packet processing allows unauthenticated attackers to bypass firewall security policies and access protected services, with Cloud NGFW and Panorama unaffected.

CWE-131 - Incorrect Calculation of Buffer Size
Affected products
Product Identifier Version Remediation
vers:unknown/*
Palo Alto Networks / PAN-OS
vers:unknown/*
vers:unknown/*
Palo Alto Networks / Panorama
vers:unknown/*

An information disclosure vulnerability in Palo Alto Networks PAN-OS allows unauthenticated attackers with network access to the management web interface to obtain web session tokens if a legitimate user clicks a malicious link, affecting PA-Series, VM-Series firewalls, and Panorama.

CWE-524 - Use of Cache Containing Sensitive Information
Affected products
Product Identifier Version Remediation
vers:unknown/*
Palo Alto Networks / PAN-OS
vers:unknown/*
vers:unknown/*
Palo Alto Networks / Panorama
vers:unknown/*

A file deletion vulnerability in Palo Alto Networks PAN-OS allows unauthenticated attackers with network access to the management web interface to delete files from a temporary directory, affecting PA-Series, VM-Series firewalls, and Panorama.

Affected products
Product Identifier Version Remediation
vers:unknown/*
Palo Alto Networks / PAN-OS
vers:unknown/*
vers:unknown/*
Palo Alto Networks / Panorama
vers:unknown/*

An authentication bypass vulnerability in the Large Scale VPN (LSVPN) feature of Palo Alto Networks PAN-OS software enables attackers with network access to establish unauthorized site-to-site VPN connections, excluding Panorama, Cloud NGFW, and Prisma Access.

CWE-306 - Missing Authentication for Critical Function
Affected products
Product Identifier Version Remediation
vers:unknown/*
Palo Alto Networks / PAN-OS
vers:unknown/*
vers:unknown/*
Palo Alto Networks / Panorama
vers:unknown/*

An XML injection vulnerability in Palo Alto Networks PAN-OS Large Scale VPN feature allows unauthenticated network attackers to inject malicious XML, risking information disclosure or data corruption, while Panorama, Cloud NGFW, and Prisma Access remain unaffected.

Affected products
Product Identifier Version Remediation
vers:unknown/*
Palo Alto Networks / PAN-OS
vers:unknown/*
vers:unknown/*
Palo Alto Networks / Panorama
vers:unknown/*

A server-side request forgery (SSRF) vulnerability in Palo Alto Networks PAN-OS allows authenticated administrators with management web interface access to make unauthorized internal service requests, with risk mitigated by restricting management interface access to trusted IPs.

CWE-918 - Server-Side Request Forgery (SSRF)
Affected products
Product Identifier Version Remediation
vers:unknown/*
Palo Alto Networks / PAN-OS
vers:unknown/*
vers:unknown/*
Palo Alto Networks / Panorama
vers:unknown/*

A command injection vulnerability in Palo Alto Networks PAN-OS management plane allows authenticated administrators to execute arbitrary root OS commands on PA-Series, VM-Series firewalls, and Panorama devices.

CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Affected products
Product Identifier Version Remediation
vers:unknown/*
Palo Alto Networks / PAN-OS
vers:unknown/*
vers:unknown/*
Palo Alto Networks / Panorama
vers:unknown/*

Multiple denial of service vulnerabilities in Palo Alto Networks PAN-OS allow unauthenticated attackers with network access to cause a DoS condition and force the firewall into maintenance mode, with Panorama unaffected.

CWE-754 - Improper Check for Unusual or Exceptional Conditions
Affected products
Product Identifier Version Remediation
vers:unknown/*
Palo Alto Networks / PAN-OS
vers:unknown/*
vers:unknown/*
Palo Alto Networks / Panorama
vers:unknown/*

Multiple buffer overflow vulnerabilities in the User-ID Terminal Server Agent of Palo Alto Networks PAN-OS allow unauthenticated attackers to cause denial of service or execute arbitrary code, with Panorama unaffected and risk limited by internal IP restrictions.

CWE-787 - Out-of-bounds Write
Affected products
Product Identifier Version Remediation
vers:unknown/*
Palo Alto Networks / PAN-OS
vers:unknown/*
vers:unknown/*
Palo Alto Networks / Panorama
vers:unknown/*

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "nl",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n    NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n    NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n    This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
      },
      {
        "category": "description",
        "text": "Palo Alto Networks heeft meerdere kwetsbaarheden verholpen in PAN-OS software, specifiek in PA-Series en VM-Series firewalls, evenals Panorama management platforms.",
        "title": "Feiten"
      },
      {
        "category": "description",
        "text": "De kwetsbaarheden betreffen verschillende onderdelen van PAN-OS.\n- Er zijn meerdere cross-site scripting (XSS) kwetsbaarheden in de User-ID Authentication Portal, GlobalProtect gateway/portal en Clientless VPN modules, die ongeauthenticeerde aanvallers in staat stellen om willekeurige JavaScript-code uit te voeren.\n- Een IPv6-pakketverwerkingsfout maakt het mogelijk om firewall security policies te omzeilen, waardoor toegang tot normaal beschermde services mogelijk is.\n- Een informatielek laat een ongeauthenticeerde aanvaller met netwerktoegang tot de management webinterface toe om sessietokens te verkrijgen via een kwaadaardige link.\n- Daarnaast bestaat er een kwetsbaarheid waardoor ongeauthenticeerde aanvallers bestanden kunnen verwijderen uit een tijdelijke map via de management webinterface.\n- De Large Scale VPN (LSVPN) feature kent een authenticatie-omzeilingsfout, waarmee onbevoegden site-to-site VPN-verbindingen kunnen opzetten, en een XML-injectie die kan leiden tot ongeautoriseerde informatietoegang of datacorruptie.\n- Een server-side request forgery (SSRF) kwetsbaarheid maakt het mogelijk voor geauthenticeerde beheerders om ongeautoriseerde verzoeken naar interne services te sturen.\n- Verder is er een command injection kwetsbaarheid in de management plane die geauthenticeerde beheerders root-toegang tot het besturingssysteem kan geven.\n- Meerdere denial of service (DoS) kwetsbaarheden kunnen door ongeauthenticeerde aanvallers een firewall in onderhoudsmodus dwingen, wat de normale werking verstoort.\n- Tenslotte zijn er buffer overflow kwetsbaarheden in de User-ID Terminal Server Agent die DoS of remote code execution mogelijk maken.\n \nDe Cloud NGFW en Prisma Access producten zijn niet getroffen door deze kwetsbaarheden. Beperking van toegang tot de management interface tot vertrouwde interne IP-adressen vermindert het risico op exploitatie.",
        "title": "Interpretaties"
      },
      {
        "category": "description",
        "text": "Palo Alto Networks heeft updates uitgebracht om de kwetsbaarheden in PAN-OS te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
        "title": "Oplossingen"
      },
      {
        "category": "general",
        "text": "medium",
        "title": "Kans"
      },
      {
        "category": "general",
        "text": "high",
        "title": "Schade"
      },
      {
        "category": "general",
        "text": "Improper Input Validation",
        "title": "CWE-20"
      },
      {
        "category": "general",
        "text": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
        "title": "CWE-74"
      },
      {
        "category": "general",
        "text": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
        "title": "CWE-78"
      },
      {
        "category": "general",
        "text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
        "title": "CWE-79"
      },
      {
        "category": "general",
        "text": "Incorrect Calculation of Buffer Size",
        "title": "CWE-131"
      },
      {
        "category": "general",
        "text": "Missing Authentication for Critical Function",
        "title": "CWE-306"
      },
      {
        "category": "general",
        "text": "Use of Cache Containing Sensitive Information",
        "title": "CWE-524"
      },
      {
        "category": "general",
        "text": "Improper Check for Unusual or Exceptional Conditions",
        "title": "CWE-754"
      },
      {
        "category": "general",
        "text": "Out-of-bounds Write",
        "title": "CWE-787"
      },
      {
        "category": "general",
        "text": "Server-Side Request Forgery (SSRF)",
        "title": "CWE-918"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "cert@ncsc.nl",
      "name": "Nationaal Cyber Security Centrum",
      "namespace": "https://www.ncsc.nl/"
    },
    "references": [
      {
        "category": "external",
        "summary": "Reference",
        "url": "https://security.paloaltonetworks.com/json/CVE-2026-0279"
      },
      {
        "category": "external",
        "summary": "Reference",
        "url": "https://security.paloaltonetworks.com/json/CVE-2026-0280"
      },
      {
        "category": "external",
        "summary": "Reference",
        "url": "https://security.paloaltonetworks.com/json/CVE-2026-0281"
      },
      {
        "category": "external",
        "summary": "Reference",
        "url": "https://security.paloaltonetworks.com/json/CVE-2026-0282"
      },
      {
        "category": "external",
        "summary": "Reference",
        "url": "https://security.paloaltonetworks.com/json/CVE-2026-0283"
      },
      {
        "category": "external",
        "summary": "Reference",
        "url": "https://security.paloaltonetworks.com/json/CVE-2026-0284"
      },
      {
        "category": "external",
        "summary": "Reference",
        "url": "https://security.paloaltonetworks.com/json/CVE-2026-0285"
      },
      {
        "category": "external",
        "summary": "Reference",
        "url": "https://security.paloaltonetworks.com/json/CVE-2026-0286"
      },
      {
        "category": "external",
        "summary": "Reference",
        "url": "https://security.paloaltonetworks.com/json/CVE-2026-0287"
      },
      {
        "category": "external",
        "summary": "Reference",
        "url": "https://security.paloaltonetworks.com/json/CVE-2026-0288"
      }
    ],
    "title": "Kwetsbaarheden verholpen in Palo Alto Networks PAN-OS",
    "tracking": {
      "current_release_date": "2026-07-13T08:27:56.212302Z",
      "generator": {
        "date": "2025-08-04T16:30:00Z",
        "engine": {
          "name": "V.A.",
          "version": "1.3"
        }
      },
      "id": "NCSC-2026-0227",
      "initial_release_date": "2026-07-13T08:27:56.212302Z",
      "revision_history": [
        {
          "date": "2026-07-13T08:27:56.212302Z",
          "number": "1.0.0",
          "summary": "Initiele versie"
        }
      ],
      "status": "final",
      "version": "1.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-1"
                }
              }
            ],
            "category": "product_name",
            "name": "PAN-OS"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-2"
                }
              }
            ],
            "category": "product_name",
            "name": "Panorama"
          }
        ],
        "category": "vendor",
        "name": "Palo Alto Networks"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-0279",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
          "title": "CWE-79"
        },
        {
          "category": "description",
          "text": "Multiple cross-site scripting vulnerabilities in Palo Alto Networks PAN-OS software\u0027s User-ID Authentication Portal, GlobalProtect gateway/portal, and Clientless VPN allow unauthenticated attackers to execute malicious JavaScript, affecting PA-Series, VM-Series firewalls, and Panorama but not Cloud NGFW.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-0279 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-0279.json"
        }
      ],
      "title": "CVE-2026-0279"
    },
    {
      "cve": "CVE-2026-0280",
      "cwe": {
        "id": "CWE-131",
        "name": "Incorrect Calculation of Buffer Size"
      },
      "notes": [
        {
          "category": "other",
          "text": "Incorrect Calculation of Buffer Size",
          "title": "CWE-131"
        },
        {
          "category": "description",
          "text": "A vulnerability in Palo Alto Networks PAN-OS IPv6 packet processing allows unauthenticated attackers to bypass firewall security policies and access protected services, with Cloud NGFW and Panorama unaffected.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/AU:Y/V:D/RE:M/U:Amber",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-0280 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-0280.json"
        }
      ],
      "title": "CVE-2026-0280"
    },
    {
      "cve": "CVE-2026-0281",
      "cwe": {
        "id": "CWE-524",
        "name": "Use of Cache Containing Sensitive Information"
      },
      "notes": [
        {
          "category": "other",
          "text": "Use of Cache Containing Sensitive Information",
          "title": "CWE-524"
        },
        {
          "category": "description",
          "text": "An information disclosure vulnerability in Palo Alto Networks PAN-OS allows unauthenticated attackers with network access to the management web interface to obtain web session tokens if a legitimate user clicks a malicious link, affecting PA-Series, VM-Series firewalls, and Panorama.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/AU:N/R:A/V:D/RE:M/U:Amber",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-0281 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-0281.json"
        }
      ],
      "title": "CVE-2026-0281"
    },
    {
      "cve": "CVE-2026-0282",
      "notes": [
        {
          "category": "description",
          "text": "A file deletion vulnerability in Palo Alto Networks PAN-OS allows unauthenticated attackers with network access to the management web interface to delete files from a temporary directory, affecting PA-Series, VM-Series firewalls, and Panorama.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-0282 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-0282.json"
        }
      ],
      "title": "CVE-2026-0282"
    },
    {
      "cve": "CVE-2026-0283",
      "cwe": {
        "id": "CWE-306",
        "name": "Missing Authentication for Critical Function"
      },
      "notes": [
        {
          "category": "other",
          "text": "Missing Authentication for Critical Function",
          "title": "CWE-306"
        },
        {
          "category": "description",
          "text": "An authentication bypass vulnerability in the Large Scale VPN (LSVPN) feature of Palo Alto Networks PAN-OS software enables attackers with network access to establish unauthorized site-to-site VPN connections, excluding Panorama, Cloud NGFW, and Prisma Access.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:H/SI:L/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-0283 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-0283.json"
        }
      ],
      "title": "CVE-2026-0283"
    },
    {
      "cve": "CVE-2026-0284",
      "notes": [
        {
          "category": "description",
          "text": "An XML injection vulnerability in Palo Alto Networks PAN-OS Large Scale VPN feature allows unauthenticated network attackers to inject malicious XML, risking information disclosure or data corruption, while Panorama, Cloud NGFW, and Prisma Access remain unaffected.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:H/SI:L/SA:L/E:U/AU:N/R:A/V:D/RE:M/U:Amber",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-0284 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-0284.json"
        }
      ],
      "title": "CVE-2026-0284"
    },
    {
      "cve": "CVE-2026-0285",
      "cwe": {
        "id": "CWE-918",
        "name": "Server-Side Request Forgery (SSRF)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Server-Side Request Forgery (SSRF)",
          "title": "CWE-918"
        },
        {
          "category": "description",
          "text": "A server-side request forgery (SSRF) vulnerability in Palo Alto Networks PAN-OS allows authenticated administrators with management web interface access to make unauthorized internal service requests, with risk mitigated by restricting management interface access to trusted IPs.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-0285 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-0285.json"
        }
      ],
      "title": "CVE-2026-0285"
    },
    {
      "cve": "CVE-2026-0286",
      "cwe": {
        "id": "CWE-78",
        "name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
          "title": "CWE-78"
        },
        {
          "category": "description",
          "text": "A command injection vulnerability in Palo Alto Networks PAN-OS management plane allows authenticated administrators to execute arbitrary root OS commands on PA-Series, VM-Series firewalls, and Panorama devices.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-0286 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-0286.json"
        }
      ],
      "title": "CVE-2026-0286"
    },
    {
      "cve": "CVE-2026-0287",
      "cwe": {
        "id": "CWE-754",
        "name": "Improper Check for Unusual or Exceptional Conditions"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Check for Unusual or Exceptional Conditions",
          "title": "CWE-754"
        },
        {
          "category": "description",
          "text": "Multiple denial of service vulnerabilities in Palo Alto Networks PAN-OS allow unauthenticated attackers with network access to cause a DoS condition and force the firewall into maintenance mode, with Panorama unaffected.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:C/RE:M/U:Amber",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-0287 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-0287.json"
        }
      ],
      "title": "CVE-2026-0287"
    },
    {
      "cve": "CVE-2026-0288",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "other",
          "text": "Out-of-bounds Write",
          "title": "CWE-787"
        },
        {
          "category": "description",
          "text": "Multiple buffer overflow vulnerabilities in the User-ID Terminal Server Agent of Palo Alto Networks PAN-OS allow unauthenticated attackers to cause denial of service or execute arbitrary code, with Panorama unaffected and risk limited by internal IP restrictions.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:U/AU:N/R:U/V:D/RE:M/U:Red",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-0288 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-0288.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2"
          ]
        }
      ],
      "title": "CVE-2026-0288"
    }
  ]
}



Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…