Common Weakness Enumeration

CWE-787

Allowed-with-Review

Out-of-bounds Write

Abstraction: Base · Status: Draft

The product writes data past the end, or before the beginning, of the intended buffer.

15096 vulnerabilities reference this CWE, most recent first.

CVE-2026-0875 (GCVE-0-2026-0875)

Vulnerability from cvelistv5 – Published: 2026-02-18 19:39 – Updated: 2026-05-08 18:27
VLAI
Title
MODEL File Parsing Out-of-Bounds Write
Summary
A maliciously crafted MODEL file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
Autodesk Shared Components Affected: 1.9.0.7 , < 1.10.0.4 (custom)
    cpe:2.3:a:autodesk:shared_components:1.9.0.7:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-0875",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-19T04:55:51.947581Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T14:44:15.726Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:autodesk:shared_components:1.9.0.7:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Shared Components",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "1.10.0.4",
              "status": "affected",
              "version": "1.9.0.7",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A maliciously crafted MODEL file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process."
            }
          ],
          "value": "A maliciously crafted MODEL file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787 Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-08T18:27:50.946Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2026-0004"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://www.autodesk.com/products/autodesk-access/overview"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "MODEL File Parsing Out-of-Bounds Write",
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2026-0875",
    "datePublished": "2026-02-18T19:39:27.111Z",
    "dateReserved": "2026-01-13T12:37:27.702Z",
    "dateUpdated": "2026-05-08T18:27:50.946Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-0874 (GCVE-0-2026-0874)

Vulnerability from cvelistv5 – Published: 2026-02-18 19:38 – Updated: 2026-05-08 18:27
VLAI
Title
CATPART File Parsing Out-of-Bounds Write
Summary
A maliciously crafted CATPART file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
Autodesk Shared Components Affected: 1.9.0.7 , < 1.10.0.4 (custom)
    cpe:2.3:a:autodesk:shared_components:1.9.0.7:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-0874",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-19T04:55:51.174857Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T14:44:15.903Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:autodesk:shared_components:1.9.0.7:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Shared Components",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "1.10.0.4",
              "status": "affected",
              "version": "1.9.0.7",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A maliciously crafted CATPART file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process."
            }
          ],
          "value": "A maliciously crafted CATPART file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787 Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-08T18:27:20.652Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2026-0004"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://www.autodesk.com/products/autodesk-access/overview"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "CATPART File Parsing Out-of-Bounds Write",
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2026-0874",
    "datePublished": "2026-02-18T19:38:32.639Z",
    "dateReserved": "2026-01-13T12:36:42.762Z",
    "dateUpdated": "2026-05-08T18:27:20.652Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-0819 (GCVE-0-2026-0819)

Vulnerability from cvelistv5 – Published: 2026-03-19 16:54 – Updated: 2026-03-19 17:19
VLAI
Title
Stack buffer overflow in PKCS7 SignedData encoding with custom signed attributes
Summary
A stack buffer overflow vulnerability exists in wolfSSL's PKCS7 SignedData encoding functionality. In wc_PKCS7_BuildSignedAttributes(), when adding custom signed attributes, the code passes an incorrect capacity value (esd->signedAttribsCount) to EncodeAttributes() instead of the remaining available space in the fixed-size signedAttribs[7] array. When an application sets pkcs7->signedAttribsSz to a value greater than MAX_SIGNED_ATTRIBS_SZ (default 7) minus the number of default attributes already added, EncodeAttributes() writes beyond the array bounds, causing stack memory corruption. In WOLFSSL_SMALL_STACK builds, this becomes heap corruption. Exploitation requires an application that allows untrusted input to control the signedAttribs array size when calling wc_PKCS7_EncodeSignedData() or related signing functions.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
Vendor Product Version
wolfSSL wolfSSL Affected: 5.5.0 , < 5.9.0 (semver)
Create a notification for this product.
Credits
Maor Caplan
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-0819",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-19T17:19:26.928139Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-19T17:19:37.134Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "wolfcrypt PKCS7"
          ],
          "product": "wolfSSL",
          "programFiles": [
            "wolfcrypt/src/pkcs7.c"
          ],
          "programRoutines": [
            {
              "name": "wc_PKCS7_EncodeSignedData()"
            }
          ],
          "repo": "https://github.com/wolfSSL/wolfssl",
          "vendor": "wolfSSL",
          "versions": [
            {
              "lessThan": "5.9.0",
              "status": "affected",
              "version": "5.5.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Maor Caplan"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eA stack buffer overflow vulnerability exists in wolfSSL\u0027s PKCS7 SignedData encoding functionality. In wc_PKCS7_BuildSignedAttributes(), when adding custom signed attributes, the code passes an incorrect capacity value (esd-\u0026gt;signedAttribsCount) to EncodeAttributes() instead of the remaining available space in the fixed-size signedAttribs[7] array. When an application sets pkcs7-\u0026gt;signedAttribsSz to a value greater than MAX_SIGNED_ATTRIBS_SZ (default 7) minus the number of default attributes already added, EncodeAttributes() writes beyond the array bounds, causing stack memory corruption. In WOLFSSL_SMALL_STACK builds, this becomes heap corruption. Exploitation requires an application that allows untrusted input to control the signedAttribs array size when calling wc_PKCS7_EncodeSignedData() or related signing functions.\u003c/p\u003e"
            }
          ],
          "value": "A stack buffer overflow vulnerability exists in wolfSSL\u0027s PKCS7 SignedData encoding functionality. In wc_PKCS7_BuildSignedAttributes(), when adding custom signed attributes, the code passes an incorrect capacity value (esd-\u003esignedAttribsCount) to EncodeAttributes() instead of the remaining available space in the fixed-size signedAttribs[7] array. When an application sets pkcs7-\u003esignedAttribsSz to a value greater than MAX_SIGNED_ATTRIBS_SZ (default 7) minus the number of default attributes already added, EncodeAttributes() writes beyond the array bounds, causing stack memory corruption. In WOLFSSL_SMALL_STACK builds, this becomes heap corruption. Exploitation requires an application that allows untrusted input to control the signedAttribs array size when calling wc_PKCS7_EncodeSignedData() or related signing functions."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "LOCAL",
            "baseScore": 2.2,
            "baseSeverity": "LOW",
            "exploitMaturity": "UNREPORTED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121: Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787: Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-19T16:54:33.442Z",
        "orgId": "50d2cd11-d01a-48ed-9441-5bfce9d63b27",
        "shortName": "wolfSSL"
      },
      "references": [
        {
          "name": "GitHub Pull Request",
          "url": "https://github.com/wolfSSL/wolfssl/pull/9630"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eUpdate to the patched version of wolfSSL. The fix adds proper bounds checking in wc_PKCS7_BuildSignedAttributes() to validate that the number of custom signed attributes does not exceed the available space in the fixed-size signedAttribs array, returning BUFFER_E if the limit is exceeded.\u003c/p\u003e"
            }
          ],
          "value": "Update to the patched version of wolfSSL. The fix adds proper bounds checking in wc_PKCS7_BuildSignedAttributes() to validate that the number of custom signed attributes does not exceed the available space in the fixed-size signedAttribs array, returning BUFFER_E if the limit is exceeded."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Stack buffer overflow in PKCS7 SignedData encoding with custom signed attributes",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eEnsure that applications using wolfSSL PKCS7 signing functionality validate and limit the number of custom signed attributes (signedAttribsSz) to no more than MAX_SIGNED_ATTRIBS_SZ (default 7) minus the number of default signed attributes enabled. Do not allow untrusted input to control the signedAttribs array or its size.\u003c/p\u003e"
            }
          ],
          "value": "Ensure that applications using wolfSSL PKCS7 signing functionality validate and limit the number of custom signed attributes (signedAttribsSz) to no more than MAX_SIGNED_ATTRIBS_SZ (default 7) minus the number of default signed attributes enabled. Do not allow untrusted input to control the signedAttribs array or its size."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "50d2cd11-d01a-48ed-9441-5bfce9d63b27",
    "assignerShortName": "wolfSSL",
    "cveId": "CVE-2026-0819",
    "datePublished": "2026-03-19T16:54:33.442Z",
    "dateReserved": "2026-01-09T17:04:43.340Z",
    "dateUpdated": "2026-03-19T17:19:37.134Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-0665 (GCVE-0-2026-0665)

Vulnerability from cvelistv5 – Published: 2026-02-18 20:50 – Updated: 2026-02-18 21:27
VLAI
Title
Qemu-kvm: heap off-by-one in kvm xen physdevop_map_pirq
Summary
An off-by-one error was found in QEMU's KVM Xen guest support. A malicious guest could use this flaw to trigger out-of-bounds heap accesses in the QEMU process via the emulated Xen physdev hypercall interface, leading to a denial of service or potential memory corruption.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
URL Tags
https://access.redhat.com/security/cve/CVE-2026-0665 vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2428640 issue-trackingx_refsource_REDHAT
Impacted products
Vendor Product Version
Affected: 8.0.0 , ≤ 10.2.0 (semver)
Red Hat Red Hat Enterprise Linux 10     cpe:/o:redhat:enterprise_linux:10
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
Create a notification for this product.
Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
Create a notification for this product.
Date Public
2026-01-09 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-0665",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-18T21:26:51.744252Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-18T21:27:14.216Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://gitlab.com/qemu-project/qemu",
          "defaultStatus": "unaffected",
          "packageName": "qemu",
          "versions": [
            {
              "lessThanOrEqual": "10.2.0",
              "status": "affected",
              "version": "8.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:10"
          ],
          "defaultStatus": "unaffected",
          "packageName": "qemu-kvm",
          "product": "Red Hat Enterprise Linux 10",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "unaffected",
          "packageName": "qemu-kvm",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unaffected",
          "packageName": "qemu-kvm",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unaffected",
          "packageName": "qemu-kvm-ma",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "unaffected",
          "packageName": "virt:rhel/qemu-kvm",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9"
          ],
          "defaultStatus": "unaffected",
          "packageName": "qemu-kvm",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4"
          ],
          "defaultStatus": "unaffected",
          "packageName": "rhcos",
          "product": "Red Hat OpenShift Container Platform 4",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2026-01-09T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "An off-by-one error was found in QEMU\u0027s KVM Xen guest support. A malicious guest could use this flaw to trigger out-of-bounds heap accesses in the QEMU process via the emulated Xen physdev hypercall interface, leading to a denial of service or potential memory corruption."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-18T20:50:03.724Z",
        "orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
        "shortName": "fedora"
      },
      "references": [
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2026-0665"
        },
        {
          "name": "RHBZ#2428640",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428640"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-01-12T00:00:00.000Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2026-01-09T00:00:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Qemu-kvm: heap off-by-one in kvm xen physdevop_map_pirq",
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-787: Out-of-bounds Write"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
    "assignerShortName": "fedora",
    "cveId": "CVE-2026-0665",
    "datePublished": "2026-02-18T20:50:03.724Z",
    "dateReserved": "2026-01-07T12:09:11.643Z",
    "dateUpdated": "2026-02-18T21:27:14.216Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-0661 (GCVE-0-2026-0661)

Vulnerability from cvelistv5 – Published: 2026-02-04 16:27 – Updated: 2026-06-03 13:37
VLAI
Title
Out-of-Bounds Write in RGB File Parsing
Summary
A maliciously crafted RGB file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
Autodesk 3ds Max Affected: 2026 , < 2026.3.2 (custom)
    cpe:2.3:a:autodesk:3ds_max:2026:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-0661",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-06T04:55:23.983770Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T15:04:19.691Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:autodesk:3ds_max:2026:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "3ds Max",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2026.3.2",
              "status": "affected",
              "version": "2026",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A maliciously crafted RGB file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process."
            }
          ],
          "value": "A maliciously crafted RGB file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787 Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-03T13:37:43.942Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "tags": [
            "patch"
          ],
          "url": "https://www.autodesk.com/products/autodesk-access/overview"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2026-0002"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Out-of-Bounds Write in RGB File Parsing",
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2026-0661",
    "datePublished": "2026-02-04T16:27:13.416Z",
    "dateReserved": "2026-01-06T19:58:23.903Z",
    "dateUpdated": "2026-06-03T13:37:43.942Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-0659 (GCVE-0-2026-0659)

Vulnerability from cvelistv5 – Published: 2026-02-04 16:01 – Updated: 2026-02-26 15:04
VLAI
Title
USD File Parsing Out-of-Bounds Write Vulnerability
Summary
A maliciously crafted USD file, when loaded or imported into Autodesk Arnold or Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
Autodesk USD for Arnold Affected: 7.4.4.1 , < 7.4.4.2 (custom)
    cpe:2.3:a:autodesk:usd_for_arnold:arnold_usd_7.4.4.1:*:*:*:*:*:*:*
Create a notification for this product.
Autodesk Arnold Affected: 7.4.4.1 , < 7.4.4.2 (custom)
    cpe:2.3:a:autodesk:arnold:7.4.4.2:*:*:*:*:*:*:*
Create a notification for this product.
Autodesk 3ds Max Affected: 2026.2 , < 2026.3.2 (custom)
    cpe:2.3:a:autodesk:3ds_max:2026.2:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-0659",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-06T04:55:25.642059Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T15:04:20.838Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:autodesk:usd_for_arnold:arnold_usd_7.4.4.1:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "USD for Arnold",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "7.4.4.2",
              "status": "affected",
              "version": "7.4.4.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:arnold:7.4.4.2:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Arnold",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "7.4.4.2",
              "status": "affected",
              "version": "7.4.4.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:3ds_max:2026.2:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "3ds Max",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2026.3.2",
              "status": "affected",
              "version": "2026.2",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A maliciously crafted USD file, when loaded or imported into Autodesk Arnold or Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process."
            }
          ],
          "value": "A maliciously crafted USD file, when loaded or imported into Autodesk Arnold or Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787 Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-04T16:01:27.307Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "tags": [
            "patch"
          ],
          "url": "https://www.autodesk.com/products/autodesk-access/overview"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/Autodesk/arnold-usd"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2026-0003"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "USD File Parsing Out-of-Bounds Write Vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2026-0659",
    "datePublished": "2026-02-04T16:01:27.307Z",
    "dateReserved": "2026-01-06T19:58:21.363Z",
    "dateUpdated": "2026-02-26T15:04:20.838Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-0538 (GCVE-0-2026-0538)

Vulnerability from cvelistv5 – Published: 2026-02-04 16:24 – Updated: 2026-06-03 13:33
VLAI
Title
GIF File Parsing Out-of-Bounds Write
Summary
A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
Autodesk 3ds Max Affected: 2026 , < 2026.3.2 (custom)
    cpe:2.3:a:autodesk:3ds_max:2026:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-0538",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-06T04:55:21.365758Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T15:04:20.268Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:autodesk:3ds_max:2026:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "3ds Max",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2026.3.2",
              "status": "affected",
              "version": "2026",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process."
            }
          ],
          "value": "A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787 Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-03T13:33:18.853Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "tags": [
            "patch"
          ],
          "url": "https://www.autodesk.com/products/autodesk-access/overview"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2026-0002"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "GIF File Parsing Out-of-Bounds Write",
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2026-0538",
    "datePublished": "2026-02-04T16:24:36.976Z",
    "dateReserved": "2025-12-23T07:18:10.337Z",
    "dateUpdated": "2026-06-03T13:33:18.853Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-0537 (GCVE-0-2026-0537)

Vulnerability from cvelistv5 – Published: 2026-02-04 16:26 – Updated: 2026-06-03 13:31
VLAI
Title
RGB File Parsing Memory Corruption
Summary
A maliciously crafted RGB file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
Autodesk 3ds Max Affected: 2026 , < 2026.3.2 (custom)
    cpe:2.3:a:autodesk:3ds_max:2026:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-0537",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-06T04:55:23.158110Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T15:04:19.968Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:autodesk:3ds_max:2026:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "3ds Max",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2026.3.2",
              "status": "affected",
              "version": "2026",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A maliciously crafted RGB file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process."
            }
          ],
          "value": "A maliciously crafted RGB file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787 Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-03T13:31:03.149Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "tags": [
            "patch"
          ],
          "url": "https://www.autodesk.com/products/autodesk-access/overview"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2026-0002"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "RGB File Parsing Memory Corruption",
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2026-0537",
    "datePublished": "2026-02-04T16:26:01.689Z",
    "dateReserved": "2025-12-23T07:17:33.132Z",
    "dateUpdated": "2026-06-03T13:31:03.149Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-0536 (GCVE-0-2026-0536)

Vulnerability from cvelistv5 – Published: 2026-02-04 18:12 – Updated: 2026-02-26 15:04
VLAI
Title
GIF File Parsing Stack Based Buffer Overflow
Summary
A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can cause a Stack-Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
Autodesk 3ds Max Affected: 2026 , < 2026.3.2 (custom)
    cpe:2.3:a:autodesk:3ds_max:2026:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-0536",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-05T04:55:18.332251Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T15:04:18.760Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:autodesk:3ds_max:2026:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "3ds Max",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2026.3.2",
              "status": "affected",
              "version": "2026",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can cause a Stack-Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process."
            }
          ],
          "value": "A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can cause a Stack-Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787 Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-04T18:31:40.462Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "tags": [
            "patch"
          ],
          "url": "https://www.autodesk.com/products/autodesk-access/overview"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2026-0002"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "GIF File Parsing Stack Based Buffer Overflow",
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2026-0536",
    "datePublished": "2026-02-04T18:12:56.985Z",
    "dateReserved": "2025-12-23T07:15:48.479Z",
    "dateUpdated": "2026-02-26T15:04:18.760Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-0300 (GCVE-0-2026-0300)

Vulnerability from cvelistv5 – Published: 2026-05-06 18:57 – Updated: 2026-07-14 12:45
VLAI
Title
PAN-OS: Unauthenticated user initiated Buffer Overflow Vulnerability in User-ID™ Authentication Portal
Summary
A buffer overflow vulnerability in the User-ID™ Authentication Portal (aka Captive Portal) service of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets. The risk of this issue is greatly reduced if you secure access to the User-ID™ Authentication Portal per the best practice guidelines https://knowledgebase.paloaltonetworks.com/KCSArticleDetail by restricting access to only trusted internal IP addresses. Prisma Access, Cloud NGFW and Panorama appliances are not impacted by this vulnerability.
SSVC
Exploitation: active Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
Palo Alto Networks Cloud NGFW Unaffected: All (custom)
Create a notification for this product.
Palo Alto Networks PAN-OS Affected: 12.1.0 , < 12.1.7 (custom)
Affected: 11.2.0 , < 11.2.12 (custom)
Affected: 11.1.0 , < 11.1.15 (custom)
Affected: 10.2.0 , < 10.2.18-h6 (custom)
    cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h3:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h2:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:-:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h4:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h3:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h2:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h1:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:-:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h11:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h10:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h8:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h7:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h4:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h3:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h2:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h1:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:-:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h15:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h14:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h12:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h11:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h10:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h9:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h8:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h7:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h6:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h5:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h4:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h3:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h2:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h1:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:-:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h3:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h2:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h1:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:-:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h21:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h12:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h10:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h9:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h7:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h5:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h4:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h1:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:-:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h29:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h25:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h23:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h22:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h21:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h20:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h19:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h18:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h17:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h14:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h10:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h7:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h6:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h4:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h3:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h2:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h1:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:-:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h27:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h25:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h18:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h17:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h15:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h13:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h12:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h11:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h10:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h9:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h8:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h7:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h6:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h5:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h4:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h3:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h2:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h1:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:-:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h1:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:-:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h6:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h4:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h1:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:-:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h18:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h16:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h15:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h10:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h7:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h5:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h4:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h3:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h2:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h1:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:-:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h31:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h30:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h27:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h26:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h23:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h21:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h18:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h17:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h14:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h13:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h12:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h11:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h10:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h9:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h8:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h7:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h6:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h5:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h4:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h3:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h2:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h1:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:-:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h32:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h24:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h23:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h22:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h21:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h20:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h19:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h18:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h17:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h16:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h15:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h14:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h13:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h12:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h11:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h10:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h9:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h8:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h7:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h6:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h5:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h4:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h3:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h2:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h1:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:-:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*
    cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*
Create a notification for this product.
Palo Alto Networks Prisma Access Unaffected: All (custom)
Create a notification for this product.
Siemens RUGGEDCOM APE1808 Affected: 0 , < * (custom)
Create a notification for this product.
Date Public
2026-05-05 23:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-0300",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-06T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2026-05-06",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-0300"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-07T03:55:34.043Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-0300"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2026-05-06T00:00:00.000Z",
            "value": "CVE-2026-0300 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      },
      {
        "affected": [
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM APE1808",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-14T12:45:19.808Z",
          "orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
          "shortName": "siemens-SADP"
        },
        "references": [
          {
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-967325.html"
          }
        ],
        "x_adpType": "supplier"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Cloud NGFW",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "status": "unaffected",
              "version": "All",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h3:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h2:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:-:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h4:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h3:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h2:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h1:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:-:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h11:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h10:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h8:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h7:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h4:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h3:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h2:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h1:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:-:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h15:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h14:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h12:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h11:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h10:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h9:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h8:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h7:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h6:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h5:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h4:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h3:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h2:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h1:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:-:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h3:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h2:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h1:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:-:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h21:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h12:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h10:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h9:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h7:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h5:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h4:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h1:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:-:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h29:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h25:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h23:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h22:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h21:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h20:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h19:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h18:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h17:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h14:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h10:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h7:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h6:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h4:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h3:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h2:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h1:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:-:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h27:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h25:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h18:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h17:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h15:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h13:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h12:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h11:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h10:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h9:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h8:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h7:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h6:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h5:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h4:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h3:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h2:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h1:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:-:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h1:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:-:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h6:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h4:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h1:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:-:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h18:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h16:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h15:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h10:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h7:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h5:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h4:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h3:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h2:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h1:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:-:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h31:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h30:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h27:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h26:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h23:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h21:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h18:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h17:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h14:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h13:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h12:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h11:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h10:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h9:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h8:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h7:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h6:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h5:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h4:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h3:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h2:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h1:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:-:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h32:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h24:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h23:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h22:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h21:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h20:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h19:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h18:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h17:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h16:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h15:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h14:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h13:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h12:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h11:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h10:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h9:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h8:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h7:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h6:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h5:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h4:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h3:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h2:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h1:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:-:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "PAN-OS",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "changes": [
                {
                  "at": "12.1.7",
                  "status": "unaffected"
                },
                {
                  "at": "12.1.4-h5",
                  "status": "unaffected"
                }
              ],
              "lessThan": "12.1.7",
              "status": "affected",
              "version": "12.1.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "11.2.12",
                  "status": "unaffected"
                },
                {
                  "at": "11.2.10-h6",
                  "status": "unaffected"
                },
                {
                  "at": "11.2.7-h13",
                  "status": "unaffected"
                },
                {
                  "at": "11.2.4-h17",
                  "status": "unaffected"
                }
              ],
              "lessThan": "11.2.12",
              "status": "affected",
              "version": "11.2.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "11.1.15",
                  "status": "unaffected"
                },
                {
                  "at": "11.1.13-h5",
                  "status": "unaffected"
                },
                {
                  "at": "11.1.10-h25",
                  "status": "unaffected"
                },
                {
                  "at": "11.1.7-h6",
                  "status": "unaffected"
                },
                {
                  "at": "11.1.6-h32",
                  "status": "unaffected"
                },
                {
                  "at": "11.1.4-h33",
                  "status": "unaffected"
                }
              ],
              "lessThan": "11.1.15",
              "status": "affected",
              "version": "11.1.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "10.2.18-h6",
                  "status": "unaffected"
                },
                {
                  "at": "10.2.16-h7",
                  "status": "unaffected"
                },
                {
                  "at": "10.2.13-h21",
                  "status": "unaffected"
                },
                {
                  "at": "10.2.10-h36",
                  "status": "unaffected"
                },
                {
                  "at": "10.2.7-h34",
                  "status": "unaffected"
                }
              ],
              "lessThan": "10.2.18-h6",
              "status": "affected",
              "version": "10.2.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Prisma Access",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "status": "unaffected",
              "version": "All",
              "versionType": "custom"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "eng",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThis issue is applicable only to PA-Series and VM-Series firewalls that are configured to use User-ID\u2122 Authentication Portal.\u003cbr\u003e\u003cbr\u003eCustomers are impacted if both of the following conditions are true:\u003cbr\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eUser-ID\u2122 Authentication Portal configured in the User-ID\u2122 Authentication Portal Settings page.  You can verify the configuration by going to Device \u0026gt; User Identification \u0026gt; Authentication Portal Settings -\u0026gt; Enable Authentication Portal (applies to both transparent and redirect modes) \u003cb\u003eand\u003c/b\u003e\u003c/li\u003e\u003cli\u003eAn interface management profile with response pages enabled and associated with an external/internet-accessible interface.  You can verify the configuration by going to Network \u0026gt; Interface \u0026gt; Select the interface \u0026gt; Advanced Tab \u0026gt; Create Management Interface Profile.\u003cbr\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e"
            }
          ],
          "value": "This issue is applicable only to PA-Series and VM-Series firewalls that are configured to use User-ID\u2122 Authentication Portal.\n\nCustomers are impacted if both of the following conditions are true:\n\n\n * User-ID\u2122 Authentication Portal configured in the User-ID\u2122 Authentication Portal Settings page. You can verify the configuration by going to Device \u003e User Identification \u003e Authentication Portal Settings -\u003e Enable Authentication Portal (applies to both transparent and redirect modes) and\n * An interface management profile with response pages enabled and associated with an external/internet-accessible interface. You can verify the configuration by going to Network \u003e Interface \u003e Select the interface \u003e Advanced Tab \u003e Create Management Interface Profile."
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "12.1.4-h5",
                  "versionStartIncluding": "12.1.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "12.1.7",
                  "versionStartIncluding": "12.1.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "11.2.4-h17",
                  "versionStartIncluding": "11.2.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "11.2.7-h13",
                  "versionStartIncluding": "11.2.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "11.2.10-h6",
                  "versionStartIncluding": "11.2.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "11.2.12",
                  "versionStartIncluding": "11.2.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "11.1.4-h33",
                  "versionStartIncluding": "11.1.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "11.1.6-h32",
                  "versionStartIncluding": "11.1.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "11.1.7-h6",
                  "versionStartIncluding": "11.1.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "11.1.10-h25",
                  "versionStartIncluding": "11.1.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "11.1.13-h5",
                  "versionStartIncluding": "11.1.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "11.1.15",
                  "versionStartIncluding": "11.1.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.2.7-h34",
                  "versionStartIncluding": "10.2.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.2.10-h36",
                  "versionStartIncluding": "10.2.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.2.13-h21",
                  "versionStartIncluding": "10.2.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.2.16-h7",
                  "versionStartIncluding": "10.2.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.2.18-h6",
                  "versionStartIncluding": "10.2.18",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        }
      ],
      "datePublic": "2026-05-05T23:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eA buffer overflow vulnerability in the User-ID\u2122 Authentication Portal (aka Captive Portal) service of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets. \u003cbr\u003e\u003cbr\u003eThe risk of this issue is greatly reduced if you secure access to the User-ID\u2122 Authentication Portal per the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000CqbiCAC\"\u003ebest practice guidelines\u003c/a\u003e by restricting access to only trusted internal IP addresses.\u003cbr\u003e\u003cbr\u003ePrisma Access, Cloud NGFW and Panorama appliances are not impacted by this vulnerability. \u003c/p\u003e"
            }
          ],
          "value": "A buffer overflow vulnerability in the User-ID\u2122 Authentication Portal (aka Captive Portal) service of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets. \n\nThe risk of this issue is greatly reduced if you secure access to the User-ID\u2122 Authentication Portal per the  best practice guidelines https://knowledgebase.paloaltonetworks.com/KCSArticleDetail  by restricting access to only trusted internal IP addresses.\n\nPrisma Access, Cloud NGFW and Panorama appliances are not impacted by this vulnerability."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Limited exploitation has been observed targeting Palo Alto Networks User-ID\u2122 Authentication Portals that are exposed to untrusted IP addresses and/or the public internet. Customers following standard security best practices, such as restricting sensitive portals to trusted internal networks are at a greatly reduced risk."
            }
          ],
          "value": "Limited exploitation has been observed targeting Palo Alto Networks User-ID\u2122 Authentication Portals that are exposed to untrusted IP addresses and/or the public internet. Customers following standard security best practices, such as restricting sensitive portals to trusted internal networks are at a greatly reduced risk."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "YES",
            "Recovery": "USER",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 9.3,
            "baseSeverity": "CRITICAL",
            "exploitMaturity": "ATTACKED",
            "privilegesRequired": "NONE",
            "providerUrgency": "RED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "LOW",
            "subIntegrityImpact": "LOW",
            "userInteraction": "NONE",
            "valueDensity": "CONCENTRATED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N/E:A/AU:Y/R:U/V:C/RE:M/U:Red",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "MODERATE"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "The risk is highest when you configure the User-ID\u2122 Authentication Portal to enable access from the Internet or any untrusted network."
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "YES",
            "Recovery": "USER",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "ADJACENT",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "exploitMaturity": "ATTACKED",
            "privilegesRequired": "NONE",
            "providerUrgency": "RED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "LOW",
            "subIntegrityImpact": "LOW",
            "userInteraction": "NONE",
            "valueDensity": "CONCENTRATED",
            "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N/E:A/AU:Y/R:U/V:C/RE:M/U:Red",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "MODERATE"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "You can greatly reduce the risk of exploitation by restricting User-ID\u2122 Authentication Portal access to only trusted internal IP addresses and preventing its exposure to the internet."
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787: Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-06T22:09:48.796Z",
        "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "shortName": "palo_alto"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.paloaltonetworks.com/CVE-2026-0300"
        }
      ],
      "solutions": [
        {
          "lang": "eng",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "This issue will be fixed in upcoming releases of PAN-OS as captured in the table above.\u003cbr\u003e\u003cbr\u003eWe strongly recommend that you secure access to your User-ID\u2122 Authentication Portal following the instructions in the workarounds section below."
            }
          ],
          "value": "This issue will be fixed in upcoming releases of PAN-OS as captured in the table above.\n\nWe strongly recommend that you secure access to your User-ID\u2122 Authentication Portal following the instructions in the workarounds section below."
        }
      ],
      "source": {
        "discovery": "USER"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2026-05-06T17:27:00.000Z",
          "value": "Updated with Threat Prevention ID and clarified the Required Configuration section."
        },
        {
          "lang": "en",
          "time": "2026-05-05T23:00:00.000Z",
          "value": "Initial publication."
        }
      ],
      "title": "PAN-OS: Unauthenticated user initiated Buffer Overflow Vulnerability in User-ID\u2122 Authentication Portal",
      "workarounds": [
        {
          "lang": "eng",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Customers can mitigate the risk of this issue by taking either of the following actions:\u003cbr\u003e\u003cul\u003e\u003cli\u003eRestrict User-ID\u2122 Authentication Portal access to only trusted zones and in addition, disable Response Pages in the Interface Management Profile attached to every L3 interface in any zone where untrusted/internet traffic can ingress. Keep Response Pages enabled only on interfaces in trust/internal zones where legitimate users\u0027 browsers ingress. Refer to Step 6 of the following \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/general-articles/why-it-s-essential-to-secure-your-management-interface/ta-p/1001286\"\u003eLive Community article\u003c/a\u003e and \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000CqbiCAC\"\u003eKnowledgebase article\u003c/a\u003e for steps to restrict access.\u003cbr\u003e\u003c/li\u003e\u003cli\u003eDisable User-ID\u2122 Authentication Portal if not required.\u003cbr\u003e\u003c/li\u003e\u003c/ul\u003eCustomers with a Threat Prevention subscription can block attacks for this vulnerability by enabling Threat ID\u0026nbsp;510019 from Applications and Threats content version 9097-10022. Decoder capabilities necessitate PAN-OS 11.1 or a later version for Threat ID support."
            }
          ],
          "value": "Customers can mitigate the risk of this issue by taking either of the following actions:\n\n * Restrict User-ID\u2122 Authentication Portal access to only trusted zones and in addition, disable Response Pages in the Interface Management Profile attached to every L3 interface in any zone where untrusted/internet traffic can ingress. Keep Response Pages enabled only on interfaces in trust/internal zones where legitimate users\u0027 browsers ingress. Refer to Step 6 of the following Live Community article (https://live.paloaltonetworks.com/t5/general-articles/why-it-s-essential-to-secure-your-management-interface/ta-p/1001286) and Knowledgebase article (https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000CqbiCAC) for steps to restrict access.\n   \n * Disable User-ID\u2122 Authentication Portal if not required.\n   \n\nCustomers with a Threat Prevention subscription can block attacks for this vulnerability by enabling Threat ID 510019 from Applications and Threats content version 9097-10022. Decoder capabilities necessitate PAN-OS 11.1 or a later version for Threat ID support."
        }
      ],
      "x_affectedList": [
        "PAN-OS 12.1.6",
        "PAN-OS 12.1.5",
        "PAN-OS 12.1.4-h3",
        "PAN-OS 12.1.4-h2",
        "PAN-OS 12.1.4",
        "PAN-OS 12.1.3-h3",
        "PAN-OS 12.1.3-h1",
        "PAN-OS 12.1.3",
        "PAN-OS 12.1.2",
        "PAN-OS 11.2.11",
        "PAN-OS 11.2.10-h4",
        "PAN-OS 11.2.10-h3",
        "PAN-OS 11.2.10-h2",
        "PAN-OS 11.2.10-h1",
        "PAN-OS 11.2.10",
        "PAN-OS 11.2.9",
        "PAN-OS 11.2.8",
        "PAN-OS 11.2.7-h11",
        "PAN-OS 11.2.7-h10",
        "PAN-OS 11.2.7-h8",
        "PAN-OS 11.2.7-h7",
        "PAN-OS 11.2.7-h4",
        "PAN-OS 11.2.7-h3",
        "PAN-OS 11.2.7-h2",
        "PAN-OS 11.2.7-h1",
        "PAN-OS 11.2.7",
        "PAN-OS 11.2.6",
        "PAN-OS 11.2.5",
        "PAN-OS 11.2.4-h15",
        "PAN-OS 11.2.4-h14",
        "PAN-OS 11.2.4-h12",
        "PAN-OS 11.2.4-h11",
        "PAN-OS 11.2.4-h10",
        "PAN-OS 11.2.4-h9",
        "PAN-OS 11.2.4-h8",
        "PAN-OS 11.2.4-h7",
        "PAN-OS 11.2.4-h6",
        "PAN-OS 11.2.4-h5",
        "PAN-OS 11.2.4-h4",
        "PAN-OS 11.2.4-h3",
        "PAN-OS 11.2.4-h2",
        "PAN-OS 11.2.4-h1",
        "PAN-OS 11.2.4",
        "PAN-OS 11.2.3-h5",
        "PAN-OS 11.2.3-h4",
        "PAN-OS 11.2.3-h3",
        "PAN-OS 11.2.3-h2",
        "PAN-OS 11.2.3-h1",
        "PAN-OS 11.2.3",
        "PAN-OS 11.2.2-h2",
        "PAN-OS 11.2.2-h1",
        "PAN-OS 11.2.1-h1",
        "PAN-OS 11.2.1",
        "PAN-OS 11.2.0-h1",
        "PAN-OS 11.2.0",
        "PAN-OS 11.1.13-h3",
        "PAN-OS 11.1.13-h2",
        "PAN-OS 11.1.13-h1",
        "PAN-OS 11.1.13",
        "PAN-OS 11.1.12",
        "PAN-OS 11.1.11",
        "PAN-OS 11.1.10-h21",
        "PAN-OS 11.1.10-h12",
        "PAN-OS 11.1.10-h10",
        "PAN-OS 11.1.10-h9",
        "PAN-OS 11.1.10-h7",
        "PAN-OS 11.1.10-h5",
        "PAN-OS 11.1.10-h4",
        "PAN-OS 11.1.10-h1",
        "PAN-OS 11.1.10",
        "PAN-OS 11.1.9",
        "PAN-OS 11.1.8",
        "PAN-OS 11.1.6-h29",
        "PAN-OS 11.1.6-h25",
        "PAN-OS 11.1.6-h23",
        "PAN-OS 11.1.6-h22",
        "PAN-OS 11.1.6-h21",
        "PAN-OS 11.1.6-h20",
        "PAN-OS 11.1.6-h19",
        "PAN-OS 11.1.6-h18",
        "PAN-OS 11.1.6-h17",
        "PAN-OS 11.1.6-h14",
        "PAN-OS 11.1.6-h10",
        "PAN-OS 11.1.6-h7",
        "PAN-OS 11.1.6-h6",
        "PAN-OS 11.1.6-h4",
        "PAN-OS 11.1.6-h3",
        "PAN-OS 11.1.6-h2",
        "PAN-OS 11.1.6-h1",
        "PAN-OS 11.1.6",
        "PAN-OS 11.1.5-h1",
        "PAN-OS 11.1.5",
        "PAN-OS 11.1.4-h27",
        "PAN-OS 11.1.4-h25",
        "PAN-OS 11.1.4-h18",
        "PAN-OS 11.1.4-h17",
        "PAN-OS 11.1.4-h15",
        "PAN-OS 11.1.4-h13",
        "PAN-OS 11.1.4-h12",
        "PAN-OS 11.1.4-h11",
        "PAN-OS 11.1.4-h10",
        "PAN-OS 11.1.4-h9",
        "PAN-OS 11.1.4-h8",
        "PAN-OS 11.1.4-h7",
        "PAN-OS 11.1.4-h6",
        "PAN-OS 11.1.4-h5",
        "PAN-OS 11.1.4-h4",
        "PAN-OS 11.1.4-h3",
        "PAN-OS 11.1.4-h2",
        "PAN-OS 11.1.4-h1",
        "PAN-OS 11.1.4",
        "PAN-OS 11.1.3-h13",
        "PAN-OS 11.1.3-h12",
        "PAN-OS 11.1.3-h11",
        "PAN-OS 11.1.3-h10",
        "PAN-OS 11.1.3-h9",
        "PAN-OS 11.1.3-h8",
        "PAN-OS 11.1.3-h7",
        "PAN-OS 11.1.3-h6",
        "PAN-OS 11.1.3-h5",
        "PAN-OS 11.1.3-h4",
        "PAN-OS 11.1.3-h3",
        "PAN-OS 11.1.3-h2",
        "PAN-OS 11.1.3-h1",
        "PAN-OS 11.1.3",
        "PAN-OS 11.1.2-h18",
        "PAN-OS 11.1.2-h17",
        "PAN-OS 11.1.2-h16",
        "PAN-OS 11.1.2-h15",
        "PAN-OS 11.1.2-h14",
        "PAN-OS 11.1.2-h13",
        "PAN-OS 11.1.2-h12",
        "PAN-OS 11.1.2-h11",
        "PAN-OS 11.1.2-h10",
        "PAN-OS 11.1.2-h9",
        "PAN-OS 11.1.2-h8",
        "PAN-OS 11.1.2-h7",
        "PAN-OS 11.1.2-h6",
        "PAN-OS 11.1.2-h5",
        "PAN-OS 11.1.2-h4",
        "PAN-OS 11.1.2-h3",
        "PAN-OS 11.1.2-h2",
        "PAN-OS 11.1.2-h1",
        "PAN-OS 11.1.2",
        "PAN-OS 11.1.1-h2",
        "PAN-OS 11.1.1-h1",
        "PAN-OS 11.1.1",
        "PAN-OS 11.1.0-h4",
        "PAN-OS 11.1.0-h3",
        "PAN-OS 11.1.0-h2",
        "PAN-OS 11.1.0-h1",
        "PAN-OS 11.1.0",
        "PAN-OS 10.2.18-h1",
        "PAN-OS 10.2.18",
        "PAN-OS 10.2.17",
        "PAN-OS 10.2.16-h6",
        "PAN-OS 10.2.16-h4",
        "PAN-OS 10.2.16-h1",
        "PAN-OS 10.2.16",
        "PAN-OS 10.2.15",
        "PAN-OS 10.2.14-h1",
        "PAN-OS 10.2.14",
        "PAN-OS 10.2.13-h18",
        "PAN-OS 10.2.13-h16",
        "PAN-OS 10.2.13-h15",
        "PAN-OS 10.2.13-h10",
        "PAN-OS 10.2.13-h7",
        "PAN-OS 10.2.13-h5",
        "PAN-OS 10.2.13-h4",
        "PAN-OS 10.2.13-h3",
        "PAN-OS 10.2.13-h2",
        "PAN-OS 10.2.13-h1",
        "PAN-OS 10.2.13",
        "PAN-OS 10.2.12-h6",
        "PAN-OS 10.2.12-h5",
        "PAN-OS 10.2.12-h4",
        "PAN-OS 10.2.12-h3",
        "PAN-OS 10.2.12-h2",
        "PAN-OS 10.2.12-h1",
        "PAN-OS 10.2.12",
        "PAN-OS 10.2.11-h13",
        "PAN-OS 10.2.11-h12",
        "PAN-OS 10.2.11-h11",
        "PAN-OS 10.2.11-h10",
        "PAN-OS 10.2.11-h9",
        "PAN-OS 10.2.11-h8",
        "PAN-OS 10.2.11-h7",
        "PAN-OS 10.2.11-h6",
        "PAN-OS 10.2.11-h5",
        "PAN-OS 10.2.11-h4",
        "PAN-OS 10.2.11-h3",
        "PAN-OS 10.2.11-h2",
        "PAN-OS 10.2.11-h1",
        "PAN-OS 10.2.11",
        "PAN-OS 10.2.10-h31",
        "PAN-OS 10.2.10-h30",
        "PAN-OS 10.2.10-h27",
        "PAN-OS 10.2.10-h26",
        "PAN-OS 10.2.10-h23",
        "PAN-OS 10.2.10-h21",
        "PAN-OS 10.2.10-h18",
        "PAN-OS 10.2.10-h17",
        "PAN-OS 10.2.10-h14",
        "PAN-OS 10.2.10-h13",
        "PAN-OS 10.2.10-h12",
        "PAN-OS 10.2.10-h11",
        "PAN-OS 10.2.10-h10",
        "PAN-OS 10.2.10-h9",
        "PAN-OS 10.2.10-h8",
        "PAN-OS 10.2.10-h7",
        "PAN-OS 10.2.10-h6",
        "PAN-OS 10.2.10-h5",
        "PAN-OS 10.2.10-h4",
        "PAN-OS 10.2.10-h3",
        "PAN-OS 10.2.10-h2",
        "PAN-OS 10.2.10-h1",
        "PAN-OS 10.2.10",
        "PAN-OS 10.2.9-h21",
        "PAN-OS 10.2.9-h20",
        "PAN-OS 10.2.9-h19",
        "PAN-OS 10.2.9-h18",
        "PAN-OS 10.2.9-h17",
        "PAN-OS 10.2.9-h16",
        "PAN-OS 10.2.9-h15",
        "PAN-OS 10.2.9-h14",
        "PAN-OS 10.2.9-h13",
        "PAN-OS 10.2.9-h12",
        "PAN-OS 10.2.9-h11",
        "PAN-OS 10.2.9-h10",
        "PAN-OS 10.2.9-h9",
        "PAN-OS 10.2.9-h8",
        "PAN-OS 10.2.9-h7",
        "PAN-OS 10.2.9-h6",
        "PAN-OS 10.2.9-h5",
        "PAN-OS 10.2.9-h4",
        "PAN-OS 10.2.9-h3",
        "PAN-OS 10.2.9-h2",
        "PAN-OS 10.2.9-h1",
        "PAN-OS 10.2.9",
        "PAN-OS 10.2.8-h21",
        "PAN-OS 10.2.8-h20",
        "PAN-OS 10.2.8-h19",
        "PAN-OS 10.2.8-h18",
        "PAN-OS 10.2.8-h17",
        "PAN-OS 10.2.8-h16",
        "PAN-OS 10.2.8-h15",
        "PAN-OS 10.2.8-h14",
        "PAN-OS 10.2.8-h13",
        "PAN-OS 10.2.8-h12",
        "PAN-OS 10.2.8-h11",
        "PAN-OS 10.2.8-h10",
        "PAN-OS 10.2.8-h9",
        "PAN-OS 10.2.8-h8",
        "PAN-OS 10.2.8-h7",
        "PAN-OS 10.2.8-h6",
        "PAN-OS 10.2.8-h5",
        "PAN-OS 10.2.8-h4",
        "PAN-OS 10.2.8-h3",
        "PAN-OS 10.2.8-h2",
        "PAN-OS 10.2.8-h1",
        "PAN-OS 10.2.8",
        "PAN-OS 10.2.7-h32",
        "PAN-OS 10.2.7-h24",
        "PAN-OS 10.2.7-h23",
        "PAN-OS 10.2.7-h22",
        "PAN-OS 10.2.7-h21",
        "PAN-OS 10.2.7-h20",
        "PAN-OS 10.2.7-h19",
        "PAN-OS 10.2.7-h18",
        "PAN-OS 10.2.7-h17",
        "PAN-OS 10.2.7-h16",
        "PAN-OS 10.2.7-h15",
        "PAN-OS 10.2.7-h14",
        "PAN-OS 10.2.7-h13",
        "PAN-OS 10.2.7-h12",
        "PAN-OS 10.2.7-h11",
        "PAN-OS 10.2.7-h10",
        "PAN-OS 10.2.7-h9",
        "PAN-OS 10.2.7-h8",
        "PAN-OS 10.2.7-h7",
        "PAN-OS 10.2.7-h6",
        "PAN-OS 10.2.7-h5",
        "PAN-OS 10.2.7-h4",
        "PAN-OS 10.2.7-h3",
        "PAN-OS 10.2.7-h2",
        "PAN-OS 10.2.7-h1",
        "PAN-OS 10.2.7",
        "PAN-OS 10.2.6-h6",
        "PAN-OS 10.2.6-h5",
        "PAN-OS 10.2.6-h4",
        "PAN-OS 10.2.6-h3",
        "PAN-OS 10.2.6-h2",
        "PAN-OS 10.2.6-h1",
        "PAN-OS 10.2.6",
        "PAN-OS 10.2.5-h9",
        "PAN-OS 10.2.5-h8",
        "PAN-OS 10.2.5-h7",
        "PAN-OS 10.2.5-h6",
        "PAN-OS 10.2.5-h5",
        "PAN-OS 10.2.5-h4",
        "PAN-OS 10.2.5-h3",
        "PAN-OS 10.2.5-h2",
        "PAN-OS 10.2.5-h1",
        "PAN-OS 10.2.5",
        "PAN-OS 10.2.4-h32",
        "PAN-OS 10.2.4-h31",
        "PAN-OS 10.2.4-h30",
        "PAN-OS 10.2.4-h29",
        "PAN-OS 10.2.4-h28",
        "PAN-OS 10.2.4-h27",
        "PAN-OS 10.2.4-h26",
        "PAN-OS 10.2.4-h25",
        "PAN-OS 10.2.4-h24",
        "PAN-OS 10.2.4-h23",
        "PAN-OS 10.2.4-h22",
        "PAN-OS 10.2.4-h21",
        "PAN-OS 10.2.4-h20",
        "PAN-OS 10.2.4-h19",
        "PAN-OS 10.2.4-h18",
        "PAN-OS 10.2.4-h17",
        "PAN-OS 10.2.4-h16",
        "PAN-OS 10.2.4-h15",
        "PAN-OS 10.2.4-h14",
        "PAN-OS 10.2.4-h13",
        "PAN-OS 10.2.4-h12",
        "PAN-OS 10.2.4-h11",
        "PAN-OS 10.2.4-h10",
        "PAN-OS 10.2.4-h9",
        "PAN-OS 10.2.4-h8",
        "PAN-OS 10.2.4-h7",
        "PAN-OS 10.2.4-h6",
        "PAN-OS 10.2.4-h5",
        "PAN-OS 10.2.4-h4",
        "PAN-OS 10.2.4-h3",
        "PAN-OS 10.2.4-h2",
        "PAN-OS 10.2.4-h1",
        "PAN-OS 10.2.4",
        "PAN-OS 10.2.3-h14",
        "PAN-OS 10.2.3-h13",
        "PAN-OS 10.2.3-h12",
        "PAN-OS 10.2.3-h11",
        "PAN-OS 10.2.3-h10",
        "PAN-OS 10.2.3-h9",
        "PAN-OS 10.2.3-h8",
        "PAN-OS 10.2.3-h7",
        "PAN-OS 10.2.3-h6",
        "PAN-OS 10.2.3-h5",
        "PAN-OS 10.2.3-h4",
        "PAN-OS 10.2.3-h3",
        "PAN-OS 10.2.3-h2",
        "PAN-OS 10.2.3-h1",
        "PAN-OS 10.2.3",
        "PAN-OS 10.2.2-h6",
        "PAN-OS 10.2.2-h5",
        "PAN-OS 10.2.2-h4",
        "PAN-OS 10.2.2-h3",
        "PAN-OS 10.2.2-h2",
        "PAN-OS 10.2.2-h1",
        "PAN-OS 10.2.2",
        "PAN-OS 10.2.1-h3",
        "PAN-OS 10.2.1-h2",
        "PAN-OS 10.2.1-h1",
        "PAN-OS 10.2.1",
        "PAN-OS 10.2.0-h4",
        "PAN-OS 10.2.0-h3",
        "PAN-OS 10.2.0-h2",
        "PAN-OS 10.2.0-h1",
        "PAN-OS 10.2.0"
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
    "assignerShortName": "palo_alto",
    "cveId": "CVE-2026-0300",
    "datePublished": "2026-05-06T18:57:39.876Z",
    "dateReserved": "2025-11-03T20:44:58.173Z",
    "dateUpdated": "2026-07-14T12:45:19.808Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Mitigation MIT-3
Requirements

Strategy: Language Selection

  • Use a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
  • For example, many languages that perform their own memory management, such as Java and Perl, are not subject to buffer overflows. Other languages, such as Ada and C#, typically provide overflow protection, but the protection can be disabled by the programmer.
  • Be wary that a language's interface to native code may still be subject to overflows, even if the language itself is theoretically safe.
Mitigation MIT-4.1
Architecture and Design

Strategy: Libraries or Frameworks

  • Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
  • Examples include the Safe C String Library (SafeStr) by Messier and Viega [REF-57], and the Strsafe.h library from Microsoft [REF-56]. These libraries provide safer versions of overflow-prone string-handling functions.
Mitigation MIT-10
Operation Build and Compilation

Strategy: Environment Hardening

  • Use automatic buffer overflow detection mechanisms that are offered by certain compilers or compiler extensions. Examples include: the Microsoft Visual Studio /GS flag, Fedora/Red Hat FORTIFY_SOURCE GCC flag, StackGuard, and ProPolice, which provide various mechanisms including canary-based detection and range/index checking.
  • D3-SFCV (Stack Frame Canary Validation) from D3FEND [REF-1334] discusses canary-based detection in detail.
Mitigation MIT-9
Implementation
  • Consider adhering to the following rules when allocating and managing an application's memory:
  • Double check that the buffer is as large as specified.
  • When using functions that accept a number of bytes to copy, such as strncpy(), be aware that if the destination buffer size is equal to the source buffer size, it may not NULL-terminate the string.
  • Check buffer boundaries if accessing the buffer in a loop and make sure there is no danger of writing past the allocated space.
  • If necessary, truncate all input strings to a reasonable length before passing them to the copy and concatenation functions.
Mitigation MIT-11
Operation Build and Compilation

Strategy: Environment Hardening

  • Run or compile the software using features or extensions that randomly arrange the positions of a program's executable and libraries in memory. Because this makes the addresses unpredictable, it can prevent an attacker from reliably jumping to exploitable code.
  • Examples include Address Space Layout Randomization (ASLR) [REF-58] [REF-60] and Position-Independent Executables (PIE) [REF-64]. Imported modules may be similarly realigned if their default memory addresses conflict with other modules, in a process known as "rebasing" (for Windows) and "prelinking" (for Linux) [REF-1332] using randomly generated addresses. ASLR for libraries cannot be used in conjunction with prelink since it would require relocating the libraries at run-time, defeating the whole purpose of prelinking.
  • For more information on these techniques see D3-SAOR (Segment Address Offset Randomization) from D3FEND [REF-1335].
Mitigation MIT-12
Operation

Strategy: Environment Hardening

  • Use a CPU and operating system that offers Data Execution Protection (using hardware NX or XD bits) or the equivalent techniques that simulate this feature in software, such as PaX [REF-60] [REF-61]. These techniques ensure that any instruction executed is exclusively at a memory address that is part of the code segment.
  • For more information on these techniques see D3-PSEP (Process Segment Execution Prevention) from D3FEND [REF-1336].
Mitigation MIT-13
Implementation

Replace unbounded copy functions with analogous functions that support length arguments, such as strcpy with strncpy. Create these if they are not available.

No CAPEC attack patterns related to this CWE.