Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    747 vulnerabilities by Palo Alto Networks

    CVE-2026-0278 (GCVE-0-2026-0278)

    Vulnerability from nvd – Published: 2026-07-09 19:12 – Updated: 2026-07-09 19:12
    VLAI
    Title
    Prisma Access Agent: Multiple DLP Policy Bypass Vulnerabilities on Windows
    Summary
    Multiple protection mechanism failures in the Prisma Access Agent Data Loss Prevention (DLP) component for Windows allow a local user to bypass DLP policy enforcement controls. The Prisma Access Agent on macOS is not affected.
    CWE
    • CWE-693 - Protection Mechanism Failure
    Assigner
    References
    Impacted products
    Date Public
    2026-07-08 16:00
    Credits
    Daniel Cuthbert and Vladislav Ovitchinikov from Banco Santander
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Prisma Access Agent",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "26.2.1",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "26.2.1",
                  "status": "affected",
                  "version": "24.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "macOS"
              ],
              "product": "Prisma Access Agent",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "configurations": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "No special configuration is required to be affected by this issue."
                }
              ],
              "value": "No special configuration is required to be affected by this issue."
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:palo_alto_networks:prisma_access_agent:*:*:windows:*:*:*:*:*",
                      "versionEndExcluding": "26.2.1",
                      "versionStartIncluding": "24.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:palo_alto_networks:prisma_access_agent:all:*:macos:*:*:*:*:*",
                      "vulnerable": false
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Daniel Cuthbert and Vladislav Ovitchinikov from Banco Santander"
            }
          ],
          "datePublic": "2026-07-08T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003e\u003cspan\u003eMultiple protection mechanism failures in the Prisma Access Agent Data Loss Prevention (DLP) component for Windows allow a local user to bypass DLP policy enforcement controls.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan\u003eThe Prisma Access Agent on macOS is not affected.\u003c/span\u003e\u003c/p\u003e"
                }
              ],
              "value": "Multiple protection mechanism failures in the Prisma Access Agent Data Loss Prevention (DLP) component for Windows allow a local user to bypass DLP policy enforcement controls.\n\n\n\nThe Prisma Access Agent on macOS is not affected."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
                }
              ],
              "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-212",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-212 Functionality Misuse"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NO",
                "Recovery": "AUTOMATIC",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 5.8,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "UNREPORTED",
                "privilegesRequired": "LOW",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "CONCENTRATED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/AU:N/R:A/V:C/RE:H/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "HIGH"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-693",
                  "description": "CWE-693 Protection Mechanism Failure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T19:12:11.045Z",
            "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
            "shortName": "palo_alto"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.paloaltonetworks.com/CVE-2026-0278"
            }
          ],
          "solutions": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003ctable\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eVersion\u003cbr\u003e\u003c/th\u003e\u003cth\u003eMinor Version\u003cbr\u003e\u003c/th\u003e\u003cth\u003eSuggested Solution\u003cbr\u003e\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\n                                    \u003ctd\u003ePrisma Access Agent   on Windows\u003cbr\u003e\u003c/td\u003e\n                                    \u003ctd\u003e24.0 through 26.2\u003c/td\u003e\n                                    \u003ctd\u003eUpgrade to 26.2.1 or later.\u003c/td\u003e\n                                \u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePrisma Access Agent on macOS\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e"
                }
              ],
              "value": "Version\nMinor Version\nSuggested Solution\n\n                                    Prisma Access Agent   on Windows\n\n                                    24.0 through 26.2\n                                    Upgrade to 26.2.1 or later.\n                                Prisma Access Agent on macOS\nNo action needed."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-08T16:00:00.000Z",
              "value": "Initial Publication"
            }
          ],
          "title": "Prisma Access Agent: Multiple DLP Policy Bypass Vulnerabilities on Windows",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "No known workarounds exist for this issue."
                }
              ],
              "value": "No known workarounds exist for this issue."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "assignerShortName": "palo_alto",
        "cveId": "CVE-2026-0278",
        "datePublished": "2026-07-09T19:12:11.045Z",
        "dateReserved": "2025-11-03T20:44:37.292Z",
        "dateUpdated": "2026-07-09T19:12:11.045Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0277 (GCVE-0-2026-0277)

    Vulnerability from nvd – Published: 2026-07-09 19:14 – Updated: 2026-07-09 19:14
    VLAI
    Title
    Prisma Access Agent: Improper Certificate Validation on iOS
    Summary
    An improper certificate validation vulnerability in the Prisma® Access Agent for iOS enables an attacker to perform a man-in-the-middle (MitM) attack to intercept VPN traffic. The Prisma Access Agent on Windows, macOS, Linux, Android and ChromeOS are not affected.
    CWE
    • CWE-295 - Improper Certificate Validation
    Assigner
    References
    Impacted products
    Date Public
    2026-07-08 16:00
    Credits
    our internal security research teams
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "iOS"
              ],
              "product": "Prisma Access Agent",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "26.2.1",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "26.2.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux",
                "Windows",
                "macOS",
                "Android",
                "ChromeOS"
              ],
              "product": "Prisma Access Agent",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "configurations": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "No special configuration is required to be affected by this issue."
                }
              ],
              "value": "No special configuration is required to be affected by this issue."
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:palo_alto_networks:prisma_access_agent:*:*:*:*:*:iOS:*:*",
                      "versionEndExcluding": "26.2.1",
                      "versionStartIncluding": "25.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "our internal security research teams"
            }
          ],
          "datePublic": "2026-07-08T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An improper certificate validation vulnerability in the Prisma\u00ae Access Agent for iOS enables an attacker to perform a man-in-the-middle (MitM) attack to intercept VPN traffic. \u003cbr\u003e\u003cbr\u003eThe Prisma Access Agent on Windows, macOS, Linux, Android and ChromeOS are not affected."
                }
              ],
              "value": "An improper certificate validation vulnerability in the Prisma\u00ae Access Agent for iOS enables an attacker to perform a man-in-the-middle (MitM) attack to intercept VPN traffic. \n\nThe Prisma Access Agent on Windows, macOS, Linux, Android and ChromeOS are not affected."
            }
          ],
          "exploits": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
                }
              ],
              "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-94",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-94 Adversary in the Middle (AiTM)"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NO",
                "Recovery": "USER",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "ADJACENT",
                "baseScore": 5.7,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "UNREPORTED",
                "privilegesRequired": "NONE",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "PASSIVE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-295",
                  "description": "CWE-295 Improper Certificate Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T19:14:50.806Z",
            "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
            "shortName": "palo_alto"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.paloaltonetworks.com/CVE-2026-0277"
            }
          ],
          "solutions": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003ctable\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eVersion\u003cbr\u003e\u003c/th\u003e\u003cth\u003eMinor Version\u003cbr\u003e\u003c/th\u003e\u003cth\u003eSuggested Solution\u003cbr\u003e\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\n                                    \u003ctd\u003ePrisma Access Agent on iOS\u003cbr\u003e\u003c/td\u003e\n                                    \u003ctd\u003e25.0 through 26.2\u003c/td\u003e\n                                    \u003ctd\u003eUpgrade to 26.2.1 or later.\u003c/td\u003e\n                                \u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePrisma Access Agent on Linux\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePrisma Access Agent on Windows\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePrisma Access Agent on macOS\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePrisma Access Agent on Android\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePrisma Access Agent on ChromeOS\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e"
                }
              ],
              "value": "Version\nMinor Version\nSuggested Solution\n\n                                    Prisma Access Agent on iOS\n\n                                    25.0 through 26.2\n                                    Upgrade to 26.2.1 or later.\n                                Prisma Access Agent on Linux\nNo action needed.Prisma Access Agent on Windows\nNo action needed.Prisma Access Agent on macOS\nNo action needed.Prisma Access Agent on Android\nNo action needed.Prisma Access Agent on ChromeOS\nNo action needed."
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-08T16:00:00.000Z",
              "value": "Initial Publication"
            }
          ],
          "title": "Prisma Access Agent: Improper Certificate Validation on iOS",
          "workarounds": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "No known workarounds exist for this issue."
                }
              ],
              "value": "No known workarounds exist for this issue."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "assignerShortName": "palo_alto",
        "cveId": "CVE-2026-0277",
        "datePublished": "2026-07-09T19:14:50.806Z",
        "dateReserved": "2025-11-03T20:44:36.317Z",
        "dateUpdated": "2026-07-09T19:14:50.806Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0276 (GCVE-0-2026-0276)

    Vulnerability from nvd – Published: 2026-07-09 19:17 – Updated: 2026-07-09 19:17
    VLAI
    Title
    Cortex XDR Broker VM: Privilege Escalation (PE) Vulnerability
    Summary
    A privilege escalation vulnerability in Palo Alto Networks Cortex® XDR Broker VM enables a locally authenticated user to perform actions as the root user.
    CWE
    • CWE-269 - — Improper Privilege Management
    Assigner
    References
    Impacted products
    Vendor Product Version
    Palo Alto Networks Cortex XDR Broker VM Affected: 20.0.96 , < 31.0.58 (custom)
    Create a notification for this product.
    Date Public
    2026-07-08 16:00
    Credits
    Palo Alto Networks thanks Martin Rougeron for discovering and reporting this issue
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Cortex XDR Broker VM",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "31.0.58",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "31.0.58",
                  "status": "affected",
                  "version": "20.0.96",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "configurations": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003e\u003cspan\u003eNo special configuration is required to be affected by this issue.\u003c/span\u003e\u003cbr\u003e\u003c/p\u003e"
                }
              ],
              "value": "No special configuration is required to be affected by this issue."
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:palo_alto_networks:cortex_xdr_broker_vm:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "31.0.58",
                      "versionStartIncluding": "20.0.96",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Palo Alto Networks thanks Martin Rougeron for discovering and reporting this issue"
            }
          ],
          "datePublic": "2026-07-08T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A privilege escalation vulnerability in Palo Alto Networks Cortex\u00ae XDR Broker VM enables a locally authenticated user to perform actions as the root user."
                }
              ],
              "value": "A privilege escalation vulnerability in Palo Alto Networks Cortex\u00ae XDR Broker VM enables a locally authenticated user to perform actions as the root user."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
                }
              ],
              "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-233",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-233 Privilege Escalation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NO",
                "Recovery": "USER",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 1.1,
                "baseSeverity": "LOW",
                "exploitMaturity": "UNREPORTED",
                "privilegesRequired": "LOW",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-269",
                  "description": "CWE-269 \u2014 Improper Privilege Management",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T19:17:01.145Z",
            "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
            "shortName": "palo_alto"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.paloaltonetworks.com/CVE-2026-0276"
            }
          ],
          "solutions": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eThis issue is fixed in Cortex XDR Broker VM 31.0.58, and all later Cortex XDR Broker VM versions.\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003eIf automatic upgrades are enabled for Broker VM, then no action is required at this time.\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003eIf automatic upgrades are not enabled for Broker VM, then we recommend that you do so to ensure that you always have the latest security patches installed in your software.\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"
                }
              ],
              "value": "This issue is fixed in Cortex XDR Broker VM 31.0.58, and all later Cortex XDR Broker VM versions.\n\n  *  \n\nIf automatic upgrades are enabled for Broker VM, then no action is required at this time.\n\n\n\n\n  *  \n\nIf automatic upgrades are not enabled for Broker VM, then we recommend that you do so to ensure that you always have the latest security patches installed in your software."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-08T16:00:00.000Z",
              "value": "Initial publication."
            }
          ],
          "title": "Cortex XDR Broker VM: Privilege Escalation (PE) Vulnerability",
          "workarounds": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "No known workarounds exist for this issue."
                }
              ],
              "value": "No known workarounds exist for this issue."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "assignerShortName": "palo_alto",
        "cveId": "CVE-2026-0276",
        "datePublished": "2026-07-09T19:17:01.145Z",
        "dateReserved": "2025-11-03T20:44:35.481Z",
        "dateUpdated": "2026-07-09T19:17:01.145Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0275 (GCVE-0-2026-0275)

    Vulnerability from nvd – Published: 2026-07-09 19:19 – Updated: 2026-07-09 19:19
    VLAI
    Title
    Prisma Browser: Local Privilege Escalation on macOS
    Summary
    A local privilege escalation vulnerability in Palo Alto Networks Prisma® Browser allows a locally authenticated administrator with access to the macOS local filesystem to perform actions on the device with root privileges. This issue only affects Prisma® Browser on macOS.
    CWE
    • CWE-269 - Improper Privilege Management
    Assigner
    References
    Impacted products
    Vendor Product Version
    Palo Alto Networks Prisma Browser Affected: 150.33.2.0 , < 150.33.2.46 (custom)
    Create a notification for this product.
    Date Public
    2026-07-08 16:00
    Credits
    Palo Alto Networks thanks Kun Peeks (@SwayZGl1tZyyy) for discovering and reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "macOS"
              ],
              "product": "Prisma Browser",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "150.33.2.46",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "150.33.2.46",
                  "status": "affected",
                  "version": "150.33.2.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "configurations": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "No special configuration is required to be affected by this issue."
                }
              ],
              "value": "No special configuration is required to be affected by this issue."
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:palo_alto_networks:prisma_browser:*:*:macos:*:*:*:*:*",
                      "versionEndExcluding": "150.33.2.46",
                      "versionStartIncluding": "150.33.2.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "other",
              "value": "Palo Alto Networks thanks Kun Peeks (@SwayZGl1tZyyy) for discovering and reporting this issue."
            }
          ],
          "datePublic": "2026-07-08T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A local privilege escalation vulnerability in Palo Alto Networks Prisma\u00ae Browser allows a locally authenticated administrator with access to the macOS local filesystem to perform actions on the device with root privileges. \u003cbr\u003e\u003cbr\u003eThis issue only affects Prisma\u00ae Browser on macOS."
                }
              ],
              "value": "A local privilege escalation vulnerability in Palo Alto Networks Prisma\u00ae Browser allows a locally authenticated administrator with access to the macOS local filesystem to perform actions on the device with root privileges. \n\nThis issue only affects Prisma\u00ae Browser on macOS."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003ePalo Alto Networks is not aware of any malicious exploitation of this issue.\u003c/p\u003e"
                }
              ],
              "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-233",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-233 Privilege Escalation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NO",
                "Recovery": "USER",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 2,
                "baseSeverity": "LOW",
                "exploitMaturity": "UNREPORTED",
                "privilegesRequired": "HIGH",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-269",
                  "description": "CWE-269 Improper Privilege Management",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T19:19:24.198Z",
            "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
            "shortName": "palo_alto"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.paloaltonetworks.com/CVE-2026-0275"
            }
          ],
          "solutions": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003ctable\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eVersion\u003c/th\u003e\u003cth\u003eSuggested Solution\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003ePrisma Browser\u003c/td\u003e\u003ctd\u003eUpgrade to 150.33.2.46\u0026nbsp;or later.\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e"
                }
              ],
              "value": "VersionSuggested SolutionPrisma BrowserUpgrade to 150.33.2.46\u00a0or later."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-08T16:00:00.000Z",
              "value": "Initial publication."
            }
          ],
          "title": "Prisma Browser: Local Privilege Escalation on macOS",
          "workarounds": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "No known workarounds exist for this issue."
                }
              ],
              "value": "No known workarounds exist for this issue."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "assignerShortName": "palo_alto",
        "cveId": "CVE-2026-0275",
        "datePublished": "2026-07-09T19:19:24.198Z",
        "dateReserved": "2025-11-03T20:44:34.621Z",
        "dateUpdated": "2026-07-09T19:19:24.198Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0287 (GCVE-0-2026-0287)

    Vulnerability from nvd – Published: 2026-07-09 18:51 – Updated: 2026-07-09 19:26
    VLAI
    Title
    PAN-OS: Denial of Service Vulnerabilities in Network Traffic Processing
    Summary
    Multiple denial of service vulnerabilities in Palo Alto Networks PAN-OS® software allow an unauthenticated attacker with network access to cause a denial of service (DoS) condition by sending specially crafted network traffic to or through a dataplane interface. Repeated attempts to trigger this condition result in the firewall entering maintenance mode. Panorama is not impacted by these vulnerabilities.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-754 - Improper Check for Unusual or Exceptional Conditions
    Assigner
    References
    Impacted products
    Vendor Product Version
    Palo Alto Networks Cloud NGFW Affected: All (custom)
    Create a notification for this product.
    Palo Alto Networks PAN-OS Affected: 12.1.0 , < 12.1.4-h8 (custom)
    Affected: 11.2.0 , < 11.2.4-h20 (custom)
    Affected: 11.1.0 , < 11.1.4-h35 (custom)
    Affected: 10.2.0 , < 10.2.7-h36 (custom)
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.12:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h16:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h13:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.15:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.14:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h28:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h27:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h26:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h25:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h34:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h33:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h32:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h29:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h25:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h23:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h22:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h20:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h19:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h34:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h33:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h32:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h27:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h25:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h13:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h22:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h16:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h37:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h36:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h31:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h30:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h27:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h26:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h23:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h13:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h35:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h34:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h32:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h24:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h23:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h22:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h20:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h19:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h16:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h13:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Palo Alto Networks Prisma Access Affected: 11.2.0 , < 11.2.7-h18 (custom)
    Affected: 10.2.0 , < 10.2.10-h39 (custom)
    Create a notification for this product.
    Date Public
    2026-07-08 16:00
    Credits
    our internal security research teams
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0287",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T19:26:14.381516Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T19:26:20.257Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "platforms": [
                "AWS",
                "Azure"
              ],
              "product": "Cloud NGFW",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "status": "affected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h16:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h13:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h28:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h27:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h26:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h25:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h34:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h33:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h32:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h29:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h25:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h23:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h22:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h20:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h19:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h34:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h33:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h32:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h27:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h25:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h13:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h22:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h16:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h37:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h36:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h31:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h30:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h27:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h26:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h23:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h13:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h35:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h34:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h32:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h24:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h23:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h22:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h20:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h19:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h16:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h13:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "PAN-OS",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "12.1.4-h8",
                      "status": "unaffected"
                    },
                    {
                      "at": "12.1.7-h2",
                      "status": "unaffected"
                    },
                    {
                      "at": "12.1.8",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "12.1.4-h8",
                  "status": "affected",
                  "version": "12.1.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "11.2.4-h20",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.2.7-h18",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.2.10-h12",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.2.13",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "11.2.4-h20",
                  "status": "affected",
                  "version": "11.2.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "11.1.4-h35",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.6-h35",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.7-h8",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.10-h30",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.13-h9",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.16",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "11.1.4-h35",
                  "status": "affected",
                  "version": "11.1.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "10.2.7-h36",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.10-h39",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.13-h23",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.16-h9",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.18-h8",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "10.2.7-h36",
                  "status": "affected",
                  "version": "10.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Prisma Access",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "11.2.7-h18",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "11.2.7-h18",
                  "status": "affected",
                  "version": "11.2.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "10.2.10-h39",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "10.2.10-h39",
                  "status": "affected",
                  "version": "10.2.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "configurations": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "No special configuration is required to be affected by this issue."
                }
              ],
              "value": "No special configuration is required to be affected by this issue."
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:cloud_ngfw:*:*:*:*:*:AWS:*:*",
                      "versionStartIncluding": "all",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:cloud_ngfw:*:*:*:*:*:Azure:*:*",
                      "versionStartIncluding": "all",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "12.1.4-h8",
                      "versionStartIncluding": "12.1.4",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "12.1.7-h2",
                      "versionStartIncluding": "12.1.7",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "12.1.8",
                      "versionStartIncluding": "12.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.2.4-h20",
                      "versionStartIncluding": "11.2.4",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.2.7-h18",
                      "versionStartIncluding": "11.2.7",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.2.10-h12",
                      "versionStartIncluding": "11.2.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.2.13",
                      "versionStartIncluding": "11.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.4-h35",
                      "versionStartIncluding": "11.1.4",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.6-h35",
                      "versionStartIncluding": "11.1.6",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.7-h8",
                      "versionStartIncluding": "11.1.7",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.10-h30",
                      "versionStartIncluding": "11.1.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.13-h9",
                      "versionStartIncluding": "11.1.13",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.16",
                      "versionStartIncluding": "11.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.7-h36",
                      "versionStartIncluding": "10.2.7",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.10-h39",
                      "versionStartIncluding": "10.2.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.13-h23",
                      "versionStartIncluding": "10.2.13",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.16-h9",
                      "versionStartIncluding": "10.2.16",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.18-h8",
                      "versionStartIncluding": "10.2.18",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:prisma_access:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.2.7-h18",
                      "versionStartIncluding": "11.2.7",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:prisma_access:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.10-h39",
                      "versionStartIncluding": "10.2.10",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "our internal security research teams"
            }
          ],
          "datePublic": "2026-07-08T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Multiple denial of service vulnerabilities in Palo Alto Networks PAN-OS\u00ae software allow an unauthenticated attacker with network access to cause a denial of service (DoS) condition by sending specially crafted network traffic to or through a dataplane interface. Repeated attempts to trigger this condition result in the firewall entering maintenance mode.\u003cbr\u003e\u003cbr\u003ePanorama is not impacted by these vulnerabilities."
                }
              ],
              "value": "Multiple denial of service vulnerabilities in Palo Alto Networks PAN-OS\u00ae software allow an unauthenticated attacker with network access to cause a denial of service (DoS) condition by sending specially crafted network traffic to or through a dataplane interface. Repeated attempts to trigger this condition result in the firewall entering maintenance mode.\n\nPanorama is not impacted by these vulnerabilities."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
                }
              ],
              "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-153",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-153 Input Data Manipulation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NO",
                "Recovery": "USER",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.6,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "UNREPORTED",
                "privilegesRequired": "NONE",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "CONCENTRATED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:C/RE:M/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NO",
                "Recovery": "USER",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "ADJACENT",
                "baseScore": 4.6,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "UNREPORTED",
                "privilegesRequired": "LOW",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "CONCENTRATED",
                "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:C/RE:M/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "The risk of exploitation is lower for Prisma Access as it requires an authenticated user and the external network access to the dataplane interface is restricted."
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-754",
                  "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T18:51:42.539Z",
            "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
            "shortName": "palo_alto"
          },
          "references": [
            {
              "name": "https://security.paloaltonetworks.com/CVE-2026-PAN-323400",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.paloaltonetworks.com/CVE-2026-0287"
            }
          ],
          "solutions": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003ctable\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eVersion\u003c/th\u003e\u003cth\u003eMinor Version Range\u003c/th\u003e\u003cth\u003eSuggested Solution\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eCloud NGFW\u003c/td\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003eCustomers who prefer to upgrade can work with Palo Alto Networks support to schedule an on-demand software upgrade.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 12.1\u003c/td\u003e\u003ctd\u003e12.1.5 through 12.1.7-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 12.1.7-h2 or 12.1.8 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e12.1.2 through 12.1.4-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 12.1.4-h8 or 12.1.8 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 11.2\u003c/td\u003e\u003ctd\u003e11.2.11 through 11.2.12\u003c/td\u003e\u003ctd\u003eUpgrade to 11.2.13 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.2.8 through 11.2.10-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.2.10-h12 or 11.2.13 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.2.5 through 11.2.7-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.2.7-h18 or 11.2.13 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.2.0 through 11.2.4-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.2.4-h20 or 11.2.13 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 11.1\u003c/td\u003e\u003ctd\u003e11.1.14 through 11.1.15\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.16 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.1.11 through 11.1.13-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.13-h9 or 11.1.16 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.1.8 through 11.1.10-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.10-h30 or 11.1.16 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.1.7 through 11.1.7-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.7-h8 or 11.1.16 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.1.5 through 11.1.6-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.6-h35 or 11.1.16 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.1.0 through 11.1.4-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.4-h35 or 11.1.16 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 10.2\u003c/td\u003e\u003ctd\u003e10.2.17 through 10.2.18-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 10.2.18-h8 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e10.2.14 through 10.2.16-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 10.2.16-h9 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e10.2.11 through 10.2.13-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 10.2.13-h23 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e10.2.8 through 10.2.10-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 10.2.10-h39 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e10.2.0 through 10.2.7-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 10.2.7-h36 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eAll other older\u003cbr\u003eunsupported\u003cbr\u003ePAN-OS versions\u003c/td\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003eUpgrade to a supported fixed version.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePrisma Access 11.2\u003c/td\u003e\u003ctd\u003e11.2.0 through 11.2.7\u003c/td\u003e\u003ctd\u003eUpgrade to 11.2.7-h18 or later.*\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePrisma Access 10.2\u003c/td\u003e\u003ctd\u003e10.2.0 through 10.2.10\u003c/td\u003e\u003ctd\u003eUpgrade to 10.2.10-h39 or later.*\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cbr\u003e* See the note under Product Status for information regarding Cloud NGFW and Prisma Access upgrades."
                }
              ],
              "value": "VersionMinor Version RangeSuggested SolutionCloud NGFW\nCustomers who prefer to upgrade can work with Palo Alto Networks support to schedule an on-demand software upgrade.PAN-OS 12.112.1.5 through 12.1.7-h*Upgrade to 12.1.7-h2 or 12.1.8 or later.\n12.1.2 through 12.1.4-h*Upgrade to 12.1.4-h8 or 12.1.8 or later.PAN-OS 11.211.2.11 through 11.2.12Upgrade to 11.2.13 or later.\n11.2.8 through 11.2.10-h*Upgrade to 11.2.10-h12 or 11.2.13 or later.\n11.2.5 through 11.2.7-h*Upgrade to 11.2.7-h18 or 11.2.13 or later.\n11.2.0 through 11.2.4-h*Upgrade to 11.2.4-h20 or 11.2.13 or later.PAN-OS 11.111.1.14 through 11.1.15Upgrade to 11.1.16 or later.\n11.1.11 through 11.1.13-h*Upgrade to 11.1.13-h9 or 11.1.16 or later.\n11.1.8 through 11.1.10-h*Upgrade to 11.1.10-h30 or 11.1.16 or later.\n11.1.7 through 11.1.7-h*Upgrade to 11.1.7-h8 or 11.1.16 or later.\n11.1.5 through 11.1.6-h*Upgrade to 11.1.6-h35 or 11.1.16 or later.\n11.1.0 through 11.1.4-h*Upgrade to 11.1.4-h35 or 11.1.16 or later.PAN-OS 10.210.2.17 through 10.2.18-h*Upgrade to 10.2.18-h8 or later.\n10.2.14 through 10.2.16-h*Upgrade to 10.2.16-h9 or later.\n10.2.11 through 10.2.13-h*Upgrade to 10.2.13-h23 or later.\n10.2.8 through 10.2.10-h*Upgrade to 10.2.10-h39 or later.\n10.2.0 through 10.2.7-h*Upgrade to 10.2.7-h36 or later.All other older\nunsupported\nPAN-OS versions\nUpgrade to a supported fixed version.Prisma Access 11.211.2.0 through 11.2.7Upgrade to 11.2.7-h18 or later.*Prisma Access 10.210.2.0 through 10.2.10Upgrade to 10.2.10-h39 or later.*\n* See the note under Product Status for information regarding Cloud NGFW and Prisma Access upgrades."
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-08T16:00:00.000Z",
              "value": "Initial publication"
            }
          ],
          "title": "PAN-OS: Denial of Service Vulnerabilities in Network Traffic Processing",
          "workarounds": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "No known workarounds exist for this issue."
                }
              ],
              "value": "No known workarounds exist for this issue."
            }
          ],
          "x_affectedList": [
            "PAN-OS 12.1.7-h1",
            "PAN-OS 12.1.7",
            "PAN-OS 12.1.6",
            "PAN-OS 12.1.5",
            "PAN-OS 12.1.4-h7",
            "PAN-OS 12.1.4-h6",
            "PAN-OS 12.1.4-h5",
            "PAN-OS 12.1.4-h3",
            "PAN-OS 12.1.4-h2",
            "PAN-OS 12.1.4",
            "PAN-OS 12.1.3-h3",
            "PAN-OS 12.1.3-h1",
            "PAN-OS 12.1.3",
            "PAN-OS 12.1.2",
            "PAN-OS 11.2.12",
            "PAN-OS 11.2.11",
            "PAN-OS 11.2.10-h10",
            "PAN-OS 11.2.10-h9",
            "PAN-OS 11.2.10-h8",
            "PAN-OS 11.2.10-h7",
            "PAN-OS 11.2.10-h6",
            "PAN-OS 11.2.10-h5",
            "PAN-OS 11.2.10-h4",
            "PAN-OS 11.2.10-h3",
            "PAN-OS 11.2.10-h2",
            "PAN-OS 11.2.10-h1",
            "PAN-OS 11.2.10",
            "PAN-OS 11.2.9",
            "PAN-OS 11.2.8",
            "PAN-OS 11.2.7-h17",
            "PAN-OS 11.2.7-h16",
            "PAN-OS 11.2.7-h15",
            "PAN-OS 11.2.7-h14",
            "PAN-OS 11.2.7-h13",
            "PAN-OS 11.2.7-h12",
            "PAN-OS 11.2.7-h11",
            "PAN-OS 11.2.7-h10",
            "PAN-OS 11.2.7-h8",
            "PAN-OS 11.2.7-h7",
            "PAN-OS 11.2.7-h4",
            "PAN-OS 11.2.7-h3",
            "PAN-OS 11.2.7-h2",
            "PAN-OS 11.2.7-h1",
            "PAN-OS 11.2.7",
            "PAN-OS 11.2.6",
            "PAN-OS 11.2.5",
            "PAN-OS 11.2.4-h18",
            "PAN-OS 11.2.4-h17",
            "PAN-OS 11.2.4-h15",
            "PAN-OS 11.2.4-h14",
            "PAN-OS 11.2.4-h12",
            "PAN-OS 11.2.4-h11",
            "PAN-OS 11.2.4-h10",
            "PAN-OS 11.2.4-h9",
            "PAN-OS 11.2.4-h8",
            "PAN-OS 11.2.4-h7",
            "PAN-OS 11.2.4-h6",
            "PAN-OS 11.2.4-h5",
            "PAN-OS 11.2.4-h4",
            "PAN-OS 11.2.4-h3",
            "PAN-OS 11.2.4-h2",
            "PAN-OS 11.2.4-h1",
            "PAN-OS 11.2.4",
            "PAN-OS 11.2.3-h5",
            "PAN-OS 11.2.3-h4",
            "PAN-OS 11.2.3-h3",
            "PAN-OS 11.2.3-h2",
            "PAN-OS 11.2.3-h1",
            "PAN-OS 11.2.3",
            "PAN-OS 11.2.2-h2",
            "PAN-OS 11.2.2-h1",
            "PAN-OS 11.2.1-h1",
            "PAN-OS 11.2.1",
            "PAN-OS 11.2.0-h1",
            "PAN-OS 11.2.0",
            "PAN-OS 11.1.15",
            "PAN-OS 11.1.14",
            "PAN-OS 11.1.13-h8",
            "PAN-OS 11.1.13-h7",
            "PAN-OS 11.1.13-h6",
            "PAN-OS 11.1.13-h5",
            "PAN-OS 11.1.13-h3",
            "PAN-OS 11.1.13-h2",
            "PAN-OS 11.1.13-h1",
            "PAN-OS 11.1.13",
            "PAN-OS 11.1.12",
            "PAN-OS 11.1.11",
            "PAN-OS 11.1.10-h28",
            "PAN-OS 11.1.10-h27",
            "PAN-OS 11.1.10-h26",
            "PAN-OS 11.1.10-h25",
            "PAN-OS 11.1.10-h21",
            "PAN-OS 11.1.10-h12",
            "PAN-OS 11.1.10-h10",
            "PAN-OS 11.1.10-h9",
            "PAN-OS 11.1.10-h7",
            "PAN-OS 11.1.10-h5",
            "PAN-OS 11.1.10-h4",
            "PAN-OS 11.1.10-h1",
            "PAN-OS 11.1.10",
            "PAN-OS 11.1.9",
            "PAN-OS 11.1.8",
            "PAN-OS 11.1.6-h34",
            "PAN-OS 11.1.6-h33",
            "PAN-OS 11.1.6-h32",
            "PAN-OS 11.1.6-h29",
            "PAN-OS 11.1.6-h25",
            "PAN-OS 11.1.6-h23",
            "PAN-OS 11.1.6-h22",
            "PAN-OS 11.1.6-h21",
            "PAN-OS 11.1.6-h20",
            "PAN-OS 11.1.6-h19",
            "PAN-OS 11.1.6-h18",
            "PAN-OS 11.1.6-h17",
            "PAN-OS 11.1.6-h14",
            "PAN-OS 11.1.6-h10",
            "PAN-OS 11.1.6-h7",
            "PAN-OS 11.1.6-h6",
            "PAN-OS 11.1.6-h4",
            "PAN-OS 11.1.6-h3",
            "PAN-OS 11.1.6-h2",
            "PAN-OS 11.1.6-h1",
            "PAN-OS 11.1.6",
            "PAN-OS 11.1.5-h1",
            "PAN-OS 11.1.5",
            "PAN-OS 11.1.4-h34",
            "PAN-OS 11.1.4-h33",
            "PAN-OS 11.1.4-h32",
            "PAN-OS 11.1.4-h27",
            "PAN-OS 11.1.4-h25",
            "PAN-OS 11.1.4-h18",
            "PAN-OS 11.1.4-h17",
            "PAN-OS 11.1.4-h15",
            "PAN-OS 11.1.4-h13",
            "PAN-OS 11.1.4-h12",
            "PAN-OS 11.1.4-h11",
            "PAN-OS 11.1.4-h10",
            "PAN-OS 11.1.4-h9",
            "PAN-OS 11.1.4-h8",
            "PAN-OS 11.1.4-h7",
            "PAN-OS 11.1.4-h6",
            "PAN-OS 11.1.4-h5",
            "PAN-OS 11.1.4-h4",
            "PAN-OS 11.1.4-h3",
            "PAN-OS 11.1.4-h2",
            "PAN-OS 11.1.4-h1",
            "PAN-OS 11.1.4",
            "PAN-OS 11.1.3-h13",
            "PAN-OS 11.1.3-h12",
            "PAN-OS 11.1.3-h11",
            "PAN-OS 11.1.3-h10",
            "PAN-OS 11.1.3-h9",
            "PAN-OS 11.1.3-h8",
            "PAN-OS 11.1.3-h7",
            "PAN-OS 11.1.3-h6",
            "PAN-OS 11.1.3-h5",
            "PAN-OS 11.1.3-h4",
            "PAN-OS 11.1.3-h3",
            "PAN-OS 11.1.3-h2",
            "PAN-OS 11.1.3-h1",
            "PAN-OS 11.1.3",
            "PAN-OS 11.1.2-h18",
            "PAN-OS 11.1.2-h17",
            "PAN-OS 11.1.2-h16",
            "PAN-OS 11.1.2-h15",
            "PAN-OS 11.1.2-h14",
            "PAN-OS 11.1.2-h13",
            "PAN-OS 11.1.2-h12",
            "PAN-OS 11.1.2-h11",
            "PAN-OS 11.1.2-h10",
            "PAN-OS 11.1.2-h9",
            "PAN-OS 11.1.2-h8",
            "PAN-OS 11.1.2-h7",
            "PAN-OS 11.1.2-h6",
            "PAN-OS 11.1.2-h5",
            "PAN-OS 11.1.2-h4",
            "PAN-OS 11.1.2-h3",
            "PAN-OS 11.1.2-h2",
            "PAN-OS 11.1.2-h1",
            "PAN-OS 11.1.2",
            "PAN-OS 11.1.1-h2",
            "PAN-OS 11.1.1-h1",
            "PAN-OS 11.1.1",
            "PAN-OS 11.1.0-h4",
            "PAN-OS 11.1.0-h3",
            "PAN-OS 11.1.0-h2",
            "PAN-OS 11.1.0-h1",
            "PAN-OS 11.1.0",
            "PAN-OS 10.2.18-h7",
            "PAN-OS 10.2.18-h6",
            "PAN-OS 10.2.18-h5",
            "PAN-OS 10.2.18-h1",
            "PAN-OS 10.2.18",
            "PAN-OS 10.2.17",
            "PAN-OS 10.2.16-h8",
            "PAN-OS 10.2.16-h7",
            "PAN-OS 10.2.16-h6",
            "PAN-OS 10.2.16-h4",
            "PAN-OS 10.2.16-h1",
            "PAN-OS 10.2.16",
            "PAN-OS 10.2.15",
            "PAN-OS 10.2.14-h1",
            "PAN-OS 10.2.14",
            "PAN-OS 10.2.13-h22",
            "PAN-OS 10.2.13-h21",
            "PAN-OS 10.2.13-h18",
            "PAN-OS 10.2.13-h16",
            "PAN-OS 10.2.13-h15",
            "PAN-OS 10.2.13-h10",
            "PAN-OS 10.2.13-h7",
            "PAN-OS 10.2.13-h5",
            "PAN-OS 10.2.13-h4",
            "PAN-OS 10.2.13-h3",
            "PAN-OS 10.2.13-h2",
            "PAN-OS 10.2.13-h1",
            "PAN-OS 10.2.13",
            "PAN-OS 10.2.12-h6",
            "PAN-OS 10.2.12-h5",
            "PAN-OS 10.2.12-h4",
            "PAN-OS 10.2.12-h3",
            "PAN-OS 10.2.12-h2",
            "PAN-OS 10.2.12-h1",
            "PAN-OS 10.2.12",
            "PAN-OS 10.2.11-h13",
            "PAN-OS 10.2.11-h12",
            "PAN-OS 10.2.11-h11",
            "PAN-OS 10.2.11-h10",
            "PAN-OS 10.2.11-h9",
            "PAN-OS 10.2.11-h8",
            "PAN-OS 10.2.11-h7",
            "PAN-OS 10.2.11-h6",
            "PAN-OS 10.2.11-h5",
            "PAN-OS 10.2.11-h4",
            "PAN-OS 10.2.11-h3",
            "PAN-OS 10.2.11-h2",
            "PAN-OS 10.2.11-h1",
            "PAN-OS 10.2.11",
            "PAN-OS 10.2.10-h37",
            "PAN-OS 10.2.10-h36",
            "PAN-OS 10.2.10-h31",
            "PAN-OS 10.2.10-h30",
            "PAN-OS 10.2.10-h27",
            "PAN-OS 10.2.10-h26",
            "PAN-OS 10.2.10-h23",
            "PAN-OS 10.2.10-h21",
            "PAN-OS 10.2.10-h18",
            "PAN-OS 10.2.10-h17",
            "PAN-OS 10.2.10-h14",
            "PAN-OS 10.2.10-h13",
            "PAN-OS 10.2.10-h12",
            "PAN-OS 10.2.10-h11",
            "PAN-OS 10.2.10-h10",
            "PAN-OS 10.2.10-h9",
            "PAN-OS 10.2.10-h8",
            "PAN-OS 10.2.10-h7",
            "PAN-OS 10.2.10-h6",
            "PAN-OS 10.2.10-h5",
            "PAN-OS 10.2.10-h4",
            "PAN-OS 10.2.10-h3",
            "PAN-OS 10.2.10-h2",
            "PAN-OS 10.2.10-h1",
            "PAN-OS 10.2.10",
            "PAN-OS 10.2.9-h21",
            "PAN-OS 10.2.9-h20",
            "PAN-OS 10.2.9-h19",
            "PAN-OS 10.2.9-h18",
            "PAN-OS 10.2.9-h17",
            "PAN-OS 10.2.9-h16",
            "PAN-OS 10.2.9-h15",
            "PAN-OS 10.2.9-h14",
            "PAN-OS 10.2.9-h13",
            "PAN-OS 10.2.9-h12",
            "PAN-OS 10.2.9-h11",
            "PAN-OS 10.2.9-h10",
            "PAN-OS 10.2.9-h9",
            "PAN-OS 10.2.9-h8",
            "PAN-OS 10.2.9-h7",
            "PAN-OS 10.2.9-h6",
            "PAN-OS 10.2.9-h5",
            "PAN-OS 10.2.9-h4",
            "PAN-OS 10.2.9-h3",
            "PAN-OS 10.2.9-h2",
            "PAN-OS 10.2.9-h1",
            "PAN-OS 10.2.9",
            "PAN-OS 10.2.8-h21",
            "PAN-OS 10.2.8-h20",
            "PAN-OS 10.2.8-h19",
            "PAN-OS 10.2.8-h18",
            "PAN-OS 10.2.8-h17",
            "PAN-OS 10.2.8-h16",
            "PAN-OS 10.2.8-h15",
            "PAN-OS 10.2.8-h14",
            "PAN-OS 10.2.8-h13",
            "PAN-OS 10.2.8-h12",
            "PAN-OS 10.2.8-h11",
            "PAN-OS 10.2.8-h10",
            "PAN-OS 10.2.8-h9",
            "PAN-OS 10.2.8-h8",
            "PAN-OS 10.2.8-h7",
            "PAN-OS 10.2.8-h6",
            "PAN-OS 10.2.8-h5",
            "PAN-OS 10.2.8-h4",
            "PAN-OS 10.2.8-h3",
            "PAN-OS 10.2.8-h2",
            "PAN-OS 10.2.8-h1",
            "PAN-OS 10.2.8",
            "PAN-OS 10.2.7-h35",
            "PAN-OS 10.2.7-h34",
            "PAN-OS 10.2.7-h32",
            "PAN-OS 10.2.7-h24",
            "PAN-OS 10.2.7-h23",
            "PAN-OS 10.2.7-h22",
            "PAN-OS 10.2.7-h21",
            "PAN-OS 10.2.7-h20",
            "PAN-OS 10.2.7-h19",
            "PAN-OS 10.2.7-h18",
            "PAN-OS 10.2.7-h17",
            "PAN-OS 10.2.7-h16",
            "PAN-OS 10.2.7-h15",
            "PAN-OS 10.2.7-h14",
            "PAN-OS 10.2.7-h13",
            "PAN-OS 10.2.7-h12",
            "PAN-OS 10.2.7-h11",
            "PAN-OS 10.2.7-h10",
            "PAN-OS 10.2.7-h9",
            "PAN-OS 10.2.7-h8",
            "PAN-OS 10.2.7-h7",
            "PAN-OS 10.2.7-h6",
            "PAN-OS 10.2.7-h5",
            "PAN-OS 10.2.7-h4",
            "PAN-OS 10.2.7-h3",
            "PAN-OS 10.2.7-h2",
            "PAN-OS 10.2.7-h1",
            "PAN-OS 10.2.7",
            "PAN-OS 10.2.6-h6",
            "PAN-OS 10.2.6-h5",
            "PAN-OS 10.2.6-h4",
            "PAN-OS 10.2.6-h3",
            "PAN-OS 10.2.6-h2",
            "PAN-OS 10.2.6-h1",
            "PAN-OS 10.2.6",
            "PAN-OS 10.2.5-h9",
            "PAN-OS 10.2.5-h8",
            "PAN-OS 10.2.5-h7",
            "PAN-OS 10.2.5-h6",
            "PAN-OS 10.2.5-h5",
            "PAN-OS 10.2.5-h4",
            "PAN-OS 10.2.5-h3",
            "PAN-OS 10.2.5-h2",
            "PAN-OS 10.2.5-h1",
            "PAN-OS 10.2.5",
            "PAN-OS 10.2.4-h32",
            "PAN-OS 10.2.4-h31",
            "PAN-OS 10.2.4-h30",
            "PAN-OS 10.2.4-h29",
            "PAN-OS 10.2.4-h28",
            "PAN-OS 10.2.4-h27",
            "PAN-OS 10.2.4-h26",
            "PAN-OS 10.2.4-h25",
            "PAN-OS 10.2.4-h24",
            "PAN-OS 10.2.4-h23",
            "PAN-OS 10.2.4-h22",
            "PAN-OS 10.2.4-h21",
            "PAN-OS 10.2.4-h20",
            "PAN-OS 10.2.4-h19",
            "PAN-OS 10.2.4-h18",
            "PAN-OS 10.2.4-h17",
            "PAN-OS 10.2.4-h16",
            "PAN-OS 10.2.4-h15",
            "PAN-OS 10.2.4-h14",
            "PAN-OS 10.2.4-h13",
            "PAN-OS 10.2.4-h12",
            "PAN-OS 10.2.4-h11",
            "PAN-OS 10.2.4-h10",
            "PAN-OS 10.2.4-h9",
            "PAN-OS 10.2.4-h8",
            "PAN-OS 10.2.4-h7",
            "PAN-OS 10.2.4-h6",
            "PAN-OS 10.2.4-h5",
            "PAN-OS 10.2.4-h4",
            "PAN-OS 10.2.4-h3",
            "PAN-OS 10.2.4-h2",
            "PAN-OS 10.2.4-h1",
            "PAN-OS 10.2.4",
            "PAN-OS 10.2.3-h14",
            "PAN-OS 10.2.3-h13",
            "PAN-OS 10.2.3-h12",
            "PAN-OS 10.2.3-h11",
            "PAN-OS 10.2.3-h10",
            "PAN-OS 10.2.3-h9",
            "PAN-OS 10.2.3-h8",
            "PAN-OS 10.2.3-h7",
            "PAN-OS 10.2.3-h6",
            "PAN-OS 10.2.3-h5",
            "PAN-OS 10.2.3-h4",
            "PAN-OS 10.2.3-h3",
            "PAN-OS 10.2.3-h2",
            "PAN-OS 10.2.3-h1",
            "PAN-OS 10.2.3",
            "PAN-OS 10.2.2-h6",
            "PAN-OS 10.2.2-h5",
            "PAN-OS 10.2.2-h4",
            "PAN-OS 10.2.2-h3",
            "PAN-OS 10.2.2-h2",
            "PAN-OS 10.2.2-h1",
            "PAN-OS 10.2.2",
            "PAN-OS 10.2.1-h3",
            "PAN-OS 10.2.1-h2",
            "PAN-OS 10.2.1-h1",
            "PAN-OS 10.2.1",
            "PAN-OS 10.2.0-h4",
            "PAN-OS 10.2.0-h3",
            "PAN-OS 10.2.0-h2",
            "PAN-OS 10.2.0-h1",
            "PAN-OS 10.2.0"
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "assignerShortName": "palo_alto",
        "cveId": "CVE-2026-0287",
        "datePublished": "2026-07-09T18:51:42.539Z",
        "dateReserved": "2025-11-03T20:44:45.634Z",
        "dateUpdated": "2026-07-09T19:26:20.257Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0286 (GCVE-0-2026-0286)

    Vulnerability from nvd – Published: 2026-07-09 18:56 – Updated: 2026-07-09 19:26
    VLAI
    Title
    PAN-OS: Authenticated Command Injection in CLI
    Summary
    A command injection vulnerability in the management plane of Palo Alto Networks PAN-OS® software enables an authenticated administrator to execute arbitrary OS commands as root. The security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators. This issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series). Cloud NGFW and Prisma Access® are not impacted by this vulnerability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Palo Alto Networks Cloud NGFW Unaffected: All (custom)
    Create a notification for this product.
    Palo Alto Networks PAN-OS Affected: 12.1.0 , < 12.1.8 (custom)
    Affected: 11.2.0 , < 11.2.13 (custom)
    Affected: 11.1.0 , < 11.1.16 (custom)
    Affected: 10.2.0 , < 10.2.18-h8 (custom)
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.12:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h13:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.15:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.14:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h26:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h25:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h32:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h29:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h25:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h23:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h22:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h20:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h19:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h33:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h32:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h27:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h25:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h13:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h16:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h36:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h31:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h30:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h27:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h26:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h23:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h13:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h34:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h32:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h24:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h23:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h22:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h20:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h19:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h16:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h13:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Palo Alto Networks Prisma Access Unaffected: All (custom)
    Create a notification for this product.
    Date Public
    2026-07-08 16:00
    Credits
    Curious of TRAPA Security our internal security research teams
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0286",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T19:25:55.330135Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T19:26:01.748Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Cloud NGFW",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h13:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h26:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h25:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h32:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h29:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h25:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h23:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h22:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h20:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h19:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h33:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h32:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h27:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h25:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h13:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h16:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h36:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h31:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h30:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h27:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h26:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h23:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h13:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h34:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h32:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h24:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h23:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h22:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h20:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h19:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h16:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h13:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "PAN-OS",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "12.1.8",
                      "status": "unaffected"
                    },
                    {
                      "at": "12.1.7-h2",
                      "status": "unaffected"
                    },
                    {
                      "at": "12.1.4-h8",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "12.1.8",
                  "status": "affected",
                  "version": "12.1.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "11.2.13",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.2.10-h11",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.2.7-h18",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.2.4-h20",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "11.2.13",
                  "status": "affected",
                  "version": "11.2.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "11.1.16",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.13-h9",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.10-h30",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.7-h8",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.6-h35",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.4-h35",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "11.1.16",
                  "status": "affected",
                  "version": "11.1.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "10.2.18-h8",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.16-h9",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.13-h23",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.10-h39",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.7-h36",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "10.2.18-h8",
                  "status": "affected",
                  "version": "10.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Prisma Access",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "configurations": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "No special configuration is required to be affected by this issue."
                }
              ],
              "value": "No special configuration is required to be affected by this issue."
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "12.1.8",
                      "versionStartIncluding": "12.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "12.1.7-h2",
                      "versionStartIncluding": "12.1.7",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "12.1.4-h8",
                      "versionStartIncluding": "12.1.4",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.2.13",
                      "versionStartIncluding": "11.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.2.10-h11",
                      "versionStartIncluding": "11.2.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.2.7-h18",
                      "versionStartIncluding": "11.2.7",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.2.4-h20",
                      "versionStartIncluding": "11.2.4",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.16",
                      "versionStartIncluding": "11.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.13-h9",
                      "versionStartIncluding": "11.1.13",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.10-h30",
                      "versionStartIncluding": "11.1.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.7-h8",
                      "versionStartIncluding": "11.1.7",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.6-h35",
                      "versionStartIncluding": "11.1.6",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.4-h35",
                      "versionStartIncluding": "11.1.4",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.18-h8",
                      "versionStartIncluding": "10.2.18",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.16-h9",
                      "versionStartIncluding": "10.2.16",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.13-h23",
                      "versionStartIncluding": "10.2.13",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.10-h39",
                      "versionStartIncluding": "10.2.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.7-h36",
                      "versionStartIncluding": "10.2.7",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Curious of TRAPA Security"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "our internal security research teams"
            }
          ],
          "datePublic": "2026-07-08T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eA command injection vulnerability in the management plane of Palo Alto Networks PAN-OS\u00ae software enables an authenticated administrator to execute arbitrary OS commands as root.\u003c/p\u003e\u003cp\u003eThe security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators.\u003c/p\u003e\u003cp\u003eThis issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series).\u003c/p\u003e\u003cp\u003eCloud NGFW and Prisma Access\u00ae  are not impacted by this vulnerability.\u003c/p\u003e"
                }
              ],
              "value": "A command injection vulnerability in the management plane of Palo Alto Networks PAN-OS\u00ae software enables an authenticated administrator to execute arbitrary OS commands as root.\n\n\n\nThe security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators.\n\n\n\nThis issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series).\n\n\n\nCloud NGFW and Prisma Access\u00ae  are not impacted by this vulnerability."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
                }
              ],
              "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-88",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-88 OS Command Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NO",
                "Recovery": "USER",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "UNREPORTED",
                "privilegesRequired": "HIGH",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T18:56:29.289Z",
            "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
            "shortName": "palo_alto"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.paloaltonetworks.com/CVE-2026-0286"
            }
          ],
          "solutions": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003ctable class=\"tbl\"\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eVersion\u003cbr\u003e\u003c/th\u003e\u003cth\u003eMinor Version\u003cbr\u003e\u003c/th\u003e\u003cth\u003eSuggested Solution\u003cbr\u003e\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eCloud NGFW All\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003ePAN-OS 12.1\u003cbr\u003e\u003c/td\u003e\n                                \u003ctd\u003e12.1.5 through 12.1.7\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 12.1.7-h2 or 12.1.8 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e12.1.2 through 12.1.4\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 12.1.4-h8 or 12.1.8 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003ePAN-OS 11.2\u003cbr\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.2.11 through 11.2.12\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.2.13 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.2.8 through 11.2.10\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.2.10-h11 or 11.2.13 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.2.5 through 11.2.7\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.2.7-h18 or 11.2.13 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.2.0 through 11.2.4\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.2.4-h20 or 11.2.13 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003ePAN-OS 11.1\u003cbr\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.1.14 through 11.1.15\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.1.16 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.1.11 through 11.1.13\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.1.13-h9 or 11.1.16 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.1.8 through 11.1.10\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.1.10-h30 or 11.1.16 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.1.7 through 11.1.7\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.1.7-h8 or 11.1.16 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.1.5 through 11.1.6\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.1.6-h35 or 11.1.16 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.1.0 through 11.1.4\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.1.4-h35 or 11.1.16 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003ePAN-OS 10.2\u003cbr\u003e\u003c/td\u003e\n                                \u003ctd\u003e10.2.17 through 10.2.18\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 10.2.18-h8 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e10.2.14 through 10.2.16\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 10.2.16-h9 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e10.2.11 through 10.2.13\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 10.2.13-h23 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e10.2.8 through 10.2.10\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 10.2.10-h39 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e10.2.0 through 10.2.7\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 10.2.7-h36 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eAll older\u003cbr\u003eunsupported\u003cbr\u003ePAN-OS versions\u003c/td\u003e\u003ctd\u003e\u0026nbsp;\u003c/td\u003e\u003ctd\u003eUpgrade to a supported fixed version.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePrisma Access\u0026nbsp;\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e"
                }
              ],
              "value": "Version\nMinor Version\nSuggested Solution\nCloud NGFW All\nNo action needed.\n                                PAN-OS 12.1\n\n                                12.1.5 through 12.1.7-h*\n                                Upgrade to 12.1.7-h2 or 12.1.8 or later.\n                            \n                                \n                                12.1.2 through 12.1.4-h*\n                                Upgrade to 12.1.4-h8 or 12.1.8 or later.\n                            \n                                PAN-OS 11.2\n\n                                11.2.11 through 11.2.12\n                                Upgrade to 11.2.13 or later.\n                            \n                                \n                                11.2.8 through 11.2.10-h*\n                                Upgrade to 11.2.10-h11 or 11.2.13 or later.\n                            \n                                \n                                11.2.5 through 11.2.7-h*\n                                Upgrade to 11.2.7-h18 or 11.2.13 or later.\n                            \n                                \n                                11.2.0 through 11.2.4-h*\n                                Upgrade to 11.2.4-h20 or 11.2.13 or later.\n                            \n                                PAN-OS 11.1\n\n                                11.1.14 through 11.1.15\n                                Upgrade to 11.1.16 or later.\n                            \n                                \n                                11.1.11 through 11.1.13-h*\n                                Upgrade to 11.1.13-h9 or 11.1.16 or later.\n                            \n                                \n                                11.1.8 through 11.1.10-h*\n                                Upgrade to 11.1.10-h30 or 11.1.16 or later.\n                            \n                                \n                                11.1.7 through 11.1.7-h*\n                                Upgrade to 11.1.7-h8 or 11.1.16 or later.\n                            \n                                \n                                11.1.5 through 11.1.6-h*\n                                Upgrade to 11.1.6-h35 or 11.1.16 or later.\n                            \n                                \n                                11.1.0 through 11.1.4-h*\n                                Upgrade to 11.1.4-h35 or 11.1.16 or later.\n                            \n                                PAN-OS 10.2\n\n                                10.2.17 through 10.2.18-h*\n                                Upgrade to 10.2.18-h8 or later.\n                            \n                                \n                                10.2.14 through 10.2.16-h*\n                                Upgrade to 10.2.16-h9 or later.\n                            \n                                \n                                10.2.11 through 10.2.13-h*\n                                Upgrade to 10.2.13-h23 or later.\n                            \n                                \n                                10.2.8 through 10.2.10-h*\n                                Upgrade to 10.2.10-h39 or later.\n                            \n                                \n                                10.2.0 through 10.2.7-h*\n                                Upgrade to 10.2.7-h36 or later.\n                            All older\nunsupported\nPAN-OS versions\u00a0Upgrade to a supported fixed version.Prisma Access\u00a0\n\nNo action needed."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-08T16:00:00.000Z",
              "value": "Initial Publication"
            }
          ],
          "title": "PAN-OS: Authenticated Command Injection in CLI",
          "workarounds": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003e\u003c/p\u003e\u003cp\u003eCustomers with a Threat Prevention subscription are provided with limited coverage against this vulnerability by enabling Threat ID 510036 (from Applications and Threats content version 9122-10145 and later). For these Threat IDs to protect against attacks for this vulnerability:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#id59206398-3dab-4b2f-9b4b-7ea500d036ba\"\u003eRoute incoming traffic for the MGT port through a DP port\u003c/a\u003e, e.g., enabling management profile on a DP interface for management access.\u003c/li\u003e\u003cli\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#id112f7714-8995-4496-bbf9-781e63dec71c\"\u003eReplace the Certificate for Inbound Traffic Management\u003c/a\u003e.\u0026nbsp;\u003c/li\u003e\u003cli\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#idbbd82587-17a2-42b4-9245-d3714e1e13a2\"\u003eDecrypt inbound traffic to the management\u0026nbsp;interface\u0026nbsp;so the firewall can inspect it.\u003c/a\u003e\u003c/li\u003e\u003cli\u003eEnable threat prevention on the inbound traffic to management services.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003ePlease note that this Threat ID requires SSL Decryption.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e"
                }
              ],
              "value": "Customers with a Threat Prevention subscription are provided with limited coverage against this vulnerability by enabling Threat ID 510036 (from Applications and Threats content version 9122-10145 and later). For these Threat IDs to protect against attacks for this vulnerability:\n\n\n\n\n\n  *   Route incoming traffic for the MGT port through a DP port https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#id59206398-3dab-4b2f-9b4b-7ea500d036ba , e.g., enabling management profile on a DP interface for management access.\n  *   Replace the Certificate for Inbound Traffic Management https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#id112f7714-8995-4496-bbf9-781e63dec71c .\u00a0\n  *   Decrypt inbound traffic to the management\u00a0interface\u00a0so the firewall can inspect it. https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#idbbd82587-17a2-42b4-9245-d3714e1e13a2 \n  *  Enable threat prevention on the inbound traffic to management services.\n\n\n\n\n\n\n\n\nPlease note that this Threat ID requires SSL Decryption."
            }
          ],
          "x_affectedList": [
            "PAN-OS 12.1.7",
            "PAN-OS 12.1.6",
            "PAN-OS 12.1.5",
            "PAN-OS 12.1.4-h6",
            "PAN-OS 12.1.4-h5",
            "PAN-OS 12.1.4-h3",
            "PAN-OS 12.1.4-h2",
            "PAN-OS 12.1.4",
            "PAN-OS 12.1.3-h3",
            "PAN-OS 12.1.3-h1",
            "PAN-OS 12.1.3",
            "PAN-OS 12.1.2",
            "PAN-OS 11.2.12",
            "PAN-OS 11.2.11",
            "PAN-OS 11.2.10-h8",
            "PAN-OS 11.2.10-h7",
            "PAN-OS 11.2.10-h6",
            "PAN-OS 11.2.10-h5",
            "PAN-OS 11.2.10-h4",
            "PAN-OS 11.2.10-h3",
            "PAN-OS 11.2.10-h2",
            "PAN-OS 11.2.10-h1",
            "PAN-OS 11.2.10",
            "PAN-OS 11.2.9",
            "PAN-OS 11.2.8",
            "PAN-OS 11.2.7-h15",
            "PAN-OS 11.2.7-h14",
            "PAN-OS 11.2.7-h13",
            "PAN-OS 11.2.7-h12",
            "PAN-OS 11.2.7-h11",
            "PAN-OS 11.2.7-h10",
            "PAN-OS 11.2.7-h8",
            "PAN-OS 11.2.7-h7",
            "PAN-OS 11.2.7-h4",
            "PAN-OS 11.2.7-h3",
            "PAN-OS 11.2.7-h2",
            "PAN-OS 11.2.7-h1",
            "PAN-OS 11.2.7",
            "PAN-OS 11.2.6",
            "PAN-OS 11.2.5",
            "PAN-OS 11.2.4-h17",
            "PAN-OS 11.2.4-h15",
            "PAN-OS 11.2.4-h14",
            "PAN-OS 11.2.4-h12",
            "PAN-OS 11.2.4-h11",
            "PAN-OS 11.2.4-h10",
            "PAN-OS 11.2.4-h9",
            "PAN-OS 11.2.4-h8",
            "PAN-OS 11.2.4-h7",
            "PAN-OS 11.2.4-h6",
            "PAN-OS 11.2.4-h5",
            "PAN-OS 11.2.4-h4",
            "PAN-OS 11.2.4-h3",
            "PAN-OS 11.2.4-h2",
            "PAN-OS 11.2.4-h1",
            "PAN-OS 11.2.4",
            "PAN-OS 11.2.3-h5",
            "PAN-OS 11.2.3-h4",
            "PAN-OS 11.2.3-h3",
            "PAN-OS 11.2.3-h2",
            "PAN-OS 11.2.3-h1",
            "PAN-OS 11.2.3",
            "PAN-OS 11.2.2-h2",
            "PAN-OS 11.2.2-h1",
            "PAN-OS 11.2.1-h1",
            "PAN-OS 11.2.1",
            "PAN-OS 11.2.0-h1",
            "PAN-OS 11.2.0",
            "PAN-OS 11.1.15",
            "PAN-OS 11.1.14",
            "PAN-OS 11.1.13-h6",
            "PAN-OS 11.1.13-h5",
            "PAN-OS 11.1.13-h3",
            "PAN-OS 11.1.13-h2",
            "PAN-OS 11.1.13-h1",
            "PAN-OS 11.1.13",
            "PAN-OS 11.1.12",
            "PAN-OS 11.1.11",
            "PAN-OS 11.1.10-h26",
            "PAN-OS 11.1.10-h25",
            "PAN-OS 11.1.10-h21",
            "PAN-OS 11.1.10-h12",
            "PAN-OS 11.1.10-h10",
            "PAN-OS 11.1.10-h9",
            "PAN-OS 11.1.10-h7",
            "PAN-OS 11.1.10-h5",
            "PAN-OS 11.1.10-h4",
            "PAN-OS 11.1.10-h1",
            "PAN-OS 11.1.10",
            "PAN-OS 11.1.9",
            "PAN-OS 11.1.8",
            "PAN-OS 11.1.6-h32",
            "PAN-OS 11.1.6-h29",
            "PAN-OS 11.1.6-h25",
            "PAN-OS 11.1.6-h23",
            "PAN-OS 11.1.6-h22",
            "PAN-OS 11.1.6-h21",
            "PAN-OS 11.1.6-h20",
            "PAN-OS 11.1.6-h19",
            "PAN-OS 11.1.6-h18",
            "PAN-OS 11.1.6-h17",
            "PAN-OS 11.1.6-h14",
            "PAN-OS 11.1.6-h10",
            "PAN-OS 11.1.6-h7",
            "PAN-OS 11.1.6-h6",
            "PAN-OS 11.1.6-h4",
            "PAN-OS 11.1.6-h3",
            "PAN-OS 11.1.6-h2",
            "PAN-OS 11.1.6-h1",
            "PAN-OS 11.1.6",
            "PAN-OS 11.1.5-h1",
            "PAN-OS 11.1.5",
            "PAN-OS 11.1.4-h33",
            "PAN-OS 11.1.4-h32",
            "PAN-OS 11.1.4-h27",
            "PAN-OS 11.1.4-h25",
            "PAN-OS 11.1.4-h18",
            "PAN-OS 11.1.4-h17",
            "PAN-OS 11.1.4-h15",
            "PAN-OS 11.1.4-h13",
            "PAN-OS 11.1.4-h12",
            "PAN-OS 11.1.4-h11",
            "PAN-OS 11.1.4-h10",
            "PAN-OS 11.1.4-h9",
            "PAN-OS 11.1.4-h8",
            "PAN-OS 11.1.4-h7",
            "PAN-OS 11.1.4-h6",
            "PAN-OS 11.1.4-h5",
            "PAN-OS 11.1.4-h4",
            "PAN-OS 11.1.4-h3",
            "PAN-OS 11.1.4-h2",
            "PAN-OS 11.1.4-h1",
            "PAN-OS 11.1.4",
            "PAN-OS 11.1.3-h13",
            "PAN-OS 11.1.3-h12",
            "PAN-OS 11.1.3-h11",
            "PAN-OS 11.1.3-h10",
            "PAN-OS 11.1.3-h9",
            "PAN-OS 11.1.3-h8",
            "PAN-OS 11.1.3-h7",
            "PAN-OS 11.1.3-h6",
            "PAN-OS 11.1.3-h5",
            "PAN-OS 11.1.3-h4",
            "PAN-OS 11.1.3-h3",
            "PAN-OS 11.1.3-h2",
            "PAN-OS 11.1.3-h1",
            "PAN-OS 11.1.3",
            "PAN-OS 11.1.2-h18",
            "PAN-OS 11.1.2-h17",
            "PAN-OS 11.1.2-h16",
            "PAN-OS 11.1.2-h15",
            "PAN-OS 11.1.2-h14",
            "PAN-OS 11.1.2-h13",
            "PAN-OS 11.1.2-h12",
            "PAN-OS 11.1.2-h11",
            "PAN-OS 11.1.2-h10",
            "PAN-OS 11.1.2-h9",
            "PAN-OS 11.1.2-h8",
            "PAN-OS 11.1.2-h7",
            "PAN-OS 11.1.2-h6",
            "PAN-OS 11.1.2-h5",
            "PAN-OS 11.1.2-h4",
            "PAN-OS 11.1.2-h3",
            "PAN-OS 11.1.2-h2",
            "PAN-OS 11.1.2-h1",
            "PAN-OS 11.1.2",
            "PAN-OS 11.1.1-h2",
            "PAN-OS 11.1.1-h1",
            "PAN-OS 11.1.1",
            "PAN-OS 11.1.0-h4",
            "PAN-OS 11.1.0-h3",
            "PAN-OS 11.1.0-h2",
            "PAN-OS 11.1.0-h1",
            "PAN-OS 11.1.0",
            "PAN-OS 10.2.18-h6",
            "PAN-OS 10.2.18-h5",
            "PAN-OS 10.2.18-h1",
            "PAN-OS 10.2.18",
            "PAN-OS 10.2.17",
            "PAN-OS 10.2.16-h7",
            "PAN-OS 10.2.16-h6",
            "PAN-OS 10.2.16-h4",
            "PAN-OS 10.2.16-h1",
            "PAN-OS 10.2.16",
            "PAN-OS 10.2.15",
            "PAN-OS 10.2.14-h1",
            "PAN-OS 10.2.14",
            "PAN-OS 10.2.13-h21",
            "PAN-OS 10.2.13-h18",
            "PAN-OS 10.2.13-h16",
            "PAN-OS 10.2.13-h15",
            "PAN-OS 10.2.13-h10",
            "PAN-OS 10.2.13-h7",
            "PAN-OS 10.2.13-h5",
            "PAN-OS 10.2.13-h4",
            "PAN-OS 10.2.13-h3",
            "PAN-OS 10.2.13-h2",
            "PAN-OS 10.2.13-h1",
            "PAN-OS 10.2.13",
            "PAN-OS 10.2.12-h6",
            "PAN-OS 10.2.12-h5",
            "PAN-OS 10.2.12-h4",
            "PAN-OS 10.2.12-h3",
            "PAN-OS 10.2.12-h2",
            "PAN-OS 10.2.12-h1",
            "PAN-OS 10.2.12",
            "PAN-OS 10.2.11-h13",
            "PAN-OS 10.2.11-h12",
            "PAN-OS 10.2.11-h11",
            "PAN-OS 10.2.11-h10",
            "PAN-OS 10.2.11-h9",
            "PAN-OS 10.2.11-h8",
            "PAN-OS 10.2.11-h7",
            "PAN-OS 10.2.11-h6",
            "PAN-OS 10.2.11-h5",
            "PAN-OS 10.2.11-h4",
            "PAN-OS 10.2.11-h3",
            "PAN-OS 10.2.11-h2",
            "PAN-OS 10.2.11-h1",
            "PAN-OS 10.2.11",
            "PAN-OS 10.2.10-h36",
            "PAN-OS 10.2.10-h31",
            "PAN-OS 10.2.10-h30",
            "PAN-OS 10.2.10-h27",
            "PAN-OS 10.2.10-h26",
            "PAN-OS 10.2.10-h23",
            "PAN-OS 10.2.10-h21",
            "PAN-OS 10.2.10-h18",
            "PAN-OS 10.2.10-h17",
            "PAN-OS 10.2.10-h14",
            "PAN-OS 10.2.10-h13",
            "PAN-OS 10.2.10-h12",
            "PAN-OS 10.2.10-h11",
            "PAN-OS 10.2.10-h10",
            "PAN-OS 10.2.10-h9",
            "PAN-OS 10.2.10-h8",
            "PAN-OS 10.2.10-h7",
            "PAN-OS 10.2.10-h6",
            "PAN-OS 10.2.10-h5",
            "PAN-OS 10.2.10-h4",
            "PAN-OS 10.2.10-h3",
            "PAN-OS 10.2.10-h2",
            "PAN-OS 10.2.10-h1",
            "PAN-OS 10.2.10",
            "PAN-OS 10.2.9-h21",
            "PAN-OS 10.2.9-h20",
            "PAN-OS 10.2.9-h19",
            "PAN-OS 10.2.9-h18",
            "PAN-OS 10.2.9-h17",
            "PAN-OS 10.2.9-h16",
            "PAN-OS 10.2.9-h15",
            "PAN-OS 10.2.9-h14",
            "PAN-OS 10.2.9-h13",
            "PAN-OS 10.2.9-h12",
            "PAN-OS 10.2.9-h11",
            "PAN-OS 10.2.9-h10",
            "PAN-OS 10.2.9-h9",
            "PAN-OS 10.2.9-h8",
            "PAN-OS 10.2.9-h7",
            "PAN-OS 10.2.9-h6",
            "PAN-OS 10.2.9-h5",
            "PAN-OS 10.2.9-h4",
            "PAN-OS 10.2.9-h3",
            "PAN-OS 10.2.9-h2",
            "PAN-OS 10.2.9-h1",
            "PAN-OS 10.2.9",
            "PAN-OS 10.2.8-h21",
            "PAN-OS 10.2.8-h20",
            "PAN-OS 10.2.8-h19",
            "PAN-OS 10.2.8-h18",
            "PAN-OS 10.2.8-h17",
            "PAN-OS 10.2.8-h16",
            "PAN-OS 10.2.8-h15",
            "PAN-OS 10.2.8-h14",
            "PAN-OS 10.2.8-h13",
            "PAN-OS 10.2.8-h12",
            "PAN-OS 10.2.8-h11",
            "PAN-OS 10.2.8-h10",
            "PAN-OS 10.2.8-h9",
            "PAN-OS 10.2.8-h8",
            "PAN-OS 10.2.8-h7",
            "PAN-OS 10.2.8-h6",
            "PAN-OS 10.2.8-h5",
            "PAN-OS 10.2.8-h4",
            "PAN-OS 10.2.8-h3",
            "PAN-OS 10.2.8-h2",
            "PAN-OS 10.2.8-h1",
            "PAN-OS 10.2.8",
            "PAN-OS 10.2.7-h34",
            "PAN-OS 10.2.7-h32",
            "PAN-OS 10.2.7-h24",
            "PAN-OS 10.2.7-h23",
            "PAN-OS 10.2.7-h22",
            "PAN-OS 10.2.7-h21",
            "PAN-OS 10.2.7-h20",
            "PAN-OS 10.2.7-h19",
            "PAN-OS 10.2.7-h18",
            "PAN-OS 10.2.7-h17",
            "PAN-OS 10.2.7-h16",
            "PAN-OS 10.2.7-h15",
            "PAN-OS 10.2.7-h14",
            "PAN-OS 10.2.7-h13",
            "PAN-OS 10.2.7-h12",
            "PAN-OS 10.2.7-h11",
            "PAN-OS 10.2.7-h10",
            "PAN-OS 10.2.7-h9",
            "PAN-OS 10.2.7-h8",
            "PAN-OS 10.2.7-h7",
            "PAN-OS 10.2.7-h6",
            "PAN-OS 10.2.7-h5",
            "PAN-OS 10.2.7-h4",
            "PAN-OS 10.2.7-h3",
            "PAN-OS 10.2.7-h2",
            "PAN-OS 10.2.7-h1",
            "PAN-OS 10.2.7",
            "PAN-OS 10.2.6-h6",
            "PAN-OS 10.2.6-h5",
            "PAN-OS 10.2.6-h4",
            "PAN-OS 10.2.6-h3",
            "PAN-OS 10.2.6-h2",
            "PAN-OS 10.2.6-h1",
            "PAN-OS 10.2.6",
            "PAN-OS 10.2.5-h9",
            "PAN-OS 10.2.5-h8",
            "PAN-OS 10.2.5-h7",
            "PAN-OS 10.2.5-h6",
            "PAN-OS 10.2.5-h5",
            "PAN-OS 10.2.5-h4",
            "PAN-OS 10.2.5-h3",
            "PAN-OS 10.2.5-h2",
            "PAN-OS 10.2.5-h1",
            "PAN-OS 10.2.5",
            "PAN-OS 10.2.4-h32",
            "PAN-OS 10.2.4-h31",
            "PAN-OS 10.2.4-h30",
            "PAN-OS 10.2.4-h29",
            "PAN-OS 10.2.4-h28",
            "PAN-OS 10.2.4-h27",
            "PAN-OS 10.2.4-h26",
            "PAN-OS 10.2.4-h25",
            "PAN-OS 10.2.4-h24",
            "PAN-OS 10.2.4-h23",
            "PAN-OS 10.2.4-h22",
            "PAN-OS 10.2.4-h21",
            "PAN-OS 10.2.4-h20",
            "PAN-OS 10.2.4-h19",
            "PAN-OS 10.2.4-h18",
            "PAN-OS 10.2.4-h17",
            "PAN-OS 10.2.4-h16",
            "PAN-OS 10.2.4-h15",
            "PAN-OS 10.2.4-h14",
            "PAN-OS 10.2.4-h13",
            "PAN-OS 10.2.4-h12",
            "PAN-OS 10.2.4-h11",
            "PAN-OS 10.2.4-h10",
            "PAN-OS 10.2.4-h9",
            "PAN-OS 10.2.4-h8",
            "PAN-OS 10.2.4-h7",
            "PAN-OS 10.2.4-h6",
            "PAN-OS 10.2.4-h5",
            "PAN-OS 10.2.4-h4",
            "PAN-OS 10.2.4-h3",
            "PAN-OS 10.2.4-h2",
            "PAN-OS 10.2.4-h1",
            "PAN-OS 10.2.4",
            "PAN-OS 10.2.3-h14",
            "PAN-OS 10.2.3-h13",
            "PAN-OS 10.2.3-h12",
            "PAN-OS 10.2.3-h11",
            "PAN-OS 10.2.3-h10",
            "PAN-OS 10.2.3-h9",
            "PAN-OS 10.2.3-h8",
            "PAN-OS 10.2.3-h7",
            "PAN-OS 10.2.3-h6",
            "PAN-OS 10.2.3-h5",
            "PAN-OS 10.2.3-h4",
            "PAN-OS 10.2.3-h3",
            "PAN-OS 10.2.3-h2",
            "PAN-OS 10.2.3-h1",
            "PAN-OS 10.2.3",
            "PAN-OS 10.2.2-h6",
            "PAN-OS 10.2.2-h5",
            "PAN-OS 10.2.2-h4",
            "PAN-OS 10.2.2-h3",
            "PAN-OS 10.2.2-h2",
            "PAN-OS 10.2.2-h1",
            "PAN-OS 10.2.2",
            "PAN-OS 10.2.1-h3",
            "PAN-OS 10.2.1-h2",
            "PAN-OS 10.2.1-h1",
            "PAN-OS 10.2.1",
            "PAN-OS 10.2.0-h4",
            "PAN-OS 10.2.0-h3",
            "PAN-OS 10.2.0-h2",
            "PAN-OS 10.2.0-h1",
            "PAN-OS 10.2.0"
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "assignerShortName": "palo_alto",
        "cveId": "CVE-2026-0286",
        "datePublished": "2026-07-09T18:56:29.289Z",
        "dateReserved": "2025-11-03T20:44:44.429Z",
        "dateUpdated": "2026-07-09T19:26:01.748Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0285 (GCVE-0-2026-0285)

    Vulnerability from nvd – Published: 2026-07-09 18:58 – Updated: 2026-07-09 19:25
    VLAI
    Title
    PAN-OS: Server-Side Request Forgery Vulnerability in Management Web Interface
    Summary
    A server-side request forgery (SSRF) vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator with network access to the management web interface to make unauthorized requests from the firewall to internal services. The security risk posed by this issue is minimized when the management interface is restricted to only trusted internal IP addresses according to our recommended  best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .  Panorama, Cloud NGFW, and Prisma® Access are not impacted by this vulnerability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-918 - Server-Side Request Forgery (SSRF)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Palo Alto Networks Cloud NGFW Unaffected: All (custom)
    Create a notification for this product.
    Palo Alto Networks PAN-OS Affected: 12.1.0 , < 12.1.8 (custom)
    Affected: 11.2.0 , < 11.2.13 (custom)
    Affected: 11.1.0 , < 11.1.16 (custom)
    Affected: 10.2.0 , < 10.2.18-h8 (custom)
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.12:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h13:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.15:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.14:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h26:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h25:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h32:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h29:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h25:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h23:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h22:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h20:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h19:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h33:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h32:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h27:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h25:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h13:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h16:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h36:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h31:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h30:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h27:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h26:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h23:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h13:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h34:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h32:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h24:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h23:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h22:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h20:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h19:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h16:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h13:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Palo Alto Networks Prisma Access Unaffected: All (custom)
    Create a notification for this product.
    Date Public
    2026-07-08 16:00
    Credits
    our internal security research teams
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0285",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T19:25:38.612302Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T19:25:44.255Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Cloud NGFW",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h13:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h26:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h25:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h32:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h29:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h25:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h23:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h22:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h20:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h19:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h33:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h32:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h27:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h25:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h13:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h16:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h36:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h31:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h30:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h27:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h26:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h23:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h13:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h34:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h32:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h24:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h23:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h22:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h20:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h19:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h16:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h13:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "PAN-OS",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "12.1.8",
                      "status": "unaffected"
                    },
                    {
                      "at": "12.1.7-h2",
                      "status": "unaffected"
                    },
                    {
                      "at": "12.1.4-h8",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "12.1.8",
                  "status": "affected",
                  "version": "12.1.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "11.2.13",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.2.10-h11",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.2.7-h18",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.2.4-h20",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "11.2.13",
                  "status": "affected",
                  "version": "11.2.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "11.1.16",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.13-h9",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.10-h30",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.7-h8",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.6-h35",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.4-h35",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "11.1.16",
                  "status": "affected",
                  "version": "11.1.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "10.2.18-h8",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.16-h9",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.13-h23",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.10-h39",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.7-h36",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "10.2.18-h8",
                  "status": "affected",
                  "version": "10.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Prisma Access",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "configurations": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003e\u003c/p\u003e\u003cp\u003eThe risk is greatest if you enabled access to the management interface from the internet or any untrusted network either:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003col\u003e\u003cli\u003eDirectly; or\u003c/li\u003e\u003cli\u003eThrough a dataplane interface that includes a management interface profile.\u003c/li\u003e\u003c/ol\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eYou reduce the risk if you ensure that you allow only trusted internal IP addresses to access the management interface.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e"
                }
              ],
              "value": "The risk is greatest if you enabled access to the management interface from the internet or any untrusted network either:\n\n\n\n\n\n  *  Directly; or\n  *  Through a dataplane interface that includes a management interface profile.\n\n\n\n\n\n\nYou reduce the risk if you ensure that you allow only trusted internal IP addresses to access the management interface."
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "12.1.4-h8",
                      "versionStartIncluding": "12.1.4",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "12.1.7-h2",
                      "versionStartIncluding": "12.1.7",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "12.1.8",
                      "versionStartIncluding": "12.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.2.4-h20",
                      "versionStartIncluding": "11.2.4",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.2.7-h18",
                      "versionStartIncluding": "11.2.7",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.2.10-h11",
                      "versionStartIncluding": "11.2.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.2.13",
                      "versionStartIncluding": "11.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.4-h35",
                      "versionStartIncluding": "11.1.4",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.6-h35",
                      "versionStartIncluding": "11.1.6",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.7-h8",
                      "versionStartIncluding": "11.1.7",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.10-h30",
                      "versionStartIncluding": "11.1.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.13-h9",
                      "versionStartIncluding": "11.1.13",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.16",
                      "versionStartIncluding": "11.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.7-h36",
                      "versionStartIncluding": "10.2.7",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.10-h39",
                      "versionStartIncluding": "10.2.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.13-h23",
                      "versionStartIncluding": "10.2.13",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.16-h9",
                      "versionStartIncluding": "10.2.16",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.18-h8",
                      "versionStartIncluding": "10.2.18",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "our internal security research teams"
            }
          ],
          "datePublic": "2026-07-08T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003e\u003cspan\u003eA server-side request forgery (SSRF) vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator with network access to the management web interface to make unauthorized requests from the firewall to internal services.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan\u003eThe security risk posed by this issue is minimized when the management interface is restricted to only trusted internal IP addresses according to our recommended\u0026nbsp;\u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"\u003e\u003cspan\u003ebest practice deployment guidelines\u003c/span\u003e\u003c/a\u003e\u003cspan\u003e.\u0026nbsp;\u003cbr\u003e\u003c/span\u003e\u003cspan\u003e\u003cbr\u003ePanorama, Cloud NGFW, and Prisma\u00ae Access are not impacted by this vulnerability.\u003c/span\u003e\u003c/p\u003e"
                }
              ],
              "value": "A server-side request forgery (SSRF) vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator with network access to the management web interface to make unauthorized requests from the firewall to internal services.\n\n\n\nThe security risk posed by this issue is minimized when the management interface is restricted to only trusted internal IP addresses according to our recommended\u00a0 best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .\u00a0\n\nPanorama, Cloud NGFW, and Prisma\u00ae Access are not impacted by this vulnerability."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
                }
              ],
              "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-664",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-664 Server-Side Request Forgery"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NO",
                "Recovery": "USER",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "UNREPORTED",
                "privilegesRequired": "HIGH",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "The risk is highest when you allow access to the management interface from external IP addresses on the internet."
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NO",
                "Recovery": "USER",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "ADJACENT",
                "baseScore": 4.4,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "UNREPORTED",
                "privilegesRequired": "HIGH",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "You can reduce the risk of exploitation by restricting access to a jump box that is the only system allowed to access the management interface."
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "CWE-918 Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T18:58:14.563Z",
            "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
            "shortName": "palo_alto"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.paloaltonetworks.com/CVE-2026-0285"
            }
          ],
          "solutions": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003ctable class=\"tbl\"\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eVersion\u003cbr\u003e\u003c/th\u003e\u003cth\u003eMinor Version\u003cbr\u003e\u003c/th\u003e\u003cth\u003eSuggested Solution\u003cbr\u003e\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eCloud NGFW\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003ePAN-OS 12.1\u003cbr\u003e\u003c/td\u003e\n                                \u003ctd\u003e12.1.5 through 12.1.7\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 12.1.7-h2 or 12.1.8 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e12.1.2 through 12.1.4\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 12.1.4-h8 or 12.1.8 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003ePAN-OS 11.2\u003cbr\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.2.11 through 11.2.12\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.2.13 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.2.8 through 11.2.10\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.2.10-h11 or 11.2.13 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.2.5 through 11.2.7\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.2.7-h18 or 11.2.13 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.2.0 through 11.2.4\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.2.4-h20 or 11.2.13 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003ePAN-OS 11.1\u003cbr\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.1.14 through 11.1.15\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.1.16 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.1.11 through 11.1.13\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.1.13-h9 or 11.1.16 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.1.8 through 11.1.10\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.1.10-h30 or 11.1.16 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.1.7 through 11.1.7\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.1.7-h8 or 11.1.16 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.1.5 through 11.1.6\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.1.6-h35 or 11.1.16 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.1.0 through 11.1.4\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.1.4-h35 or 11.1.16 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003ePAN-OS 10.2\u003cbr\u003e\u003c/td\u003e\n                                \u003ctd\u003e10.2.17 through 10.2.18\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 10.2.18-h8 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e10.2.14 through 10.2.16\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 10.2.16-h9 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e10.2.11 through 10.2.13\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 10.2.13-h23 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e10.2.8 through 10.2.10\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 10.2.10-h39 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e10.2.0 through 10.2.7\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 10.2.7-h36 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eAll older\u003cbr\u003eunsupported\u003cbr\u003ePAN-OS versions\u003c/td\u003e\u003ctd\u003e\u0026nbsp;\u003c/td\u003e\u003ctd\u003eUpgrade to a supported fixed version.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePrisma Access\u0026nbsp;\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e"
                }
              ],
              "value": "Version\nMinor Version\nSuggested Solution\nCloud NGFW\nNo action needed.\n                                PAN-OS 12.1\n\n                                12.1.5 through 12.1.7-h*\n                                Upgrade to 12.1.7-h2 or 12.1.8 or later.\n                            \n                                \n                                12.1.2 through 12.1.4-h*\n                                Upgrade to 12.1.4-h8 or 12.1.8 or later.\n                            \n                                PAN-OS 11.2\n\n                                11.2.11 through 11.2.12\n                                Upgrade to 11.2.13 or later.\n                            \n                                \n                                11.2.8 through 11.2.10-h*\n                                Upgrade to 11.2.10-h11 or 11.2.13 or later.\n                            \n                                \n                                11.2.5 through 11.2.7-h*\n                                Upgrade to 11.2.7-h18 or 11.2.13 or later.\n                            \n                                \n                                11.2.0 through 11.2.4-h*\n                                Upgrade to 11.2.4-h20 or 11.2.13 or later.\n                            \n                                PAN-OS 11.1\n\n                                11.1.14 through 11.1.15\n                                Upgrade to 11.1.16 or later.\n                            \n                                \n                                11.1.11 through 11.1.13-h*\n                                Upgrade to 11.1.13-h9 or 11.1.16 or later.\n                            \n                                \n                                11.1.8 through 11.1.10-h*\n                                Upgrade to 11.1.10-h30 or 11.1.16 or later.\n                            \n                                \n                                11.1.7 through 11.1.7-h*\n                                Upgrade to 11.1.7-h8 or 11.1.16 or later.\n                            \n                                \n                                11.1.5 through 11.1.6-h*\n                                Upgrade to 11.1.6-h35 or 11.1.16 or later.\n                            \n                                \n                                11.1.0 through 11.1.4-h*\n                                Upgrade to 11.1.4-h35 or 11.1.16 or later.\n                            \n                                PAN-OS 10.2\n\n                                10.2.17 through 10.2.18-h*\n                                Upgrade to 10.2.18-h8 or later.\n                            \n                                \n                                10.2.14 through 10.2.16-h*\n                                Upgrade to 10.2.16-h9 or later.\n                            \n                                \n                                10.2.11 through 10.2.13-h*\n                                Upgrade to 10.2.13-h23 or later.\n                            \n                                \n                                10.2.8 through 10.2.10-h*\n                                Upgrade to 10.2.10-h39 or later.\n                            \n                                \n                                10.2.0 through 10.2.7-h*\n                                Upgrade to 10.2.7-h36 or later.\n                            All older\nunsupported\nPAN-OS versions\u00a0Upgrade to a supported fixed version.Prisma Access\u00a0\nNo action needed."
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-08T16:00:00.000Z",
              "value": "Initial publication"
            }
          ],
          "title": "PAN-OS: Server-Side Request Forgery Vulnerability in Management Web Interface",
          "workarounds": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003e\u003c/p\u003e\u003cp\u003eThe vast majority of firewalls already follow Palo Alto Networks\u0027 and industry best practices. However, if you have not already, we strongly recommend that you secure access to your management interface according to our \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"\u003ebest practice deployment guidelines\u003c/a\u003e. Specifically, you should restrict management interface access to only trusted internal IP addresses.\u003c/p\u003e\u003cp\u003eReview information about how to secure management access to your Palo Alto Networks firewalls:\u003c/p\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"\u003e\u003c/a\u003e\u003cul\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"\u003e\u003c/a\u003e\u003cli\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"\u003e\u003c/a\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"\u003ePalo Alto Networks LIVEcommunity article\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices\"\u003ePalo Alto Networks official and detailed technical documentation\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eCustomers with a Threat Prevention subscription can block attacks for this vulnerability by enabling Threat ID 510030 (from Applications and Threats content version 9122-10145 and later). For these Threat IDs to protect against attacks for this vulnerability:\u003c/p\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#id59206398-3dab-4b2f-9b4b-7ea500d036ba\"\u003e\u003c/a\u003e\u003cul\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#id59206398-3dab-4b2f-9b4b-7ea500d036ba\"\u003e\u003c/a\u003e\u003cli\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#id59206398-3dab-4b2f-9b4b-7ea500d036ba\"\u003e\u003c/a\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#id59206398-3dab-4b2f-9b4b-7ea500d036ba\"\u003eRoute incoming traffic for the MGT port through a DP port\u003c/a\u003e\u0026nbsp;e.g., enabling management profile on a DP interface for management access\u003c/li\u003e\u003cli\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#id112f7714-8995-4496-bbf9-781e63dec71c\"\u003eReplace the Certificate for Inbound Traffic Management\u003c/a\u003e.\u003c/li\u003e\u003cli\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#idbbd82587-17a2-42b4-9245-d3714e1e13a2\"\u003eDecrypt inbound traffic to the management interface\u003c/a\u003e\u0026nbsp;so the firewall can inspect it.\u003c/li\u003e\u003cli\u003eEnable threat prevention on the inbound traffic to management services.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003ePlease note that this Threat ID requires SSL Decryption.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e"
                }
              ],
              "value": "The vast majority of firewalls already follow Palo Alto Networks\u0027 and industry best practices. However, if you have not already, we strongly recommend that you secure access to your management interface according to our  best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . Specifically, you should restrict management interface access to only trusted internal IP addresses.\n\n\n\nReview information about how to secure management access to your Palo Alto Networks firewalls:\n\n  https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431   https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431   *    https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431  Palo Alto Networks LIVEcommunity article https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 \n  *   Palo Alto Networks official and detailed technical documentation https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices \n\n\n\n\nCustomers with a Threat Prevention subscription can block attacks for this vulnerability by enabling Threat ID 510030 (from Applications and Threats content version 9122-10145 and later). For these Threat IDs to protect against attacks for this vulnerability:\n\n  https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#id59206398-3dab-4b2f-9b4b-7ea500d036ba   https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#id59206398-3dab-4b2f-9b4b-7ea500d036ba   *    https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#id59206398-3dab-4b2f-9b4b-7ea500d036ba  Route incoming traffic for the MGT port through a DP port https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#id59206398-3dab-4b2f-9b4b-7ea500d036ba \u00a0e.g., enabling management profile on a DP interface for management access\n  *   Replace the Certificate for Inbound Traffic Management https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#id112f7714-8995-4496-bbf9-781e63dec71c .\n  *   Decrypt inbound traffic to the management interface https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#idbbd82587-17a2-42b4-9245-d3714e1e13a2 \u00a0so the firewall can inspect it.\n  *  Enable threat prevention on the inbound traffic to management services.\n\n\n\n\nPlease note that this Threat ID requires SSL Decryption."
            }
          ],
          "x_affectedList": [
            "PAN-OS 12.1.7",
            "PAN-OS 12.1.6",
            "PAN-OS 12.1.5",
            "PAN-OS 12.1.4-h6",
            "PAN-OS 12.1.4-h5",
            "PAN-OS 12.1.4-h3",
            "PAN-OS 12.1.4-h2",
            "PAN-OS 12.1.4",
            "PAN-OS 12.1.3-h3",
            "PAN-OS 12.1.3-h1",
            "PAN-OS 12.1.3",
            "PAN-OS 12.1.2",
            "PAN-OS 11.2.12",
            "PAN-OS 11.2.11",
            "PAN-OS 11.2.10-h8",
            "PAN-OS 11.2.10-h7",
            "PAN-OS 11.2.10-h6",
            "PAN-OS 11.2.10-h5",
            "PAN-OS 11.2.10-h4",
            "PAN-OS 11.2.10-h3",
            "PAN-OS 11.2.10-h2",
            "PAN-OS 11.2.10-h1",
            "PAN-OS 11.2.10",
            "PAN-OS 11.2.9",
            "PAN-OS 11.2.8",
            "PAN-OS 11.2.7-h15",
            "PAN-OS 11.2.7-h14",
            "PAN-OS 11.2.7-h13",
            "PAN-OS 11.2.7-h12",
            "PAN-OS 11.2.7-h11",
            "PAN-OS 11.2.7-h10",
            "PAN-OS 11.2.7-h8",
            "PAN-OS 11.2.7-h7",
            "PAN-OS 11.2.7-h4",
            "PAN-OS 11.2.7-h3",
            "PAN-OS 11.2.7-h2",
            "PAN-OS 11.2.7-h1",
            "PAN-OS 11.2.7",
            "PAN-OS 11.2.6",
            "PAN-OS 11.2.5",
            "PAN-OS 11.2.4-h17",
            "PAN-OS 11.2.4-h15",
            "PAN-OS 11.2.4-h14",
            "PAN-OS 11.2.4-h12",
            "PAN-OS 11.2.4-h11",
            "PAN-OS 11.2.4-h10",
            "PAN-OS 11.2.4-h9",
            "PAN-OS 11.2.4-h8",
            "PAN-OS 11.2.4-h7",
            "PAN-OS 11.2.4-h6",
            "PAN-OS 11.2.4-h5",
            "PAN-OS 11.2.4-h4",
            "PAN-OS 11.2.4-h3",
            "PAN-OS 11.2.4-h2",
            "PAN-OS 11.2.4-h1",
            "PAN-OS 11.2.4",
            "PAN-OS 11.2.3-h5",
            "PAN-OS 11.2.3-h4",
            "PAN-OS 11.2.3-h3",
            "PAN-OS 11.2.3-h2",
            "PAN-OS 11.2.3-h1",
            "PAN-OS 11.2.3",
            "PAN-OS 11.2.2-h2",
            "PAN-OS 11.2.2-h1",
            "PAN-OS 11.2.1-h1",
            "PAN-OS 11.2.1",
            "PAN-OS 11.2.0-h1",
            "PAN-OS 11.2.0",
            "PAN-OS 11.1.15",
            "PAN-OS 11.1.14",
            "PAN-OS 11.1.13-h6",
            "PAN-OS 11.1.13-h5",
            "PAN-OS 11.1.13-h3",
            "PAN-OS 11.1.13-h2",
            "PAN-OS 11.1.13-h1",
            "PAN-OS 11.1.13",
            "PAN-OS 11.1.12",
            "PAN-OS 11.1.11",
            "PAN-OS 11.1.10-h26",
            "PAN-OS 11.1.10-h25",
            "PAN-OS 11.1.10-h21",
            "PAN-OS 11.1.10-h12",
            "PAN-OS 11.1.10-h10",
            "PAN-OS 11.1.10-h9",
            "PAN-OS 11.1.10-h7",
            "PAN-OS 11.1.10-h5",
            "PAN-OS 11.1.10-h4",
            "PAN-OS 11.1.10-h1",
            "PAN-OS 11.1.10",
            "PAN-OS 11.1.9",
            "PAN-OS 11.1.8",
            "PAN-OS 11.1.6-h32",
            "PAN-OS 11.1.6-h29",
            "PAN-OS 11.1.6-h25",
            "PAN-OS 11.1.6-h23",
            "PAN-OS 11.1.6-h22",
            "PAN-OS 11.1.6-h21",
            "PAN-OS 11.1.6-h20",
            "PAN-OS 11.1.6-h19",
            "PAN-OS 11.1.6-h18",
            "PAN-OS 11.1.6-h17",
            "PAN-OS 11.1.6-h14",
            "PAN-OS 11.1.6-h10",
            "PAN-OS 11.1.6-h7",
            "PAN-OS 11.1.6-h6",
            "PAN-OS 11.1.6-h4",
            "PAN-OS 11.1.6-h3",
            "PAN-OS 11.1.6-h2",
            "PAN-OS 11.1.6-h1",
            "PAN-OS 11.1.6",
            "PAN-OS 11.1.5-h1",
            "PAN-OS 11.1.5",
            "PAN-OS 11.1.4-h33",
            "PAN-OS 11.1.4-h32",
            "PAN-OS 11.1.4-h27",
            "PAN-OS 11.1.4-h25",
            "PAN-OS 11.1.4-h18",
            "PAN-OS 11.1.4-h17",
            "PAN-OS 11.1.4-h15",
            "PAN-OS 11.1.4-h13",
            "PAN-OS 11.1.4-h12",
            "PAN-OS 11.1.4-h11",
            "PAN-OS 11.1.4-h10",
            "PAN-OS 11.1.4-h9",
            "PAN-OS 11.1.4-h8",
            "PAN-OS 11.1.4-h7",
            "PAN-OS 11.1.4-h6",
            "PAN-OS 11.1.4-h5",
            "PAN-OS 11.1.4-h4",
            "PAN-OS 11.1.4-h3",
            "PAN-OS 11.1.4-h2",
            "PAN-OS 11.1.4-h1",
            "PAN-OS 11.1.4",
            "PAN-OS 11.1.3-h13",
            "PAN-OS 11.1.3-h12",
            "PAN-OS 11.1.3-h11",
            "PAN-OS 11.1.3-h10",
            "PAN-OS 11.1.3-h9",
            "PAN-OS 11.1.3-h8",
            "PAN-OS 11.1.3-h7",
            "PAN-OS 11.1.3-h6",
            "PAN-OS 11.1.3-h5",
            "PAN-OS 11.1.3-h4",
            "PAN-OS 11.1.3-h3",
            "PAN-OS 11.1.3-h2",
            "PAN-OS 11.1.3-h1",
            "PAN-OS 11.1.3",
            "PAN-OS 11.1.2-h18",
            "PAN-OS 11.1.2-h17",
            "PAN-OS 11.1.2-h16",
            "PAN-OS 11.1.2-h15",
            "PAN-OS 11.1.2-h14",
            "PAN-OS 11.1.2-h13",
            "PAN-OS 11.1.2-h12",
            "PAN-OS 11.1.2-h11",
            "PAN-OS 11.1.2-h10",
            "PAN-OS 11.1.2-h9",
            "PAN-OS 11.1.2-h8",
            "PAN-OS 11.1.2-h7",
            "PAN-OS 11.1.2-h6",
            "PAN-OS 11.1.2-h5",
            "PAN-OS 11.1.2-h4",
            "PAN-OS 11.1.2-h3",
            "PAN-OS 11.1.2-h2",
            "PAN-OS 11.1.2-h1",
            "PAN-OS 11.1.2",
            "PAN-OS 11.1.1-h2",
            "PAN-OS 11.1.1-h1",
            "PAN-OS 11.1.1",
            "PAN-OS 11.1.0-h4",
            "PAN-OS 11.1.0-h3",
            "PAN-OS 11.1.0-h2",
            "PAN-OS 11.1.0-h1",
            "PAN-OS 11.1.0",
            "PAN-OS 10.2.18-h6",
            "PAN-OS 10.2.18-h5",
            "PAN-OS 10.2.18-h1",
            "PAN-OS 10.2.18",
            "PAN-OS 10.2.17",
            "PAN-OS 10.2.16-h7",
            "PAN-OS 10.2.16-h6",
            "PAN-OS 10.2.16-h4",
            "PAN-OS 10.2.16-h1",
            "PAN-OS 10.2.16",
            "PAN-OS 10.2.15",
            "PAN-OS 10.2.14-h1",
            "PAN-OS 10.2.14",
            "PAN-OS 10.2.13-h21",
            "PAN-OS 10.2.13-h18",
            "PAN-OS 10.2.13-h16",
            "PAN-OS 10.2.13-h15",
            "PAN-OS 10.2.13-h10",
            "PAN-OS 10.2.13-h7",
            "PAN-OS 10.2.13-h5",
            "PAN-OS 10.2.13-h4",
            "PAN-OS 10.2.13-h3",
            "PAN-OS 10.2.13-h2",
            "PAN-OS 10.2.13-h1",
            "PAN-OS 10.2.13",
            "PAN-OS 10.2.12-h6",
            "PAN-OS 10.2.12-h5",
            "PAN-OS 10.2.12-h4",
            "PAN-OS 10.2.12-h3",
            "PAN-OS 10.2.12-h2",
            "PAN-OS 10.2.12-h1",
            "PAN-OS 10.2.12",
            "PAN-OS 10.2.11-h13",
            "PAN-OS 10.2.11-h12",
            "PAN-OS 10.2.11-h11",
            "PAN-OS 10.2.11-h10",
            "PAN-OS 10.2.11-h9",
            "PAN-OS 10.2.11-h8",
            "PAN-OS 10.2.11-h7",
            "PAN-OS 10.2.11-h6",
            "PAN-OS 10.2.11-h5",
            "PAN-OS 10.2.11-h4",
            "PAN-OS 10.2.11-h3",
            "PAN-OS 10.2.11-h2",
            "PAN-OS 10.2.11-h1",
            "PAN-OS 10.2.11",
            "PAN-OS 10.2.10-h36",
            "PAN-OS 10.2.10-h31",
            "PAN-OS 10.2.10-h30",
            "PAN-OS 10.2.10-h27",
            "PAN-OS 10.2.10-h26",
            "PAN-OS 10.2.10-h23",
            "PAN-OS 10.2.10-h21",
            "PAN-OS 10.2.10-h18",
            "PAN-OS 10.2.10-h17",
            "PAN-OS 10.2.10-h14",
            "PAN-OS 10.2.10-h13",
            "PAN-OS 10.2.10-h12",
            "PAN-OS 10.2.10-h11",
            "PAN-OS 10.2.10-h10",
            "PAN-OS 10.2.10-h9",
            "PAN-OS 10.2.10-h8",
            "PAN-OS 10.2.10-h7",
            "PAN-OS 10.2.10-h6",
            "PAN-OS 10.2.10-h5",
            "PAN-OS 10.2.10-h4",
            "PAN-OS 10.2.10-h3",
            "PAN-OS 10.2.10-h2",
            "PAN-OS 10.2.10-h1",
            "PAN-OS 10.2.10",
            "PAN-OS 10.2.9-h21",
            "PAN-OS 10.2.9-h20",
            "PAN-OS 10.2.9-h19",
            "PAN-OS 10.2.9-h18",
            "PAN-OS 10.2.9-h17",
            "PAN-OS 10.2.9-h16",
            "PAN-OS 10.2.9-h15",
            "PAN-OS 10.2.9-h14",
            "PAN-OS 10.2.9-h13",
            "PAN-OS 10.2.9-h12",
            "PAN-OS 10.2.9-h11",
            "PAN-OS 10.2.9-h10",
            "PAN-OS 10.2.9-h9",
            "PAN-OS 10.2.9-h8",
            "PAN-OS 10.2.9-h7",
            "PAN-OS 10.2.9-h6",
            "PAN-OS 10.2.9-h5",
            "PAN-OS 10.2.9-h4",
            "PAN-OS 10.2.9-h3",
            "PAN-OS 10.2.9-h2",
            "PAN-OS 10.2.9-h1",
            "PAN-OS 10.2.9",
            "PAN-OS 10.2.8-h21",
            "PAN-OS 10.2.8-h20",
            "PAN-OS 10.2.8-h19",
            "PAN-OS 10.2.8-h18",
            "PAN-OS 10.2.8-h17",
            "PAN-OS 10.2.8-h16",
            "PAN-OS 10.2.8-h15",
            "PAN-OS 10.2.8-h14",
            "PAN-OS 10.2.8-h13",
            "PAN-OS 10.2.8-h12",
            "PAN-OS 10.2.8-h11",
            "PAN-OS 10.2.8-h10",
            "PAN-OS 10.2.8-h9",
            "PAN-OS 10.2.8-h8",
            "PAN-OS 10.2.8-h7",
            "PAN-OS 10.2.8-h6",
            "PAN-OS 10.2.8-h5",
            "PAN-OS 10.2.8-h4",
            "PAN-OS 10.2.8-h3",
            "PAN-OS 10.2.8-h2",
            "PAN-OS 10.2.8-h1",
            "PAN-OS 10.2.8",
            "PAN-OS 10.2.7-h34",
            "PAN-OS 10.2.7-h32",
            "PAN-OS 10.2.7-h24",
            "PAN-OS 10.2.7-h23",
            "PAN-OS 10.2.7-h22",
            "PAN-OS 10.2.7-h21",
            "PAN-OS 10.2.7-h20",
            "PAN-OS 10.2.7-h19",
            "PAN-OS 10.2.7-h18",
            "PAN-OS 10.2.7-h17",
            "PAN-OS 10.2.7-h16",
            "PAN-OS 10.2.7-h15",
            "PAN-OS 10.2.7-h14",
            "PAN-OS 10.2.7-h13",
            "PAN-OS 10.2.7-h12",
            "PAN-OS 10.2.7-h11",
            "PAN-OS 10.2.7-h10",
            "PAN-OS 10.2.7-h9",
            "PAN-OS 10.2.7-h8",
            "PAN-OS 10.2.7-h7",
            "PAN-OS 10.2.7-h6",
            "PAN-OS 10.2.7-h5",
            "PAN-OS 10.2.7-h4",
            "PAN-OS 10.2.7-h3",
            "PAN-OS 10.2.7-h2",
            "PAN-OS 10.2.7-h1",
            "PAN-OS 10.2.7",
            "PAN-OS 10.2.6-h6",
            "PAN-OS 10.2.6-h5",
            "PAN-OS 10.2.6-h4",
            "PAN-OS 10.2.6-h3",
            "PAN-OS 10.2.6-h2",
            "PAN-OS 10.2.6-h1",
            "PAN-OS 10.2.6",
            "PAN-OS 10.2.5-h9",
            "PAN-OS 10.2.5-h8",
            "PAN-OS 10.2.5-h7",
            "PAN-OS 10.2.5-h6",
            "PAN-OS 10.2.5-h5",
            "PAN-OS 10.2.5-h4",
            "PAN-OS 10.2.5-h3",
            "PAN-OS 10.2.5-h2",
            "PAN-OS 10.2.5-h1",
            "PAN-OS 10.2.5",
            "PAN-OS 10.2.4-h32",
            "PAN-OS 10.2.4-h31",
            "PAN-OS 10.2.4-h30",
            "PAN-OS 10.2.4-h29",
            "PAN-OS 10.2.4-h28",
            "PAN-OS 10.2.4-h27",
            "PAN-OS 10.2.4-h26",
            "PAN-OS 10.2.4-h25",
            "PAN-OS 10.2.4-h24",
            "PAN-OS 10.2.4-h23",
            "PAN-OS 10.2.4-h22",
            "PAN-OS 10.2.4-h21",
            "PAN-OS 10.2.4-h20",
            "PAN-OS 10.2.4-h19",
            "PAN-OS 10.2.4-h18",
            "PAN-OS 10.2.4-h17",
            "PAN-OS 10.2.4-h16",
            "PAN-OS 10.2.4-h15",
            "PAN-OS 10.2.4-h14",
            "PAN-OS 10.2.4-h13",
            "PAN-OS 10.2.4-h12",
            "PAN-OS 10.2.4-h11",
            "PAN-OS 10.2.4-h10",
            "PAN-OS 10.2.4-h9",
            "PAN-OS 10.2.4-h8",
            "PAN-OS 10.2.4-h7",
            "PAN-OS 10.2.4-h6",
            "PAN-OS 10.2.4-h5",
            "PAN-OS 10.2.4-h4",
            "PAN-OS 10.2.4-h3",
            "PAN-OS 10.2.4-h2",
            "PAN-OS 10.2.4-h1",
            "PAN-OS 10.2.4",
            "PAN-OS 10.2.3-h14",
            "PAN-OS 10.2.3-h13",
            "PAN-OS 10.2.3-h12",
            "PAN-OS 10.2.3-h11",
            "PAN-OS 10.2.3-h10",
            "PAN-OS 10.2.3-h9",
            "PAN-OS 10.2.3-h8",
            "PAN-OS 10.2.3-h7",
            "PAN-OS 10.2.3-h6",
            "PAN-OS 10.2.3-h5",
            "PAN-OS 10.2.3-h4",
            "PAN-OS 10.2.3-h3",
            "PAN-OS 10.2.3-h2",
            "PAN-OS 10.2.3-h1",
            "PAN-OS 10.2.3",
            "PAN-OS 10.2.2-h6",
            "PAN-OS 10.2.2-h5",
            "PAN-OS 10.2.2-h4",
            "PAN-OS 10.2.2-h3",
            "PAN-OS 10.2.2-h2",
            "PAN-OS 10.2.2-h1",
            "PAN-OS 10.2.2",
            "PAN-OS 10.2.1-h3",
            "PAN-OS 10.2.1-h2",
            "PAN-OS 10.2.1-h1",
            "PAN-OS 10.2.1",
            "PAN-OS 10.2.0-h4",
            "PAN-OS 10.2.0-h3",
            "PAN-OS 10.2.0-h2",
            "PAN-OS 10.2.0-h1",
            "PAN-OS 10.2.0"
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "assignerShortName": "palo_alto",
        "cveId": "CVE-2026-0285",
        "datePublished": "2026-07-09T18:58:14.563Z",
        "dateReserved": "2025-11-03T20:44:43.620Z",
        "dateUpdated": "2026-07-09T19:25:44.255Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0284 (GCVE-0-2026-0284)

    Vulnerability from nvd – Published: 2026-07-09 18:59 – Updated: 2026-07-09 19:25
    VLAI
    Title
    PAN-OS: XML Injection Vulnerability in Large Scale VPN (LSVPN)
    Summary
    An XML injection vulnerability in the Large Scale VPN (LSVPN) functionality of Palo Alto Networks PAN-OS® software enables an unauthenticated attacker with network access to inject malicious XML content, potentially leading to information disclosure or corruption of internal LSVPN satellite data. Panorama, Cloud NGFW, and Prisma® Access are not impacted by this vulnerability.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Palo Alto Networks Cloud NGFW Unaffected: All (custom)
    Create a notification for this product.
    Palo Alto Networks PAN-OS Affected: 12.1.0 , < 12.1.4-h8 (custom)
    Affected: 11.2.0 , < 11.2.4-h20 (custom)
    Affected: 11.1.0 , < 11.1.4-h35 (custom)
    Affected: 10.2.0 , < 10.2.7-h36 (custom)
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.12:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h13:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.15:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.14:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h26:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h25:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h32:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h29:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h25:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h23:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h22:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h20:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h19:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h33:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h32:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h27:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h25:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h13:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h16:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h36:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h31:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h30:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h27:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h26:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h23:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h13:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h34:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h32:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h24:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h23:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h22:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h20:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h19:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h16:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h13:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Palo Alto Networks Prisma Access Unaffected: All (custom)
    Create a notification for this product.
    Date Public
    2026-07-08 16:00
    Credits
    our internal security research teams
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0284",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T19:25:21.473868Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T19:25:27.319Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Cloud NGFW",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h13:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h26:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h25:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h32:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h29:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h25:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h23:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h22:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h20:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h19:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h33:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h32:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h27:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h25:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h13:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h16:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h36:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h31:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h30:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h27:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h26:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h23:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h13:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h34:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h32:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h24:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h23:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h22:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h20:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h19:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h16:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h13:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "PAN-OS",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "12.1.4-h8",
                      "status": "unaffected"
                    },
                    {
                      "at": "12.1.7-h2",
                      "status": "unaffected"
                    },
                    {
                      "at": "12.1.8",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "12.1.4-h8",
                  "status": "affected",
                  "version": "12.1.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "11.2.4-h20",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.2.7-h18",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.2.10-h12",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.2.13",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "11.2.4-h20",
                  "status": "affected",
                  "version": "11.2.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "11.1.4-h35",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.6-h35",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.7-h8",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.10-h30",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.13-h9",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.16",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "11.1.4-h35",
                  "status": "affected",
                  "version": "11.1.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "10.2.7-h36",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.10-h39",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.13-h23",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.16-h9",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.18-h8",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "10.2.7-h36",
                  "status": "affected",
                  "version": "10.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Prisma Access",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "configurations": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "This issue is applicable only to firewalls using Large Scale VPN (LSVPN) with configured satellites.\u003cbr\u003e\u003cbr\u003eTo check if your firewall has LSVPN satellites configured, run the following from the PAN-OS CLI:\u003cbr\u003e\u003ccode\u003eshow config running | match satellite\u003c/code\u003e\u003cbr\u003e\u003cbr\u003eIf output is returned, LSVPN is in use.\u003cbr\u003e\u003cp\u003eYou can also verify in the web interface by navigating to \u003cb\u003eNetwork \u0026gt; GlobalProtect \u0026gt; Portals\u003c/b\u003e, selecting each portal, and checking whether the \u003cb\u003eSatellite\u003c/b\u003e tab contains any \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/ngfw/administration/large-scale-vpn-lsvpn/configure-the-globalprotect-portal-for-lsvpn/define-the-satellite-configurations\"\u003econfigured satellites\u003c/a\u003e.\u003c/p\u003e"
                }
              ],
              "value": "This issue is applicable only to firewalls using Large Scale VPN (LSVPN) with configured satellites.\n\nTo check if your firewall has LSVPN satellites configured, run the following from the PAN-OS CLI:\nshow config running | match satellite\n\nIf output is returned, LSVPN is in use.\n\n\nYou can also verify in the web interface by navigating to Network \u003e GlobalProtect \u003e Portals, selecting each portal, and checking whether the Satellite tab contains any  configured satellites https://docs.paloaltonetworks.com/ngfw/administration/large-scale-vpn-lsvpn/configure-the-globalprotect-portal-for-lsvpn/define-the-satellite-configurations ."
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "12.1.4-h8",
                      "versionStartIncluding": "12.1.4",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "12.1.7-h2",
                      "versionStartIncluding": "12.1.7",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "12.1.8",
                      "versionStartIncluding": "12.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.2.4-h20",
                      "versionStartIncluding": "11.2.4",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.2.7-h18",
                      "versionStartIncluding": "11.2.7",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.2.10-h12",
                      "versionStartIncluding": "11.2.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.2.13",
                      "versionStartIncluding": "11.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.4-h35",
                      "versionStartIncluding": "11.1.4",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.6-h35",
                      "versionStartIncluding": "11.1.6",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.7-h8",
                      "versionStartIncluding": "11.1.7",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.10-h30",
                      "versionStartIncluding": "11.1.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.13-h9",
                      "versionStartIncluding": "11.1.13",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.16",
                      "versionStartIncluding": "11.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.7-h36",
                      "versionStartIncluding": "10.2.7",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.10-h39",
                      "versionStartIncluding": "10.2.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.13-h23",
                      "versionStartIncluding": "10.2.13",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.16-h9",
                      "versionStartIncluding": "10.2.16",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.18-h8",
                      "versionStartIncluding": "10.2.18",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "our internal security research teams"
            }
          ],
          "datePublic": "2026-07-08T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An XML injection vulnerability in the Large Scale VPN (LSVPN) functionality of Palo Alto Networks PAN-OS\u00ae software enables an unauthenticated attacker with network access to inject malicious XML content, potentially leading to information disclosure or corruption of internal LSVPN satellite data.\u003cbr\u003e\u003cbr\u003ePanorama, Cloud NGFW, and Prisma\u00ae Access are not impacted by this vulnerability."
                }
              ],
              "value": "An XML injection vulnerability in the Large Scale VPN (LSVPN) functionality of Palo Alto Networks PAN-OS\u00ae software enables an unauthenticated attacker with network access to inject malicious XML content, potentially leading to information disclosure or corruption of internal LSVPN satellite data.\n\nPanorama, Cloud NGFW, and Prisma\u00ae Access are not impacted by this vulnerability."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
                }
              ],
              "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-250",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-250 XML Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NO",
                "Recovery": "AUTOMATIC",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "UNREPORTED",
                "privilegesRequired": "NONE",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "LOW",
                "userInteraction": "NONE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:H/SI:L/SA:L/E:U/AU:N/R:A/V:D/RE:M/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T18:59:57.586Z",
            "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
            "shortName": "palo_alto"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.paloaltonetworks.com/CVE-2026-0284"
            }
          ],
          "solutions": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003ctable\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eVersion\u003c/th\u003e\u003cth\u003eMinor Version Range\u003c/th\u003e\u003cth\u003eSuggested Solution\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eCloud NGFW\u003c/td\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 12.1\u003c/td\u003e\u003ctd\u003e12.1.5 through 12.1.7-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 12.1.7-h2 or 12.1.8 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e12.1.2 through 12.1.4-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 12.1.4-h8 or 12.1.8 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 11.2\u003c/td\u003e\u003ctd\u003e11.2.11 through 11.2.12\u003c/td\u003e\u003ctd\u003eUpgrade to 11.2.13 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.2.8 through 11.2.10-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.2.10-h12 or 11.2.13 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.2.5 through 11.2.7-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.2.7-h18 or 11.2.13 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.2.0 through 11.2.4-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.2.4-h20 or 11.2.13 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 11.1\u003c/td\u003e\u003ctd\u003e11.1.14 through 11.1.15\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.16 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.1.11 through 11.1.13-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.13-h9 or 11.1.16 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.1.8 through 11.1.10-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.10-h30 or 11.1.16 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.1.7 through 11.1.7-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.7-h8 or 11.1.16 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.1.5 through 11.1.6-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.6-h35 or 11.1.16 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.1.0 through 11.1.4-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.4-h35 or 11.1.16 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 10.2\u003c/td\u003e\u003ctd\u003e10.2.17 through 10.2.18-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 10.2.18-h8 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e10.2.14 through 10.2.16-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 10.2.16-h9 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e10.2.11 through 10.2.13-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 10.2.13-h23 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e10.2.8 through 10.2.10-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 10.2.10-h39 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e10.2.0 through 10.2.7-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 10.2.7-h36 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eAll other older\u003cbr\u003eunsupported\u003cbr\u003ePAN-OS versions\u003c/td\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003eUpgrade to a supported fixed version.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePrisma Access\u003c/td\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e"
                }
              ],
              "value": "VersionMinor Version RangeSuggested SolutionCloud NGFW\nNo action needed.PAN-OS 12.112.1.5 through 12.1.7-h*Upgrade to 12.1.7-h2 or 12.1.8 or later.\n12.1.2 through 12.1.4-h*Upgrade to 12.1.4-h8 or 12.1.8 or later.PAN-OS 11.211.2.11 through 11.2.12Upgrade to 11.2.13 or later.\n11.2.8 through 11.2.10-h*Upgrade to 11.2.10-h12 or 11.2.13 or later.\n11.2.5 through 11.2.7-h*Upgrade to 11.2.7-h18 or 11.2.13 or later.\n11.2.0 through 11.2.4-h*Upgrade to 11.2.4-h20 or 11.2.13 or later.PAN-OS 11.111.1.14 through 11.1.15Upgrade to 11.1.16 or later.\n11.1.11 through 11.1.13-h*Upgrade to 11.1.13-h9 or 11.1.16 or later.\n11.1.8 through 11.1.10-h*Upgrade to 11.1.10-h30 or 11.1.16 or later.\n11.1.7 through 11.1.7-h*Upgrade to 11.1.7-h8 or 11.1.16 or later.\n11.1.5 through 11.1.6-h*Upgrade to 11.1.6-h35 or 11.1.16 or later.\n11.1.0 through 11.1.4-h*Upgrade to 11.1.4-h35 or 11.1.16 or later.PAN-OS 10.210.2.17 through 10.2.18-h*Upgrade to 10.2.18-h8 or later.\n10.2.14 through 10.2.16-h*Upgrade to 10.2.16-h9 or later.\n10.2.11 through 10.2.13-h*Upgrade to 10.2.13-h23 or later.\n10.2.8 through 10.2.10-h*Upgrade to 10.2.10-h39 or later.\n10.2.0 through 10.2.7-h*Upgrade to 10.2.7-h36 or later.All other older\nunsupported\nPAN-OS versions\nUpgrade to a supported fixed version.Prisma Access\nNo action needed."
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-08T16:00:00.000Z",
              "value": "Initial publication"
            }
          ],
          "title": "PAN-OS: XML Injection Vulnerability in Large Scale VPN (LSVPN)",
          "workarounds": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "No known workarounds exist for this issue.\u003cbr\u003e\u003cbr\u003eCustomers with a Threat Prevention subscription are provided with limited coverage against this vulnerability by enabling Threat ID 510031 (from Applications and Threats content version\u0026nbsp;9122-10145 and later).\u003cbr\u003e\u003cp\u003eTo ensure the Threat ID provides effective protection against this vulnerability, ensure that \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/globalprotect-articles/applying-vulnerability-protection-to-globalprotect-interfaces/ta-p/340184\"\u003evulnerability protection security profile is applied to your GlobalProtect interface\u003c/a\u003e.\u003c/p\u003e"
                }
              ],
              "value": "No known workarounds exist for this issue.\n\nCustomers with a Threat Prevention subscription are provided with limited coverage against this vulnerability by enabling Threat ID 510031 (from Applications and Threats content version\u00a09122-10145 and later).\n\n\nTo ensure the Threat ID provides effective protection against this vulnerability, ensure that  vulnerability protection security profile is applied to your GlobalProtect interface https://live.paloaltonetworks.com/t5/globalprotect-articles/applying-vulnerability-protection-to-globalprotect-interfaces/ta-p/340184 ."
            }
          ],
          "x_affectedList": [
            "PAN-OS 12.1.7",
            "PAN-OS 12.1.6",
            "PAN-OS 12.1.5",
            "PAN-OS 12.1.4-h6",
            "PAN-OS 12.1.4-h5",
            "PAN-OS 12.1.4-h3",
            "PAN-OS 12.1.4-h2",
            "PAN-OS 12.1.4",
            "PAN-OS 12.1.3-h3",
            "PAN-OS 12.1.3-h1",
            "PAN-OS 12.1.3",
            "PAN-OS 12.1.2",
            "PAN-OS 11.2.12",
            "PAN-OS 11.2.11",
            "PAN-OS 11.2.10-h8",
            "PAN-OS 11.2.10-h7",
            "PAN-OS 11.2.10-h6",
            "PAN-OS 11.2.10-h5",
            "PAN-OS 11.2.10-h4",
            "PAN-OS 11.2.10-h3",
            "PAN-OS 11.2.10-h2",
            "PAN-OS 11.2.10-h1",
            "PAN-OS 11.2.10",
            "PAN-OS 11.2.9",
            "PAN-OS 11.2.8",
            "PAN-OS 11.2.7-h15",
            "PAN-OS 11.2.7-h14",
            "PAN-OS 11.2.7-h13",
            "PAN-OS 11.2.7-h12",
            "PAN-OS 11.2.7-h11",
            "PAN-OS 11.2.7-h10",
            "PAN-OS 11.2.7-h8",
            "PAN-OS 11.2.7-h7",
            "PAN-OS 11.2.7-h4",
            "PAN-OS 11.2.7-h3",
            "PAN-OS 11.2.7-h2",
            "PAN-OS 11.2.7-h1",
            "PAN-OS 11.2.7",
            "PAN-OS 11.2.6",
            "PAN-OS 11.2.5",
            "PAN-OS 11.2.4-h17",
            "PAN-OS 11.2.4-h15",
            "PAN-OS 11.2.4-h14",
            "PAN-OS 11.2.4-h12",
            "PAN-OS 11.2.4-h11",
            "PAN-OS 11.2.4-h10",
            "PAN-OS 11.2.4-h9",
            "PAN-OS 11.2.4-h8",
            "PAN-OS 11.2.4-h7",
            "PAN-OS 11.2.4-h6",
            "PAN-OS 11.2.4-h5",
            "PAN-OS 11.2.4-h4",
            "PAN-OS 11.2.4-h3",
            "PAN-OS 11.2.4-h2",
            "PAN-OS 11.2.4-h1",
            "PAN-OS 11.2.4",
            "PAN-OS 11.2.3-h5",
            "PAN-OS 11.2.3-h4",
            "PAN-OS 11.2.3-h3",
            "PAN-OS 11.2.3-h2",
            "PAN-OS 11.2.3-h1",
            "PAN-OS 11.2.3",
            "PAN-OS 11.2.2-h2",
            "PAN-OS 11.2.2-h1",
            "PAN-OS 11.2.1-h1",
            "PAN-OS 11.2.1",
            "PAN-OS 11.2.0-h1",
            "PAN-OS 11.2.0",
            "PAN-OS 11.1.15",
            "PAN-OS 11.1.14",
            "PAN-OS 11.1.13-h6",
            "PAN-OS 11.1.13-h5",
            "PAN-OS 11.1.13-h3",
            "PAN-OS 11.1.13-h2",
            "PAN-OS 11.1.13-h1",
            "PAN-OS 11.1.13",
            "PAN-OS 11.1.12",
            "PAN-OS 11.1.11",
            "PAN-OS 11.1.10-h26",
            "PAN-OS 11.1.10-h25",
            "PAN-OS 11.1.10-h21",
            "PAN-OS 11.1.10-h12",
            "PAN-OS 11.1.10-h10",
            "PAN-OS 11.1.10-h9",
            "PAN-OS 11.1.10-h7",
            "PAN-OS 11.1.10-h5",
            "PAN-OS 11.1.10-h4",
            "PAN-OS 11.1.10-h1",
            "PAN-OS 11.1.10",
            "PAN-OS 11.1.9",
            "PAN-OS 11.1.8",
            "PAN-OS 11.1.6-h32",
            "PAN-OS 11.1.6-h29",
            "PAN-OS 11.1.6-h25",
            "PAN-OS 11.1.6-h23",
            "PAN-OS 11.1.6-h22",
            "PAN-OS 11.1.6-h21",
            "PAN-OS 11.1.6-h20",
            "PAN-OS 11.1.6-h19",
            "PAN-OS 11.1.6-h18",
            "PAN-OS 11.1.6-h17",
            "PAN-OS 11.1.6-h14",
            "PAN-OS 11.1.6-h10",
            "PAN-OS 11.1.6-h7",
            "PAN-OS 11.1.6-h6",
            "PAN-OS 11.1.6-h4",
            "PAN-OS 11.1.6-h3",
            "PAN-OS 11.1.6-h2",
            "PAN-OS 11.1.6-h1",
            "PAN-OS 11.1.6",
            "PAN-OS 11.1.5-h1",
            "PAN-OS 11.1.5",
            "PAN-OS 11.1.4-h33",
            "PAN-OS 11.1.4-h32",
            "PAN-OS 11.1.4-h27",
            "PAN-OS 11.1.4-h25",
            "PAN-OS 11.1.4-h18",
            "PAN-OS 11.1.4-h17",
            "PAN-OS 11.1.4-h15",
            "PAN-OS 11.1.4-h13",
            "PAN-OS 11.1.4-h12",
            "PAN-OS 11.1.4-h11",
            "PAN-OS 11.1.4-h10",
            "PAN-OS 11.1.4-h9",
            "PAN-OS 11.1.4-h8",
            "PAN-OS 11.1.4-h7",
            "PAN-OS 11.1.4-h6",
            "PAN-OS 11.1.4-h5",
            "PAN-OS 11.1.4-h4",
            "PAN-OS 11.1.4-h3",
            "PAN-OS 11.1.4-h2",
            "PAN-OS 11.1.4-h1",
            "PAN-OS 11.1.4",
            "PAN-OS 11.1.3-h13",
            "PAN-OS 11.1.3-h12",
            "PAN-OS 11.1.3-h11",
            "PAN-OS 11.1.3-h10",
            "PAN-OS 11.1.3-h9",
            "PAN-OS 11.1.3-h8",
            "PAN-OS 11.1.3-h7",
            "PAN-OS 11.1.3-h6",
            "PAN-OS 11.1.3-h5",
            "PAN-OS 11.1.3-h4",
            "PAN-OS 11.1.3-h3",
            "PAN-OS 11.1.3-h2",
            "PAN-OS 11.1.3-h1",
            "PAN-OS 11.1.3",
            "PAN-OS 11.1.2-h18",
            "PAN-OS 11.1.2-h17",
            "PAN-OS 11.1.2-h16",
            "PAN-OS 11.1.2-h15",
            "PAN-OS 11.1.2-h14",
            "PAN-OS 11.1.2-h13",
            "PAN-OS 11.1.2-h12",
            "PAN-OS 11.1.2-h11",
            "PAN-OS 11.1.2-h10",
            "PAN-OS 11.1.2-h9",
            "PAN-OS 11.1.2-h8",
            "PAN-OS 11.1.2-h7",
            "PAN-OS 11.1.2-h6",
            "PAN-OS 11.1.2-h5",
            "PAN-OS 11.1.2-h4",
            "PAN-OS 11.1.2-h3",
            "PAN-OS 11.1.2-h2",
            "PAN-OS 11.1.2-h1",
            "PAN-OS 11.1.2",
            "PAN-OS 11.1.1-h2",
            "PAN-OS 11.1.1-h1",
            "PAN-OS 11.1.1",
            "PAN-OS 11.1.0-h4",
            "PAN-OS 11.1.0-h3",
            "PAN-OS 11.1.0-h2",
            "PAN-OS 11.1.0-h1",
            "PAN-OS 11.1.0",
            "PAN-OS 10.2.18-h6",
            "PAN-OS 10.2.18-h5",
            "PAN-OS 10.2.18-h1",
            "PAN-OS 10.2.18",
            "PAN-OS 10.2.17",
            "PAN-OS 10.2.16-h7",
            "PAN-OS 10.2.16-h6",
            "PAN-OS 10.2.16-h4",
            "PAN-OS 10.2.16-h1",
            "PAN-OS 10.2.16",
            "PAN-OS 10.2.15",
            "PAN-OS 10.2.14-h1",
            "PAN-OS 10.2.14",
            "PAN-OS 10.2.13-h21",
            "PAN-OS 10.2.13-h18",
            "PAN-OS 10.2.13-h16",
            "PAN-OS 10.2.13-h15",
            "PAN-OS 10.2.13-h10",
            "PAN-OS 10.2.13-h7",
            "PAN-OS 10.2.13-h5",
            "PAN-OS 10.2.13-h4",
            "PAN-OS 10.2.13-h3",
            "PAN-OS 10.2.13-h2",
            "PAN-OS 10.2.13-h1",
            "PAN-OS 10.2.13",
            "PAN-OS 10.2.12-h6",
            "PAN-OS 10.2.12-h5",
            "PAN-OS 10.2.12-h4",
            "PAN-OS 10.2.12-h3",
            "PAN-OS 10.2.12-h2",
            "PAN-OS 10.2.12-h1",
            "PAN-OS 10.2.12",
            "PAN-OS 10.2.11-h13",
            "PAN-OS 10.2.11-h12",
            "PAN-OS 10.2.11-h11",
            "PAN-OS 10.2.11-h10",
            "PAN-OS 10.2.11-h9",
            "PAN-OS 10.2.11-h8",
            "PAN-OS 10.2.11-h7",
            "PAN-OS 10.2.11-h6",
            "PAN-OS 10.2.11-h5",
            "PAN-OS 10.2.11-h4",
            "PAN-OS 10.2.11-h3",
            "PAN-OS 10.2.11-h2",
            "PAN-OS 10.2.11-h1",
            "PAN-OS 10.2.11",
            "PAN-OS 10.2.10-h36",
            "PAN-OS 10.2.10-h31",
            "PAN-OS 10.2.10-h30",
            "PAN-OS 10.2.10-h27",
            "PAN-OS 10.2.10-h26",
            "PAN-OS 10.2.10-h23",
            "PAN-OS 10.2.10-h21",
            "PAN-OS 10.2.10-h18",
            "PAN-OS 10.2.10-h17",
            "PAN-OS 10.2.10-h14",
            "PAN-OS 10.2.10-h13",
            "PAN-OS 10.2.10-h12",
            "PAN-OS 10.2.10-h11",
            "PAN-OS 10.2.10-h10",
            "PAN-OS 10.2.10-h9",
            "PAN-OS 10.2.10-h8",
            "PAN-OS 10.2.10-h7",
            "PAN-OS 10.2.10-h6",
            "PAN-OS 10.2.10-h5",
            "PAN-OS 10.2.10-h4",
            "PAN-OS 10.2.10-h3",
            "PAN-OS 10.2.10-h2",
            "PAN-OS 10.2.10-h1",
            "PAN-OS 10.2.10",
            "PAN-OS 10.2.9-h21",
            "PAN-OS 10.2.9-h20",
            "PAN-OS 10.2.9-h19",
            "PAN-OS 10.2.9-h18",
            "PAN-OS 10.2.9-h17",
            "PAN-OS 10.2.9-h16",
            "PAN-OS 10.2.9-h15",
            "PAN-OS 10.2.9-h14",
            "PAN-OS 10.2.9-h13",
            "PAN-OS 10.2.9-h12",
            "PAN-OS 10.2.9-h11",
            "PAN-OS 10.2.9-h10",
            "PAN-OS 10.2.9-h9",
            "PAN-OS 10.2.9-h8",
            "PAN-OS 10.2.9-h7",
            "PAN-OS 10.2.9-h6",
            "PAN-OS 10.2.9-h5",
            "PAN-OS 10.2.9-h4",
            "PAN-OS 10.2.9-h3",
            "PAN-OS 10.2.9-h2",
            "PAN-OS 10.2.9-h1",
            "PAN-OS 10.2.9",
            "PAN-OS 10.2.8-h21",
            "PAN-OS 10.2.8-h20",
            "PAN-OS 10.2.8-h19",
            "PAN-OS 10.2.8-h18",
            "PAN-OS 10.2.8-h17",
            "PAN-OS 10.2.8-h16",
            "PAN-OS 10.2.8-h15",
            "PAN-OS 10.2.8-h14",
            "PAN-OS 10.2.8-h13",
            "PAN-OS 10.2.8-h12",
            "PAN-OS 10.2.8-h11",
            "PAN-OS 10.2.8-h10",
            "PAN-OS 10.2.8-h9",
            "PAN-OS 10.2.8-h8",
            "PAN-OS 10.2.8-h7",
            "PAN-OS 10.2.8-h6",
            "PAN-OS 10.2.8-h5",
            "PAN-OS 10.2.8-h4",
            "PAN-OS 10.2.8-h3",
            "PAN-OS 10.2.8-h2",
            "PAN-OS 10.2.8-h1",
            "PAN-OS 10.2.8",
            "PAN-OS 10.2.7-h34",
            "PAN-OS 10.2.7-h32",
            "PAN-OS 10.2.7-h24",
            "PAN-OS 10.2.7-h23",
            "PAN-OS 10.2.7-h22",
            "PAN-OS 10.2.7-h21",
            "PAN-OS 10.2.7-h20",
            "PAN-OS 10.2.7-h19",
            "PAN-OS 10.2.7-h18",
            "PAN-OS 10.2.7-h17",
            "PAN-OS 10.2.7-h16",
            "PAN-OS 10.2.7-h15",
            "PAN-OS 10.2.7-h14",
            "PAN-OS 10.2.7-h13",
            "PAN-OS 10.2.7-h12",
            "PAN-OS 10.2.7-h11",
            "PAN-OS 10.2.7-h10",
            "PAN-OS 10.2.7-h9",
            "PAN-OS 10.2.7-h8",
            "PAN-OS 10.2.7-h7",
            "PAN-OS 10.2.7-h6",
            "PAN-OS 10.2.7-h5",
            "PAN-OS 10.2.7-h4",
            "PAN-OS 10.2.7-h3",
            "PAN-OS 10.2.7-h2",
            "PAN-OS 10.2.7-h1",
            "PAN-OS 10.2.7",
            "PAN-OS 10.2.6-h6",
            "PAN-OS 10.2.6-h5",
            "PAN-OS 10.2.6-h4",
            "PAN-OS 10.2.6-h3",
            "PAN-OS 10.2.6-h2",
            "PAN-OS 10.2.6-h1",
            "PAN-OS 10.2.6",
            "PAN-OS 10.2.5-h9",
            "PAN-OS 10.2.5-h8",
            "PAN-OS 10.2.5-h7",
            "PAN-OS 10.2.5-h6",
            "PAN-OS 10.2.5-h5",
            "PAN-OS 10.2.5-h4",
            "PAN-OS 10.2.5-h3",
            "PAN-OS 10.2.5-h2",
            "PAN-OS 10.2.5-h1",
            "PAN-OS 10.2.5",
            "PAN-OS 10.2.4-h32",
            "PAN-OS 10.2.4-h31",
            "PAN-OS 10.2.4-h30",
            "PAN-OS 10.2.4-h29",
            "PAN-OS 10.2.4-h28",
            "PAN-OS 10.2.4-h27",
            "PAN-OS 10.2.4-h26",
            "PAN-OS 10.2.4-h25",
            "PAN-OS 10.2.4-h24",
            "PAN-OS 10.2.4-h23",
            "PAN-OS 10.2.4-h22",
            "PAN-OS 10.2.4-h21",
            "PAN-OS 10.2.4-h20",
            "PAN-OS 10.2.4-h19",
            "PAN-OS 10.2.4-h18",
            "PAN-OS 10.2.4-h17",
            "PAN-OS 10.2.4-h16",
            "PAN-OS 10.2.4-h15",
            "PAN-OS 10.2.4-h14",
            "PAN-OS 10.2.4-h13",
            "PAN-OS 10.2.4-h12",
            "PAN-OS 10.2.4-h11",
            "PAN-OS 10.2.4-h10",
            "PAN-OS 10.2.4-h9",
            "PAN-OS 10.2.4-h8",
            "PAN-OS 10.2.4-h7",
            "PAN-OS 10.2.4-h6",
            "PAN-OS 10.2.4-h5",
            "PAN-OS 10.2.4-h4",
            "PAN-OS 10.2.4-h3",
            "PAN-OS 10.2.4-h2",
            "PAN-OS 10.2.4-h1",
            "PAN-OS 10.2.4",
            "PAN-OS 10.2.3-h14",
            "PAN-OS 10.2.3-h13",
            "PAN-OS 10.2.3-h12",
            "PAN-OS 10.2.3-h11",
            "PAN-OS 10.2.3-h10",
            "PAN-OS 10.2.3-h9",
            "PAN-OS 10.2.3-h8",
            "PAN-OS 10.2.3-h7",
            "PAN-OS 10.2.3-h6",
            "PAN-OS 10.2.3-h5",
            "PAN-OS 10.2.3-h4",
            "PAN-OS 10.2.3-h3",
            "PAN-OS 10.2.3-h2",
            "PAN-OS 10.2.3-h1",
            "PAN-OS 10.2.3",
            "PAN-OS 10.2.2-h6",
            "PAN-OS 10.2.2-h5",
            "PAN-OS 10.2.2-h4",
            "PAN-OS 10.2.2-h3",
            "PAN-OS 10.2.2-h2",
            "PAN-OS 10.2.2-h1",
            "PAN-OS 10.2.2",
            "PAN-OS 10.2.1-h3",
            "PAN-OS 10.2.1-h2",
            "PAN-OS 10.2.1-h1",
            "PAN-OS 10.2.1",
            "PAN-OS 10.2.0-h4",
            "PAN-OS 10.2.0-h3",
            "PAN-OS 10.2.0-h2",
            "PAN-OS 10.2.0-h1",
            "PAN-OS 10.2.0"
          ],
          "x_faq": [
            {
              "answer": "Limited coverage in Threat Prevention means that while known attack patterns can be identified using the current Threat ID, variations may exist that cannot currently be detected. If this CVE and Required Configuration for Exposure impact your environment, we recommend upgrading to an unaffected version.",
              "question": "Why do Threat Prevention signatures provide limited coverage?"
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "assignerShortName": "palo_alto",
        "cveId": "CVE-2026-0284",
        "datePublished": "2026-07-09T18:59:57.586Z",
        "dateReserved": "2025-11-03T20:44:42.748Z",
        "dateUpdated": "2026-07-09T19:25:27.319Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0283 (GCVE-0-2026-0283)

    Vulnerability from nvd – Published: 2026-07-09 19:01 – Updated: 2026-07-09 19:25
    VLAI
    Title
    PAN-OS: Authentication Bypass Vulnerability in Large Scale VPN (LSVPN)
    Summary
    An authentication bypass vulnerability in Large Scale VPN ( LSVPN) functionality of Palo Alto Networks PAN-OS software allows an attacker with network access to bypass security restrictions and establish an unauthorized site-to-site VPN connection. Panorama, Cloud NGFW, and Prisma® Access are not impacted by this vulnerability.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    References
    Impacted products
    Vendor Product Version
    Palo Alto Networks Cloud NGFW Unaffected: All (custom)
    Create a notification for this product.
    Palo Alto Networks PAN-OS Affected: 12.1.0 , < 12.1.8 (custom)
    Affected: 11.2.0 , < 11.2.13 (custom)
    Affected: 11.1.0 , < 11.1.16 (custom)
    Affected: 10.2.0 , < 10.2.18-h8 (custom)
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.12:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h16:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h13:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.15:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.14:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h28:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h27:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h26:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h25:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h34:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h33:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h32:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h29:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h25:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h23:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h22:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h20:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h19:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h34:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h33:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h32:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h27:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h25:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h13:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h22:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h16:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h37:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h36:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h31:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h30:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h27:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h26:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h23:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h13:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h35:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h34:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h32:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h24:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h23:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h22:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h20:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h19:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h16:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h13:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Palo Alto Networks Prisma Access Unaffected: All (custom)
    Create a notification for this product.
    Date Public
    2026-07-08 16:00
    Credits
    Vaibhav Nagar (internal reporter) and our internal security research teams
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0283",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T19:24:57.850143Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T19:25:07.889Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Cloud NGFW",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h16:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h13:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h28:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h27:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h26:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h25:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h34:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h33:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h32:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h29:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h25:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h23:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h22:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h20:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h19:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h34:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h33:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h32:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h27:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h25:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h13:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h22:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h16:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h37:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h36:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h31:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h30:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h27:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h26:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h23:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h13:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h35:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h34:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h32:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h24:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h23:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h22:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h20:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h19:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h16:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h13:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "PAN-OS",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "12.1.8",
                      "status": "unaffected"
                    },
                    {
                      "at": "12.1.7-h2",
                      "status": "unaffected"
                    },
                    {
                      "at": "12.1.4-h8",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "12.1.8",
                  "status": "affected",
                  "version": "12.1.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "11.2.13",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.2.10-h12",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.2.7-h18",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.2.4-h20",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "11.2.13",
                  "status": "affected",
                  "version": "11.2.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "11.1.16",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.13-h9",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.10-h30",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.7-h8",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.6-h35",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.4-h35",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "11.1.16",
                  "status": "affected",
                  "version": "11.1.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "10.2.18-h8",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.16-h9",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.13-h23",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.10-h39",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.7-h36",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "10.2.18-h8",
                  "status": "affected",
                  "version": "10.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Prisma Access",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "configurations": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eThis issue is applicable only to firewalls using Large Scale VPN (LSVPN) with configured satellites.\u003cbr\u003e\u003c/p\u003e\u003cp\u003eTo check if your firewall has LSVPN satellites configured, run the following from the PAN-OS CLI:\u003cbr\u003e\u003c/p\u003eshow config running | match satellite\u003cp\u003eIf output is returned, LSVPN is in use.\u003c/p\u003e\u003cp\u003eYou can also verify in the web interface by navigating to\u0026nbsp;\u003cb\u003eNetwork\u003c/b\u003e\u003cb\u003e \u0026gt; \u003c/b\u003e\u003cb\u003eGlobalProtect\u003c/b\u003e\u003cb\u003e \u0026gt; \u003c/b\u003e\u003cb\u003ePortals\u003c/b\u003e, selecting each portal, and checking whether the Satellite tab contains any\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/ngfw/administration/large-scale-vpn-lsvpn/configure-the-globalprotect-portal-for-lsvpn/define-the-satellite-configurations\"\u003econfigured satellites\u003c/a\u003e.\u003c/p\u003e"
                }
              ],
              "value": "This issue is applicable only to firewalls using Large Scale VPN (LSVPN) with configured satellites.\n\n\n\n\nTo check if your firewall has LSVPN satellites configured, run the following from the PAN-OS CLI:\n\n\nshow config running | match satellite\n\nIf output is returned, LSVPN is in use.\n\n\n\nYou can also verify in the web interface by navigating to\u00a0Network \u003e GlobalProtect \u003e Portals, selecting each portal, and checking whether the Satellite tab contains any\u00a0 configured satellites https://docs.paloaltonetworks.com/ngfw/administration/large-scale-vpn-lsvpn/configure-the-globalprotect-portal-for-lsvpn/define-the-satellite-configurations ."
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "12.1.8",
                      "versionStartIncluding": "12.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "12.1.7-h2",
                      "versionStartIncluding": "12.1.7",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "12.1.4-h8",
                      "versionStartIncluding": "12.1.4",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.2.13",
                      "versionStartIncluding": "11.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.2.10-h12",
                      "versionStartIncluding": "11.2.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.2.7-h18",
                      "versionStartIncluding": "11.2.7",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.2.4-h20",
                      "versionStartIncluding": "11.2.4",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.16",
                      "versionStartIncluding": "11.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.13-h9",
                      "versionStartIncluding": "11.1.13",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.10-h30",
                      "versionStartIncluding": "11.1.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.7-h8",
                      "versionStartIncluding": "11.1.7",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.6-h35",
                      "versionStartIncluding": "11.1.6",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.4-h35",
                      "versionStartIncluding": "11.1.4",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.18-h8",
                      "versionStartIncluding": "10.2.18",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.16-h9",
                      "versionStartIncluding": "10.2.16",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.13-h23",
                      "versionStartIncluding": "10.2.13",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.10-h39",
                      "versionStartIncluding": "10.2.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.7-h36",
                      "versionStartIncluding": "10.2.7",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Vaibhav Nagar (internal reporter)  and our internal security research teams"
            }
          ],
          "datePublic": "2026-07-08T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An authentication bypass vulnerability in Large Scale VPN ( LSVPN) functionality of Palo Alto Networks PAN-OS software allows an attacker with network access to bypass security restrictions and establish an unauthorized site-to-site VPN connection.\u003cbr\u003e\u003cbr\u003ePanorama, Cloud NGFW, and Prisma\u00ae Access are not impacted by this vulnerability."
                }
              ],
              "value": "An authentication bypass vulnerability in Large Scale VPN ( LSVPN) functionality of Palo Alto Networks PAN-OS software allows an attacker with network access to bypass security restrictions and establish an unauthorized site-to-site VPN connection.\n\nPanorama, Cloud NGFW, and Prisma\u00ae Access are not impacted by this vulnerability."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
                }
              ],
              "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-115",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-115 Authentication Bypass"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NO",
                "Recovery": "USER",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 4.5,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "UNREPORTED",
                "privilegesRequired": "NONE",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "LOW",
                "userInteraction": "NONE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:H/SI:L/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "The risk is highest when you allow access to the management interface from external IP addresses on the internet."
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306 Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T19:01:34.210Z",
            "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
            "shortName": "palo_alto"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.paloaltonetworks.com/CVE-2026-0283"
            }
          ],
          "solutions": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003ctable\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eVersion\u003cbr\u003e\u003c/th\u003e\u003cth\u003eMinor Version\u003cbr\u003e\u003c/th\u003e\u003cth\u003eSuggested Solution\u003cbr\u003e\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eCloud NGFW All\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003ePAN-OS 12.1\u003cbr\u003e\u003c/td\u003e\n                                \u003ctd\u003e12.1.5 through 12.1.7-h*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 12.1.7-h2 or 12.1.8 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e12.1.2 through 12.1.4-h*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 12.1.4-h8 or 12.1.8 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003ePAN-OS 11.2\u003cbr\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.2.11 through 11.2.12\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.2.13 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.2.8 through 11.2.10-h*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.2.10-h12 or 11.2.13 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.2.5 through 11.2.7-h*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.2.7-h18 or 11.2.13 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.2.0 through 11.2.4-h*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.2.4-h20 or 11.2.13 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003ePAN-OS 11.1\u003cbr\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.1.14 through 11.1.15\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.1.16 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.1.11 through 11.1.13-h*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.1.13-h9 or 11.1.16 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.1.8 through 11.1.10-h*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.1.10-h30 or 11.1.16 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.1.7 through 11.1.7-h*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.1.7-h8 or 11.1.16 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.1.5 through 11.1.6-h*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.1.6-h35 or 11.1.16 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.1.0 through 11.1.4-h*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.1.4-h35 or 11.1.16 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003ePAN-OS 10.2\u003cbr\u003e\u003c/td\u003e\n                                \u003ctd\u003e10.2.17 through 10.2.18-h*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 10.2.18-h8 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e10.2.14 through 10.2.16-h*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 10.2.16-h9 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e10.2.11 through 10.2.13-h*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 10.2.13-h23 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e10.2.8 through 10.2.10-h*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 10.2.10-h39 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e10.2.0 through 10.2.7-h*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 10.2.7-h36 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eAll older\u003cbr\u003eunsupported\u003cbr\u003ePAN-OS versions\u003c/td\u003e\u003ctd\u003e\u0026nbsp;\u003c/td\u003e\u003ctd\u003eUpgrade to a supported fixed version.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePrisma Access All\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e"
                }
              ],
              "value": "Version\nMinor Version\nSuggested Solution\nCloud NGFW All\nNo action needed.\n                                PAN-OS 12.1\n\n                                12.1.5 through 12.1.7-h*\n                                Upgrade to 12.1.7-h2 or 12.1.8 or later.\n                            \n                                \n                                12.1.2 through 12.1.4-h*\n                                Upgrade to 12.1.4-h8 or 12.1.8 or later.\n                            \n                                PAN-OS 11.2\n\n                                11.2.11 through 11.2.12\n                                Upgrade to 11.2.13 or later.\n                            \n                                \n                                11.2.8 through 11.2.10-h*\n                                Upgrade to 11.2.10-h12 or 11.2.13 or later.\n                            \n                                \n                                11.2.5 through 11.2.7-h*\n                                Upgrade to 11.2.7-h18 or 11.2.13 or later.\n                            \n                                \n                                11.2.0 through 11.2.4-h*\n                                Upgrade to 11.2.4-h20 or 11.2.13 or later.\n                            \n                                PAN-OS 11.1\n\n                                11.1.14 through 11.1.15\n                                Upgrade to 11.1.16 or later.\n                            \n                                \n                                11.1.11 through 11.1.13-h*\n                                Upgrade to 11.1.13-h9 or 11.1.16 or later.\n                            \n                                \n                                11.1.8 through 11.1.10-h*\n                                Upgrade to 11.1.10-h30 or 11.1.16 or later.\n                            \n                                \n                                11.1.7 through 11.1.7-h*\n                                Upgrade to 11.1.7-h8 or 11.1.16 or later.\n                            \n                                \n                                11.1.5 through 11.1.6-h*\n                                Upgrade to 11.1.6-h35 or 11.1.16 or later.\n                            \n                                \n                                11.1.0 through 11.1.4-h*\n                                Upgrade to 11.1.4-h35 or 11.1.16 or later.\n                            \n                                PAN-OS 10.2\n\n                                10.2.17 through 10.2.18-h*\n                                Upgrade to 10.2.18-h8 or later.\n                            \n                                \n                                10.2.14 through 10.2.16-h*\n                                Upgrade to 10.2.16-h9 or later.\n                            \n                                \n                                10.2.11 through 10.2.13-h*\n                                Upgrade to 10.2.13-h23 or later.\n                            \n                                \n                                10.2.8 through 10.2.10-h*\n                                Upgrade to 10.2.10-h39 or later.\n                            \n                                \n                                10.2.0 through 10.2.7-h*\n                                Upgrade to 10.2.7-h36 or later.\n                            All older\nunsupported\nPAN-OS versions\u00a0Upgrade to a supported fixed version.Prisma Access All\nNo action needed."
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-08T16:00:00.000Z",
              "value": "Initial publication"
            }
          ],
          "title": "PAN-OS: Authentication Bypass Vulnerability in Large Scale VPN (LSVPN)",
          "workarounds": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eCustomers with a Threat Prevention subscription are provided with limited coverage against this vulnerability when enabling Threat ID 510032 (from Applications and Threats content version\u0026nbsp;9122-10145 and later).\u0026nbsp;\u003cbr\u003e\u003cbr\u003eTo ensure the Threat ID provides effective protection against this vulnerability, ensure that \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/globalprotect-articles/applying-vulnerability-protection-to-globalprotect-interfaces/ta-p/340184\"\u003evulnerability protection security profile is applied to your GlobalProtect interface\u003c/a\u003e.\u003c/p\u003e"
                }
              ],
              "value": "Customers with a Threat Prevention subscription are provided with limited coverage against this vulnerability when enabling Threat ID 510032 (from Applications and Threats content version\u00a09122-10145 and later).\u00a0\n\nTo ensure the Threat ID provides effective protection against this vulnerability, ensure that  vulnerability protection security profile is applied to your GlobalProtect interface https://live.paloaltonetworks.com/t5/globalprotect-articles/applying-vulnerability-protection-to-globalprotect-interfaces/ta-p/340184 ."
            }
          ],
          "x_affectedList": [
            "PAN-OS 12.1.7-h1",
            "PAN-OS 12.1.7",
            "PAN-OS 12.1.6",
            "PAN-OS 12.1.5",
            "PAN-OS 12.1.4-h7",
            "PAN-OS 12.1.4-h6",
            "PAN-OS 12.1.4-h5",
            "PAN-OS 12.1.4-h3",
            "PAN-OS 12.1.4-h2",
            "PAN-OS 12.1.4",
            "PAN-OS 12.1.3-h3",
            "PAN-OS 12.1.3-h1",
            "PAN-OS 12.1.3",
            "PAN-OS 12.1.2",
            "PAN-OS 11.2.12",
            "PAN-OS 11.2.11",
            "PAN-OS 11.2.10-h10",
            "PAN-OS 11.2.10-h9",
            "PAN-OS 11.2.10-h8",
            "PAN-OS 11.2.10-h7",
            "PAN-OS 11.2.10-h6",
            "PAN-OS 11.2.10-h5",
            "PAN-OS 11.2.10-h4",
            "PAN-OS 11.2.10-h3",
            "PAN-OS 11.2.10-h2",
            "PAN-OS 11.2.10-h1",
            "PAN-OS 11.2.10",
            "PAN-OS 11.2.9",
            "PAN-OS 11.2.8",
            "PAN-OS 11.2.7-h17",
            "PAN-OS 11.2.7-h16",
            "PAN-OS 11.2.7-h15",
            "PAN-OS 11.2.7-h14",
            "PAN-OS 11.2.7-h13",
            "PAN-OS 11.2.7-h12",
            "PAN-OS 11.2.7-h11",
            "PAN-OS 11.2.7-h10",
            "PAN-OS 11.2.7-h8",
            "PAN-OS 11.2.7-h7",
            "PAN-OS 11.2.7-h4",
            "PAN-OS 11.2.7-h3",
            "PAN-OS 11.2.7-h2",
            "PAN-OS 11.2.7-h1",
            "PAN-OS 11.2.7",
            "PAN-OS 11.2.6",
            "PAN-OS 11.2.5",
            "PAN-OS 11.2.4-h18",
            "PAN-OS 11.2.4-h17",
            "PAN-OS 11.2.4-h15",
            "PAN-OS 11.2.4-h14",
            "PAN-OS 11.2.4-h12",
            "PAN-OS 11.2.4-h11",
            "PAN-OS 11.2.4-h10",
            "PAN-OS 11.2.4-h9",
            "PAN-OS 11.2.4-h8",
            "PAN-OS 11.2.4-h7",
            "PAN-OS 11.2.4-h6",
            "PAN-OS 11.2.4-h5",
            "PAN-OS 11.2.4-h4",
            "PAN-OS 11.2.4-h3",
            "PAN-OS 11.2.4-h2",
            "PAN-OS 11.2.4-h1",
            "PAN-OS 11.2.4",
            "PAN-OS 11.2.3-h5",
            "PAN-OS 11.2.3-h4",
            "PAN-OS 11.2.3-h3",
            "PAN-OS 11.2.3-h2",
            "PAN-OS 11.2.3-h1",
            "PAN-OS 11.2.3",
            "PAN-OS 11.2.2-h2",
            "PAN-OS 11.2.2-h1",
            "PAN-OS 11.2.1-h1",
            "PAN-OS 11.2.1",
            "PAN-OS 11.2.0-h1",
            "PAN-OS 11.2.0",
            "PAN-OS 11.1.15",
            "PAN-OS 11.1.14",
            "PAN-OS 11.1.13-h8",
            "PAN-OS 11.1.13-h7",
            "PAN-OS 11.1.13-h6",
            "PAN-OS 11.1.13-h5",
            "PAN-OS 11.1.13-h3",
            "PAN-OS 11.1.13-h2",
            "PAN-OS 11.1.13-h1",
            "PAN-OS 11.1.13",
            "PAN-OS 11.1.12",
            "PAN-OS 11.1.11",
            "PAN-OS 11.1.10-h28",
            "PAN-OS 11.1.10-h27",
            "PAN-OS 11.1.10-h26",
            "PAN-OS 11.1.10-h25",
            "PAN-OS 11.1.10-h21",
            "PAN-OS 11.1.10-h12",
            "PAN-OS 11.1.10-h10",
            "PAN-OS 11.1.10-h9",
            "PAN-OS 11.1.10-h7",
            "PAN-OS 11.1.10-h5",
            "PAN-OS 11.1.10-h4",
            "PAN-OS 11.1.10-h1",
            "PAN-OS 11.1.10",
            "PAN-OS 11.1.9",
            "PAN-OS 11.1.8",
            "PAN-OS 11.1.6-h34",
            "PAN-OS 11.1.6-h33",
            "PAN-OS 11.1.6-h32",
            "PAN-OS 11.1.6-h29",
            "PAN-OS 11.1.6-h25",
            "PAN-OS 11.1.6-h23",
            "PAN-OS 11.1.6-h22",
            "PAN-OS 11.1.6-h21",
            "PAN-OS 11.1.6-h20",
            "PAN-OS 11.1.6-h19",
            "PAN-OS 11.1.6-h18",
            "PAN-OS 11.1.6-h17",
            "PAN-OS 11.1.6-h14",
            "PAN-OS 11.1.6-h10",
            "PAN-OS 11.1.6-h7",
            "PAN-OS 11.1.6-h6",
            "PAN-OS 11.1.6-h4",
            "PAN-OS 11.1.6-h3",
            "PAN-OS 11.1.6-h2",
            "PAN-OS 11.1.6-h1",
            "PAN-OS 11.1.6",
            "PAN-OS 11.1.5-h1",
            "PAN-OS 11.1.5",
            "PAN-OS 11.1.4-h34",
            "PAN-OS 11.1.4-h33",
            "PAN-OS 11.1.4-h32",
            "PAN-OS 11.1.4-h27",
            "PAN-OS 11.1.4-h25",
            "PAN-OS 11.1.4-h18",
            "PAN-OS 11.1.4-h17",
            "PAN-OS 11.1.4-h15",
            "PAN-OS 11.1.4-h13",
            "PAN-OS 11.1.4-h12",
            "PAN-OS 11.1.4-h11",
            "PAN-OS 11.1.4-h10",
            "PAN-OS 11.1.4-h9",
            "PAN-OS 11.1.4-h8",
            "PAN-OS 11.1.4-h7",
            "PAN-OS 11.1.4-h6",
            "PAN-OS 11.1.4-h5",
            "PAN-OS 11.1.4-h4",
            "PAN-OS 11.1.4-h3",
            "PAN-OS 11.1.4-h2",
            "PAN-OS 11.1.4-h1",
            "PAN-OS 11.1.4",
            "PAN-OS 11.1.3-h13",
            "PAN-OS 11.1.3-h12",
            "PAN-OS 11.1.3-h11",
            "PAN-OS 11.1.3-h10",
            "PAN-OS 11.1.3-h9",
            "PAN-OS 11.1.3-h8",
            "PAN-OS 11.1.3-h7",
            "PAN-OS 11.1.3-h6",
            "PAN-OS 11.1.3-h5",
            "PAN-OS 11.1.3-h4",
            "PAN-OS 11.1.3-h3",
            "PAN-OS 11.1.3-h2",
            "PAN-OS 11.1.3-h1",
            "PAN-OS 11.1.3",
            "PAN-OS 11.1.2-h18",
            "PAN-OS 11.1.2-h17",
            "PAN-OS 11.1.2-h16",
            "PAN-OS 11.1.2-h15",
            "PAN-OS 11.1.2-h14",
            "PAN-OS 11.1.2-h13",
            "PAN-OS 11.1.2-h12",
            "PAN-OS 11.1.2-h11",
            "PAN-OS 11.1.2-h10",
            "PAN-OS 11.1.2-h9",
            "PAN-OS 11.1.2-h8",
            "PAN-OS 11.1.2-h7",
            "PAN-OS 11.1.2-h6",
            "PAN-OS 11.1.2-h5",
            "PAN-OS 11.1.2-h4",
            "PAN-OS 11.1.2-h3",
            "PAN-OS 11.1.2-h2",
            "PAN-OS 11.1.2-h1",
            "PAN-OS 11.1.2",
            "PAN-OS 11.1.1-h2",
            "PAN-OS 11.1.1-h1",
            "PAN-OS 11.1.1",
            "PAN-OS 11.1.0-h4",
            "PAN-OS 11.1.0-h3",
            "PAN-OS 11.1.0-h2",
            "PAN-OS 11.1.0-h1",
            "PAN-OS 11.1.0",
            "PAN-OS 10.2.18-h7",
            "PAN-OS 10.2.18-h6",
            "PAN-OS 10.2.18-h5",
            "PAN-OS 10.2.18-h1",
            "PAN-OS 10.2.18",
            "PAN-OS 10.2.17",
            "PAN-OS 10.2.16-h8",
            "PAN-OS 10.2.16-h7",
            "PAN-OS 10.2.16-h6",
            "PAN-OS 10.2.16-h4",
            "PAN-OS 10.2.16-h1",
            "PAN-OS 10.2.16",
            "PAN-OS 10.2.15",
            "PAN-OS 10.2.14-h1",
            "PAN-OS 10.2.14",
            "PAN-OS 10.2.13-h22",
            "PAN-OS 10.2.13-h21",
            "PAN-OS 10.2.13-h18",
            "PAN-OS 10.2.13-h16",
            "PAN-OS 10.2.13-h15",
            "PAN-OS 10.2.13-h10",
            "PAN-OS 10.2.13-h7",
            "PAN-OS 10.2.13-h5",
            "PAN-OS 10.2.13-h4",
            "PAN-OS 10.2.13-h3",
            "PAN-OS 10.2.13-h2",
            "PAN-OS 10.2.13-h1",
            "PAN-OS 10.2.13",
            "PAN-OS 10.2.12-h6",
            "PAN-OS 10.2.12-h5",
            "PAN-OS 10.2.12-h4",
            "PAN-OS 10.2.12-h3",
            "PAN-OS 10.2.12-h2",
            "PAN-OS 10.2.12-h1",
            "PAN-OS 10.2.12",
            "PAN-OS 10.2.11-h13",
            "PAN-OS 10.2.11-h12",
            "PAN-OS 10.2.11-h11",
            "PAN-OS 10.2.11-h10",
            "PAN-OS 10.2.11-h9",
            "PAN-OS 10.2.11-h8",
            "PAN-OS 10.2.11-h7",
            "PAN-OS 10.2.11-h6",
            "PAN-OS 10.2.11-h5",
            "PAN-OS 10.2.11-h4",
            "PAN-OS 10.2.11-h3",
            "PAN-OS 10.2.11-h2",
            "PAN-OS 10.2.11-h1",
            "PAN-OS 10.2.11",
            "PAN-OS 10.2.10-h37",
            "PAN-OS 10.2.10-h36",
            "PAN-OS 10.2.10-h31",
            "PAN-OS 10.2.10-h30",
            "PAN-OS 10.2.10-h27",
            "PAN-OS 10.2.10-h26",
            "PAN-OS 10.2.10-h23",
            "PAN-OS 10.2.10-h21",
            "PAN-OS 10.2.10-h18",
            "PAN-OS 10.2.10-h17",
            "PAN-OS 10.2.10-h14",
            "PAN-OS 10.2.10-h13",
            "PAN-OS 10.2.10-h12",
            "PAN-OS 10.2.10-h11",
            "PAN-OS 10.2.10-h10",
            "PAN-OS 10.2.10-h9",
            "PAN-OS 10.2.10-h8",
            "PAN-OS 10.2.10-h7",
            "PAN-OS 10.2.10-h6",
            "PAN-OS 10.2.10-h5",
            "PAN-OS 10.2.10-h4",
            "PAN-OS 10.2.10-h3",
            "PAN-OS 10.2.10-h2",
            "PAN-OS 10.2.10-h1",
            "PAN-OS 10.2.10",
            "PAN-OS 10.2.9-h21",
            "PAN-OS 10.2.9-h20",
            "PAN-OS 10.2.9-h19",
            "PAN-OS 10.2.9-h18",
            "PAN-OS 10.2.9-h17",
            "PAN-OS 10.2.9-h16",
            "PAN-OS 10.2.9-h15",
            "PAN-OS 10.2.9-h14",
            "PAN-OS 10.2.9-h13",
            "PAN-OS 10.2.9-h12",
            "PAN-OS 10.2.9-h11",
            "PAN-OS 10.2.9-h10",
            "PAN-OS 10.2.9-h9",
            "PAN-OS 10.2.9-h8",
            "PAN-OS 10.2.9-h7",
            "PAN-OS 10.2.9-h6",
            "PAN-OS 10.2.9-h5",
            "PAN-OS 10.2.9-h4",
            "PAN-OS 10.2.9-h3",
            "PAN-OS 10.2.9-h2",
            "PAN-OS 10.2.9-h1",
            "PAN-OS 10.2.9",
            "PAN-OS 10.2.8-h21",
            "PAN-OS 10.2.8-h20",
            "PAN-OS 10.2.8-h19",
            "PAN-OS 10.2.8-h18",
            "PAN-OS 10.2.8-h17",
            "PAN-OS 10.2.8-h16",
            "PAN-OS 10.2.8-h15",
            "PAN-OS 10.2.8-h14",
            "PAN-OS 10.2.8-h13",
            "PAN-OS 10.2.8-h12",
            "PAN-OS 10.2.8-h11",
            "PAN-OS 10.2.8-h10",
            "PAN-OS 10.2.8-h9",
            "PAN-OS 10.2.8-h8",
            "PAN-OS 10.2.8-h7",
            "PAN-OS 10.2.8-h6",
            "PAN-OS 10.2.8-h5",
            "PAN-OS 10.2.8-h4",
            "PAN-OS 10.2.8-h3",
            "PAN-OS 10.2.8-h2",
            "PAN-OS 10.2.8-h1",
            "PAN-OS 10.2.8",
            "PAN-OS 10.2.7-h35",
            "PAN-OS 10.2.7-h34",
            "PAN-OS 10.2.7-h32",
            "PAN-OS 10.2.7-h24",
            "PAN-OS 10.2.7-h23",
            "PAN-OS 10.2.7-h22",
            "PAN-OS 10.2.7-h21",
            "PAN-OS 10.2.7-h20",
            "PAN-OS 10.2.7-h19",
            "PAN-OS 10.2.7-h18",
            "PAN-OS 10.2.7-h17",
            "PAN-OS 10.2.7-h16",
            "PAN-OS 10.2.7-h15",
            "PAN-OS 10.2.7-h14",
            "PAN-OS 10.2.7-h13",
            "PAN-OS 10.2.7-h12",
            "PAN-OS 10.2.7-h11",
            "PAN-OS 10.2.7-h10",
            "PAN-OS 10.2.7-h9",
            "PAN-OS 10.2.7-h8",
            "PAN-OS 10.2.7-h7",
            "PAN-OS 10.2.7-h6",
            "PAN-OS 10.2.7-h5",
            "PAN-OS 10.2.7-h4",
            "PAN-OS 10.2.7-h3",
            "PAN-OS 10.2.7-h2",
            "PAN-OS 10.2.7-h1",
            "PAN-OS 10.2.7",
            "PAN-OS 10.2.6-h6",
            "PAN-OS 10.2.6-h5",
            "PAN-OS 10.2.6-h4",
            "PAN-OS 10.2.6-h3",
            "PAN-OS 10.2.6-h2",
            "PAN-OS 10.2.6-h1",
            "PAN-OS 10.2.6",
            "PAN-OS 10.2.5-h9",
            "PAN-OS 10.2.5-h8",
            "PAN-OS 10.2.5-h7",
            "PAN-OS 10.2.5-h6",
            "PAN-OS 10.2.5-h5",
            "PAN-OS 10.2.5-h4",
            "PAN-OS 10.2.5-h3",
            "PAN-OS 10.2.5-h2",
            "PAN-OS 10.2.5-h1",
            "PAN-OS 10.2.5",
            "PAN-OS 10.2.4-h32",
            "PAN-OS 10.2.4-h31",
            "PAN-OS 10.2.4-h30",
            "PAN-OS 10.2.4-h29",
            "PAN-OS 10.2.4-h28",
            "PAN-OS 10.2.4-h27",
            "PAN-OS 10.2.4-h26",
            "PAN-OS 10.2.4-h25",
            "PAN-OS 10.2.4-h24",
            "PAN-OS 10.2.4-h23",
            "PAN-OS 10.2.4-h22",
            "PAN-OS 10.2.4-h21",
            "PAN-OS 10.2.4-h20",
            "PAN-OS 10.2.4-h19",
            "PAN-OS 10.2.4-h18",
            "PAN-OS 10.2.4-h17",
            "PAN-OS 10.2.4-h16",
            "PAN-OS 10.2.4-h15",
            "PAN-OS 10.2.4-h14",
            "PAN-OS 10.2.4-h13",
            "PAN-OS 10.2.4-h12",
            "PAN-OS 10.2.4-h11",
            "PAN-OS 10.2.4-h10",
            "PAN-OS 10.2.4-h9",
            "PAN-OS 10.2.4-h8",
            "PAN-OS 10.2.4-h7",
            "PAN-OS 10.2.4-h6",
            "PAN-OS 10.2.4-h5",
            "PAN-OS 10.2.4-h4",
            "PAN-OS 10.2.4-h3",
            "PAN-OS 10.2.4-h2",
            "PAN-OS 10.2.4-h1",
            "PAN-OS 10.2.4",
            "PAN-OS 10.2.3-h14",
            "PAN-OS 10.2.3-h13",
            "PAN-OS 10.2.3-h12",
            "PAN-OS 10.2.3-h11",
            "PAN-OS 10.2.3-h10",
            "PAN-OS 10.2.3-h9",
            "PAN-OS 10.2.3-h8",
            "PAN-OS 10.2.3-h7",
            "PAN-OS 10.2.3-h6",
            "PAN-OS 10.2.3-h5",
            "PAN-OS 10.2.3-h4",
            "PAN-OS 10.2.3-h3",
            "PAN-OS 10.2.3-h2",
            "PAN-OS 10.2.3-h1",
            "PAN-OS 10.2.3",
            "PAN-OS 10.2.2-h6",
            "PAN-OS 10.2.2-h5",
            "PAN-OS 10.2.2-h4",
            "PAN-OS 10.2.2-h3",
            "PAN-OS 10.2.2-h2",
            "PAN-OS 10.2.2-h1",
            "PAN-OS 10.2.2",
            "PAN-OS 10.2.1-h3",
            "PAN-OS 10.2.1-h2",
            "PAN-OS 10.2.1-h1",
            "PAN-OS 10.2.1",
            "PAN-OS 10.2.0-h4",
            "PAN-OS 10.2.0-h3",
            "PAN-OS 10.2.0-h2",
            "PAN-OS 10.2.0-h1",
            "PAN-OS 10.2.0"
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "assignerShortName": "palo_alto",
        "cveId": "CVE-2026-0283",
        "datePublished": "2026-07-09T19:01:34.210Z",
        "dateReserved": "2025-11-03T20:44:41.929Z",
        "dateUpdated": "2026-07-09T19:25:07.889Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0282 (GCVE-0-2026-0282)

    Vulnerability from nvd – Published: 2026-07-09 19:02 – Updated: 2026-07-09 19:24
    VLAI
    Title
    PAN-OS: File Deletion Vulnerability in Management Web Interface
    Summary
    A file deletion vulnerability in Palo Alto Networks PAN-OS® software enables an unauthenticated attacker with network access to the management web interface to delete files from a temporary directory. The security risk posed by this issue is minimized by restricting access to the management web interface to only trusted internal IP addresses according to our recommended best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . This issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series). Cloud NGFW and Prisma® Access are not impacted by this vulnerability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    References
    Impacted products
    Vendor Product Version
    Palo Alto Networks Cloud NGFW Unaffected: All (custom)
    Create a notification for this product.
    Palo Alto Networks PAN-OS Affected: 12.1.0 , < 12.1.8 (custom)
    Affected: 11.2.0 , < 11.2.13 (custom)
    Affected: 11.1.0 , < 11.1.16 (custom)
    Affected: 10.2.0 , < 10.2.18-h8 (custom)
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.12:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.15:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.14:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Palo Alto Networks Prisma Access Unaffected: All (custom)
    Create a notification for this product.
    Date Public
    2026-07-08 16:00
    Credits
    our internal security research teams
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0282",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T19:24:34.179840Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T19:24:40.688Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Cloud NGFW",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "PAN-OS",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "12.1.8",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "12.1.8",
                  "status": "affected",
                  "version": "12.1.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "11.2.13",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "11.2.13",
                  "status": "affected",
                  "version": "11.2.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "11.1.16",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "11.1.16",
                  "status": "affected",
                  "version": "11.1.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "10.2.18-h8",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.16-h9",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.13-h23",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.10-h39",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.7-h36",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "10.2.18-h8",
                  "status": "affected",
                  "version": "10.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Prisma Access",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "configurations": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "No special configuration is required to be affected by this issue."
                }
              ],
              "value": "No special configuration is required to be affected by this issue."
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "12.1.8",
                      "versionStartIncluding": "12.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.2.13",
                      "versionStartIncluding": "11.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.16",
                      "versionStartIncluding": "11.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionStartIncluding": "10.2.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "our internal security research teams"
            }
          ],
          "datePublic": "2026-07-08T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A file deletion vulnerability in Palo Alto Networks PAN-OS\u00ae software enables an unauthenticated attacker with network access to the management web interface to delete files from a temporary directory.\u003cbr\u003e\u003cbr\u003eThe security risk posed by this issue is minimized by restricting access to the management web interface to only trusted internal IP addresses according to our recommended \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"\u003ebest practice deployment guidelines\u003c/a\u003e.\u003cbr\u003e\u003cbr\u003eThis issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series).\u003cbr\u003e\u003cbr\u003eCloud NGFW and Prisma\u00ae Access are not impacted by this vulnerability."
                }
              ],
              "value": "A file deletion vulnerability in Palo Alto Networks PAN-OS\u00ae software enables an unauthenticated attacker with network access to the management web interface to delete files from a temporary directory.\n\nThe security risk posed by this issue is minimized by restricting access to the management web interface to only trusted internal IP addresses according to our recommended  best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .\n\nThis issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series).\n\nCloud NGFW and Prisma\u00ae Access are not impacted by this vulnerability."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
                }
              ],
              "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-165",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-165 File Manipulation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NO",
                "Recovery": "USER",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 2.7,
                "baseSeverity": "LOW",
                "exploitMaturity": "UNREPORTED",
                "privilegesRequired": "NONE",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "The risk is highest when you allow access to the management interface from external IP addresses on the internet."
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NO",
                "Recovery": "USER",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 1.2,
                "baseSeverity": "LOW",
                "exploitMaturity": "UNREPORTED",
                "privilegesRequired": "NONE",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "You can reduce the risk of exploitation by restricting management access to a jump box that is the only system allowed to access the management interface."
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T19:02:26.722Z",
            "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
            "shortName": "palo_alto"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.paloaltonetworks.com/CVE-2026-0282"
            }
          ],
          "solutions": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003ctable\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eVersion\u003cbr\u003e\u003c/th\u003e\u003cth\u003eMinor Version Range\u003cbr\u003e\u003c/th\u003e\u003cth\u003eSuggested Solution\u003cbr\u003e\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eCloud NGFW All\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003ePAN-OS 12.1\u003cbr\u003e\u003c/td\u003e\n                                \u003ctd\u003e12.1.0 through 12.1.7-h*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 12.1.8 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003ePAN-OS 11.2\u003cbr\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.2.0 through 11.2.12\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.2.13 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003ePAN-OS 11.1\u003cbr\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.1.0 through 11.1.15-h*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.1.16 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 10.2\u003c/td\u003e\u003ctd\u003e10.2.0 through 10.2*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.16 or 11.2.13 or 12.1.8 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eAll older\u003cbr\u003eunsupported\u003cbr\u003ePAN-OS versions\u003c/td\u003e\u003ctd\u003e\u0026nbsp;\u003c/td\u003e\u003ctd\u003eUpgrade to a supported fixed version.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePrisma Access All\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e"
                }
              ],
              "value": "Version\nMinor Version Range\nSuggested Solution\nCloud NGFW All\nNo action needed.\n                                PAN-OS 12.1\n\n                                12.1.0 through 12.1.7-h*\n                                Upgrade to 12.1.8 or later.\n                            \n                                PAN-OS 11.2\n\n                                11.2.0 through 11.2.12\n                                Upgrade to 11.2.13 or later.\n                            \n                                PAN-OS 11.1\n\n                                11.1.0 through 11.1.15-h*\n                                Upgrade to 11.1.16 or later.\n                            PAN-OS 10.210.2.0 through 10.2*Upgrade to 11.1.16 or 11.2.13 or 12.1.8 or later.All older\nunsupported\nPAN-OS versions\u00a0Upgrade to a supported fixed version.Prisma Access All\nNo action needed."
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-08T16:00:00.000Z",
              "value": "Initial publication"
            }
          ],
          "title": "PAN-OS: File Deletion Vulnerability in Management Web Interface",
          "workarounds": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The vast majority of firewalls already follow Palo Alto Networks\u0027 and industry best practices. However, if you have not already, we strongly recommend that you secure access to your management interface according to our \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"\u003ebest practice deployment guidelines\u003c/a\u003e. Specifically, you should restrict management interface access to only trusted internal IP addresses.\u003cbr\u003e\u003cbr\u003eReview information about how to secure management access to your Palo Alto Networks firewalls:\u003cul\u003e\u003cli\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"\u003ePalo Alto Networks LIVEcommunity article\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices\"\u003ePalo Alto Networks official and detailed technical documentation\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e"
                }
              ],
              "value": "The vast majority of firewalls already follow Palo Alto Networks\u0027 and industry best practices. However, if you have not already, we strongly recommend that you secure access to your management interface according to our  best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . Specifically, you should restrict management interface access to only trusted internal IP addresses.\n\nReview information about how to secure management access to your Palo Alto Networks firewalls:  *   Palo Alto Networks LIVEcommunity article https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 \n  *   Palo Alto Networks official and detailed technical documentation https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices"
            }
          ],
          "x_affectedList": [
            "PAN-OS 12.1.7",
            "PAN-OS 12.1.6",
            "PAN-OS 12.1.5",
            "PAN-OS 12.1.4-h6",
            "PAN-OS 12.1.4-h5",
            "PAN-OS 12.1.4-h3",
            "PAN-OS 12.1.4-h2",
            "PAN-OS 12.1.4",
            "PAN-OS 12.1.3-h3",
            "PAN-OS 12.1.3-h1",
            "PAN-OS 12.1.3",
            "PAN-OS 12.1.2",
            "PAN-OS 11.2.12",
            "PAN-OS 11.2.11",
            "PAN-OS 11.2.10-h8",
            "PAN-OS 11.2.10-h7",
            "PAN-OS 11.2.10-h6",
            "PAN-OS 11.2.10-h5",
            "PAN-OS 11.2.10-h4",
            "PAN-OS 11.2.10-h3",
            "PAN-OS 11.2.10-h2",
            "PAN-OS 11.2.10-h1",
            "PAN-OS 11.2.10",
            "PAN-OS 11.2.9",
            "PAN-OS 11.2.8",
            "PAN-OS 11.2.7-h15",
            "PAN-OS 11.2.7-h14",
            "PAN-OS 11.2.7-h13",
            "PAN-OS 11.2.7-h12",
            "PAN-OS 11.2.7-h11",
            "PAN-OS 11.2.7-h10",
            "PAN-OS 11.2.7-h8",
            "PAN-OS 11.2.7-h7",
            "PAN-OS 11.2.7-h4",
            "PAN-OS 11.2.7-h3",
            "PAN-OS 11.2.7-h2",
            "PAN-OS 11.2.7-h1",
            "PAN-OS 11.2.7",
            "PAN-OS 11.2.6",
            "PAN-OS 11.2.5",
            "PAN-OS 11.2.4-h17",
            "PAN-OS 11.2.4-h15",
            "PAN-OS 11.2.4-h14",
            "PAN-OS 11.2.4-h12",
            "PAN-OS 11.2.4-h11",
            "PAN-OS 11.2.4-h10",
            "PAN-OS 11.2.4-h9",
            "PAN-OS 11.2.4-h8",
            "PAN-OS 11.2.4-h7",
            "PAN-OS 11.2.4-h6",
            "PAN-OS 11.2.4-h5",
            "PAN-OS 11.2.4-h4",
            "PAN-OS 11.2.4-h3",
            "PAN-OS 11.2.4-h2",
            "PAN-OS 11.2.4-h1",
            "PAN-OS 11.2.4",
            "PAN-OS 11.2.3-h5",
            "PAN-OS 11.2.3-h4",
            "PAN-OS 11.2.3-h3",
            "PAN-OS 11.2.3-h2",
            "PAN-OS 11.2.3-h1",
            "PAN-OS 11.2.3",
            "PAN-OS 11.2.2-h2",
            "PAN-OS 11.2.2-h1",
            "PAN-OS 11.2.1-h1",
            "PAN-OS 11.2.1",
            "PAN-OS 11.2.0-h1",
            "PAN-OS 11.2.0",
            "PAN-OS 11.1.15",
            "PAN-OS 11.1.14",
            "PAN-OS 11.1.13-h6",
            "PAN-OS 11.1.13-h5",
            "PAN-OS 11.1.13-h3",
            "PAN-OS 11.1.13-h2",
            "PAN-OS 11.1.13-h1",
            "PAN-OS 11.1.13",
            "PAN-OS 11.1.12",
            "PAN-OS 11.1.11",
            "PAN-OS 11.1.10-h26",
            "PAN-OS 11.1.10-h25",
            "PAN-OS 11.1.10-h21",
            "PAN-OS 11.1.10-h12",
            "PAN-OS 11.1.10-h10",
            "PAN-OS 11.1.10-h9",
            "PAN-OS 11.1.10-h7",
            "PAN-OS 11.1.10-h5",
            "PAN-OS 11.1.10-h4",
            "PAN-OS 11.1.10-h1",
            "PAN-OS 11.1.10",
            "PAN-OS 11.1.9",
            "PAN-OS 11.1.8",
            "PAN-OS 11.1.6-h32",
            "PAN-OS 11.1.6-h29",
            "PAN-OS 11.1.6-h25",
            "PAN-OS 11.1.6-h23",
            "PAN-OS 11.1.6-h22",
            "PAN-OS 11.1.6-h21",
            "PAN-OS 11.1.6-h20",
            "PAN-OS 11.1.6-h19",
            "PAN-OS 11.1.6-h18",
            "PAN-OS 11.1.6-h17",
            "PAN-OS 11.1.6-h14",
            "PAN-OS 11.1.6-h10",
            "PAN-OS 11.1.6-h7",
            "PAN-OS 11.1.6-h6",
            "PAN-OS 11.1.6-h4",
            "PAN-OS 11.1.6-h3",
            "PAN-OS 11.1.6-h2",
            "PAN-OS 11.1.6-h1",
            "PAN-OS 11.1.6",
            "PAN-OS 11.1.5-h1",
            "PAN-OS 11.1.5",
            "PAN-OS 11.1.4-h33",
            "PAN-OS 11.1.4-h32",
            "PAN-OS 11.1.4-h27",
            "PAN-OS 11.1.4-h25",
            "PAN-OS 11.1.4-h18",
            "PAN-OS 11.1.4-h17",
            "PAN-OS 11.1.4-h15",
            "PAN-OS 11.1.4-h13",
            "PAN-OS 11.1.4-h12",
            "PAN-OS 11.1.4-h11",
            "PAN-OS 11.1.4-h10",
            "PAN-OS 11.1.4-h9",
            "PAN-OS 11.1.4-h8",
            "PAN-OS 11.1.4-h7",
            "PAN-OS 11.1.4-h6",
            "PAN-OS 11.1.4-h5",
            "PAN-OS 11.1.4-h4",
            "PAN-OS 11.1.4-h3",
            "PAN-OS 11.1.4-h2",
            "PAN-OS 11.1.4-h1",
            "PAN-OS 11.1.4",
            "PAN-OS 11.1.3-h13",
            "PAN-OS 11.1.3-h12",
            "PAN-OS 11.1.3-h11",
            "PAN-OS 11.1.3-h10",
            "PAN-OS 11.1.3-h9",
            "PAN-OS 11.1.3-h8",
            "PAN-OS 11.1.3-h7",
            "PAN-OS 11.1.3-h6",
            "PAN-OS 11.1.3-h5",
            "PAN-OS 11.1.3-h4",
            "PAN-OS 11.1.3-h3",
            "PAN-OS 11.1.3-h2",
            "PAN-OS 11.1.3-h1",
            "PAN-OS 11.1.3",
            "PAN-OS 11.1.2-h18",
            "PAN-OS 11.1.2-h17",
            "PAN-OS 11.1.2-h16",
            "PAN-OS 11.1.2-h15",
            "PAN-OS 11.1.2-h14",
            "PAN-OS 11.1.2-h13",
            "PAN-OS 11.1.2-h12",
            "PAN-OS 11.1.2-h11",
            "PAN-OS 11.1.2-h10",
            "PAN-OS 11.1.2-h9",
            "PAN-OS 11.1.2-h8",
            "PAN-OS 11.1.2-h7",
            "PAN-OS 11.1.2-h6",
            "PAN-OS 11.1.2-h5",
            "PAN-OS 11.1.2-h4",
            "PAN-OS 11.1.2-h3",
            "PAN-OS 11.1.2-h2",
            "PAN-OS 11.1.2-h1",
            "PAN-OS 11.1.2",
            "PAN-OS 11.1.1-h2",
            "PAN-OS 11.1.1-h1",
            "PAN-OS 11.1.1",
            "PAN-OS 11.1.0-h4",
            "PAN-OS 11.1.0-h3",
            "PAN-OS 11.1.0-h2",
            "PAN-OS 11.1.0-h1",
            "PAN-OS 11.1.0",
            "PAN-OS 10.2.18-h6",
            "PAN-OS 10.2.18-h5",
            "PAN-OS 10.2.18-h1",
            "PAN-OS 10.2.18",
            "PAN-OS 10.2.17",
            "PAN-OS 10.2.16-h7",
            "PAN-OS 10.2.16-h6",
            "PAN-OS 10.2.16-h4",
            "PAN-OS 10.2.16-h1",
            "PAN-OS 10.2.16",
            "PAN-OS 10.2.15",
            "PAN-OS 10.2.14-h1",
            "PAN-OS 10.2.14",
            "PAN-OS 10.2.13-h21",
            "PAN-OS 10.2.13-h18",
            "PAN-OS 10.2.13-h16",
            "PAN-OS 10.2.13-h15",
            "PAN-OS 10.2.13-h10",
            "PAN-OS 10.2.13-h7",
            "PAN-OS 10.2.13-h5",
            "PAN-OS 10.2.13-h4",
            "PAN-OS 10.2.13-h3",
            "PAN-OS 10.2.13-h2",
            "PAN-OS 10.2.13-h1",
            "PAN-OS 10.2.13",
            "PAN-OS 10.2.12-h6",
            "PAN-OS 10.2.12-h5",
            "PAN-OS 10.2.12-h4",
            "PAN-OS 10.2.12-h3",
            "PAN-OS 10.2.12-h2",
            "PAN-OS 10.2.12-h1",
            "PAN-OS 10.2.12",
            "PAN-OS 10.2.11-h13",
            "PAN-OS 10.2.11-h12",
            "PAN-OS 10.2.11-h11",
            "PAN-OS 10.2.11-h10",
            "PAN-OS 10.2.11-h9",
            "PAN-OS 10.2.11-h8",
            "PAN-OS 10.2.11-h7",
            "PAN-OS 10.2.11-h6",
            "PAN-OS 10.2.11-h5",
            "PAN-OS 10.2.11-h4",
            "PAN-OS 10.2.11-h3",
            "PAN-OS 10.2.11-h2",
            "PAN-OS 10.2.11-h1",
            "PAN-OS 10.2.11",
            "PAN-OS 10.2.10-h36",
            "PAN-OS 10.2.10-h31",
            "PAN-OS 10.2.10-h30",
            "PAN-OS 10.2.10-h27",
            "PAN-OS 10.2.10-h26",
            "PAN-OS 10.2.10-h23",
            "PAN-OS 10.2.10-h21",
            "PAN-OS 10.2.10-h18",
            "PAN-OS 10.2.10-h17",
            "PAN-OS 10.2.10-h14",
            "PAN-OS 10.2.10-h13",
            "PAN-OS 10.2.10-h12",
            "PAN-OS 10.2.10-h11",
            "PAN-OS 10.2.10-h10",
            "PAN-OS 10.2.10-h9",
            "PAN-OS 10.2.10-h8",
            "PAN-OS 10.2.10-h7",
            "PAN-OS 10.2.10-h6",
            "PAN-OS 10.2.10-h5",
            "PAN-OS 10.2.10-h4",
            "PAN-OS 10.2.10-h3",
            "PAN-OS 10.2.10-h2",
            "PAN-OS 10.2.10-h1",
            "PAN-OS 10.2.10",
            "PAN-OS 10.2.9-h21",
            "PAN-OS 10.2.9-h20",
            "PAN-OS 10.2.9-h19",
            "PAN-OS 10.2.9-h18",
            "PAN-OS 10.2.9-h17",
            "PAN-OS 10.2.9-h16",
            "PAN-OS 10.2.9-h15",
            "PAN-OS 10.2.9-h14",
            "PAN-OS 10.2.9-h13",
            "PAN-OS 10.2.9-h12",
            "PAN-OS 10.2.9-h11",
            "PAN-OS 10.2.9-h10",
            "PAN-OS 10.2.9-h9",
            "PAN-OS 10.2.9-h8",
            "PAN-OS 10.2.9-h7",
            "PAN-OS 10.2.9-h6",
            "PAN-OS 10.2.9-h5",
            "PAN-OS 10.2.9-h4",
            "PAN-OS 10.2.9-h3",
            "PAN-OS 10.2.9-h2",
            "PAN-OS 10.2.9-h1",
            "PAN-OS 10.2.9",
            "PAN-OS 10.2.8-h21",
            "PAN-OS 10.2.8-h20",
            "PAN-OS 10.2.8-h19",
            "PAN-OS 10.2.8-h18",
            "PAN-OS 10.2.8-h17",
            "PAN-OS 10.2.8-h16",
            "PAN-OS 10.2.8-h15",
            "PAN-OS 10.2.8-h14",
            "PAN-OS 10.2.8-h13",
            "PAN-OS 10.2.8-h12",
            "PAN-OS 10.2.8-h11",
            "PAN-OS 10.2.8-h10",
            "PAN-OS 10.2.8-h9",
            "PAN-OS 10.2.8-h8",
            "PAN-OS 10.2.8-h7",
            "PAN-OS 10.2.8-h6",
            "PAN-OS 10.2.8-h5",
            "PAN-OS 10.2.8-h4",
            "PAN-OS 10.2.8-h3",
            "PAN-OS 10.2.8-h2",
            "PAN-OS 10.2.8-h1",
            "PAN-OS 10.2.8",
            "PAN-OS 10.2.7-h34",
            "PAN-OS 10.2.7-h32",
            "PAN-OS 10.2.7-h24",
            "PAN-OS 10.2.7-h23",
            "PAN-OS 10.2.7-h22",
            "PAN-OS 10.2.7-h21",
            "PAN-OS 10.2.7-h20",
            "PAN-OS 10.2.7-h19",
            "PAN-OS 10.2.7-h18",
            "PAN-OS 10.2.7-h17",
            "PAN-OS 10.2.7-h16",
            "PAN-OS 10.2.7-h15",
            "PAN-OS 10.2.7-h14",
            "PAN-OS 10.2.7-h13",
            "PAN-OS 10.2.7-h12",
            "PAN-OS 10.2.7-h11",
            "PAN-OS 10.2.7-h10",
            "PAN-OS 10.2.7-h9",
            "PAN-OS 10.2.7-h8",
            "PAN-OS 10.2.7-h7",
            "PAN-OS 10.2.7-h6",
            "PAN-OS 10.2.7-h5",
            "PAN-OS 10.2.7-h4",
            "PAN-OS 10.2.7-h3",
            "PAN-OS 10.2.7-h2",
            "PAN-OS 10.2.7-h1",
            "PAN-OS 10.2.7",
            "PAN-OS 10.2.6-h6",
            "PAN-OS 10.2.6-h5",
            "PAN-OS 10.2.6-h4",
            "PAN-OS 10.2.6-h3",
            "PAN-OS 10.2.6-h2",
            "PAN-OS 10.2.6-h1",
            "PAN-OS 10.2.6",
            "PAN-OS 10.2.5-h9",
            "PAN-OS 10.2.5-h8",
            "PAN-OS 10.2.5-h7",
            "PAN-OS 10.2.5-h6",
            "PAN-OS 10.2.5-h5",
            "PAN-OS 10.2.5-h4",
            "PAN-OS 10.2.5-h3",
            "PAN-OS 10.2.5-h2",
            "PAN-OS 10.2.5-h1",
            "PAN-OS 10.2.5",
            "PAN-OS 10.2.4-h32",
            "PAN-OS 10.2.4-h31",
            "PAN-OS 10.2.4-h30",
            "PAN-OS 10.2.4-h29",
            "PAN-OS 10.2.4-h28",
            "PAN-OS 10.2.4-h27",
            "PAN-OS 10.2.4-h26",
            "PAN-OS 10.2.4-h25",
            "PAN-OS 10.2.4-h24",
            "PAN-OS 10.2.4-h23",
            "PAN-OS 10.2.4-h22",
            "PAN-OS 10.2.4-h21",
            "PAN-OS 10.2.4-h20",
            "PAN-OS 10.2.4-h19",
            "PAN-OS 10.2.4-h18",
            "PAN-OS 10.2.4-h17",
            "PAN-OS 10.2.4-h16",
            "PAN-OS 10.2.4-h15",
            "PAN-OS 10.2.4-h14",
            "PAN-OS 10.2.4-h13",
            "PAN-OS 10.2.4-h12",
            "PAN-OS 10.2.4-h11",
            "PAN-OS 10.2.4-h10",
            "PAN-OS 10.2.4-h9",
            "PAN-OS 10.2.4-h8",
            "PAN-OS 10.2.4-h7",
            "PAN-OS 10.2.4-h6",
            "PAN-OS 10.2.4-h5",
            "PAN-OS 10.2.4-h4",
            "PAN-OS 10.2.4-h3",
            "PAN-OS 10.2.4-h2",
            "PAN-OS 10.2.4-h1",
            "PAN-OS 10.2.4",
            "PAN-OS 10.2.3-h14",
            "PAN-OS 10.2.3-h13",
            "PAN-OS 10.2.3-h12",
            "PAN-OS 10.2.3-h11",
            "PAN-OS 10.2.3-h10",
            "PAN-OS 10.2.3-h9",
            "PAN-OS 10.2.3-h8",
            "PAN-OS 10.2.3-h7",
            "PAN-OS 10.2.3-h6",
            "PAN-OS 10.2.3-h5",
            "PAN-OS 10.2.3-h4",
            "PAN-OS 10.2.3-h3",
            "PAN-OS 10.2.3-h2",
            "PAN-OS 10.2.3-h1",
            "PAN-OS 10.2.3",
            "PAN-OS 10.2.2-h6",
            "PAN-OS 10.2.2-h5",
            "PAN-OS 10.2.2-h4",
            "PAN-OS 10.2.2-h3",
            "PAN-OS 10.2.2-h2",
            "PAN-OS 10.2.2-h1",
            "PAN-OS 10.2.2",
            "PAN-OS 10.2.1-h3",
            "PAN-OS 10.2.1-h2",
            "PAN-OS 10.2.1-h1",
            "PAN-OS 10.2.1",
            "PAN-OS 10.2.0-h4",
            "PAN-OS 10.2.0-h3",
            "PAN-OS 10.2.0-h2",
            "PAN-OS 10.2.0-h1",
            "PAN-OS 10.2.0"
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "assignerShortName": "palo_alto",
        "cveId": "CVE-2026-0282",
        "datePublished": "2026-07-09T19:02:26.722Z",
        "dateReserved": "2025-11-03T20:44:41.184Z",
        "dateUpdated": "2026-07-09T19:24:40.688Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0281 (GCVE-0-2026-0281)

    Vulnerability from nvd – Published: 2026-07-09 19:03 – Updated: 2026-07-09 19:24
    VLAI
    Title
    PAN-OS: Information Disclosure Vulnerability in Management Web Interface
    Summary
    An information disclosure vulnerability in Palo Alto Networks PAN-OS® software enables an unauthenticated attacker with network access to the management web interface to obtain web session tokens. This requires a legitimate user to first click on a malicious link provided by the attacker. The security risk posed by this issue is minimized by restricting access to the management web interface to only trusted internal IP addresses according to our recommended best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . This issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series). Cloud NGFW and Prisma® Access are not impacted by this vulnerability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-524 - Use of Cache Containing Sensitive Information
    Assigner
    References
    Impacted products
    Vendor Product Version
    Palo Alto Networks Cloud NGFW Unaffected: All (custom)
    Create a notification for this product.
    Palo Alto Networks PAN-OS Affected: 12.1.0 , < 12.1.8 (custom)
    Affected: 11.2.0 , < 11.2.13 (custom)
    Affected: 11.1.0 , < 11.1.16 (custom)
    Affected: 10.2.0 , < 10.2.18-h8 (custom)
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.12:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.15:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.14:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Palo Alto Networks Prisma Access Unaffected: All (custom)
    Create a notification for this product.
    Date Public
    2026-07-08 16:00
    Credits
    our internal security research teams
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0281",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T19:24:10.424243Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T19:24:18.136Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Cloud NGFW",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "PAN-OS",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "12.1.8",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "12.1.8",
                  "status": "affected",
                  "version": "12.1.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "11.2.13",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "11.2.13",
                  "status": "affected",
                  "version": "11.2.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "11.1.16",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "11.1.16",
                  "status": "affected",
                  "version": "11.1.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "10.2.18-h8",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.16-h9",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.13-h23",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.10-h39",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.7-h36",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "10.2.18-h8",
                  "status": "affected",
                  "version": "10.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Prisma Access",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "configurations": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "No special configuration is required to be affected by this issue."
                }
              ],
              "value": "No special configuration is required to be affected by this issue."
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "12.1.8",
                      "versionStartIncluding": "12.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.2.13",
                      "versionStartIncluding": "11.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.16",
                      "versionStartIncluding": "11.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionStartIncluding": "10.2.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "our internal security research teams"
            }
          ],
          "datePublic": "2026-07-08T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An information disclosure vulnerability in Palo Alto Networks PAN-OS\u00ae software enables an unauthenticated attacker with network access to the management web interface to obtain web session tokens. This requires a legitimate user to first click on a malicious link provided by the attacker.\u003cbr\u003e\u003cbr\u003eThe security risk posed by this issue is minimized by restricting access to the management web interface to only trusted internal IP addresses according to our recommended \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"\u003ebest practice deployment guidelines\u003c/a\u003e.\u003cbr\u003e\u003cbr\u003eThis issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series).\u003cbr\u003e\u003cbr\u003eCloud NGFW and Prisma\u00ae Access are not impacted by this vulnerability."
                }
              ],
              "value": "An information disclosure vulnerability in Palo Alto Networks PAN-OS\u00ae software enables an unauthenticated attacker with network access to the management web interface to obtain web session tokens. This requires a legitimate user to first click on a malicious link provided by the attacker.\n\nThe security risk posed by this issue is minimized by restricting access to the management web interface to only trusted internal IP addresses according to our recommended  best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .\n\nThis issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series).\n\nCloud NGFW and Prisma\u00ae Access are not impacted by this vulnerability."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
                }
              ],
              "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-141",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-141 Cache Poisoning"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NO",
                "Recovery": "AUTOMATIC",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 2.1,
                "baseSeverity": "LOW",
                "exploitMaturity": "UNREPORTED",
                "privilegesRequired": "NONE",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/AU:N/R:A/V:D/RE:M/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "The risk is highest when you allow access to the management interface from external IP addresses on the internet."
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NO",
                "Recovery": "AUTOMATIC",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 1.7,
                "baseSeverity": "LOW",
                "exploitMaturity": "UNREPORTED",
                "privilegesRequired": "NONE",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/AU:N/R:A/V:D/RE:M/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "You can reduce the risk of exploitation by restricting access to a jump box that is the only system allowed to access the management interface."
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-524",
                  "description": "CWE-524 Use of Cache Containing Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T19:03:44.381Z",
            "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
            "shortName": "palo_alto"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.paloaltonetworks.com/CVE-2026-0281"
            }
          ],
          "solutions": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003ctable\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eVersion\u003c/th\u003e\u003cth\u003eMinor Version Range\u003c/th\u003e\u003cth\u003eSuggested Solution\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eCloud NGFW\u003c/td\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 12.1\u003c/td\u003e\u003ctd\u003e12.1.2 through 12.1.7-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 12.1.8 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 11.2\u003c/td\u003e\u003ctd\u003e11.2.0 through 11.2.12\u003c/td\u003e\u003ctd\u003eUpgrade to 11.2.13 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 11.1\u003c/td\u003e\u003ctd\u003e11.1.0 through 11.1.15-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.16 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 10.2\u003c/td\u003e\u003ctd\u003e10.2.0 through 10.2*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.16, 11.2.13, 12.1.8 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eAll older\u003cbr\u003eunsupported\u003cbr\u003ePAN-OS versions\u003c/td\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003eUpgrade to a supported fixed version.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePrisma Access\u003c/td\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e"
                }
              ],
              "value": "VersionMinor Version RangeSuggested SolutionCloud NGFW\nNo action needed.PAN-OS 12.112.1.2 through 12.1.7-h*Upgrade to 12.1.8 or later.PAN-OS 11.211.2.0 through 11.2.12Upgrade to 11.2.13 or later.PAN-OS 11.111.1.0 through 11.1.15-h*Upgrade to 11.1.16 or later.PAN-OS 10.210.2.0 through 10.2*Upgrade to 11.1.16, 11.2.13, 12.1.8 or later.All older\nunsupported\nPAN-OS versions\nUpgrade to a supported fixed version.Prisma Access\nNo action needed."
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-08T16:00:00.000Z",
              "value": "Initial publication."
            }
          ],
          "title": "PAN-OS: Information Disclosure Vulnerability in Management Web Interface",
          "workarounds": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The vast majority of firewalls already follow Palo Alto Networks\u0027 and industry best practices. However, if you have not already, we strongly recommend that you secure access to your management interface according to our \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"\u003ebest practice deployment guidelines\u003c/a\u003e. Specifically, you should restrict management interface access to only trusted internal IP addresses.\u003cbr\u003e\u003cbr\u003eReview information about how to secure management access to your Palo Alto Networks firewalls:\u003cul\u003e\u003cli\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"\u003ePalo Alto Networks LIVEcommunity article\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices\"\u003ePalo Alto Networks official and detailed technical documentation\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e"
                }
              ],
              "value": "The vast majority of firewalls already follow Palo Alto Networks\u0027 and industry best practices. However, if you have not already, we strongly recommend that you secure access to your management interface according to our best practice deployment guidelines (https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431). Specifically, you should restrict management interface access to only trusted internal IP addresses.\n\nReview information about how to secure management access to your Palo Alto Networks firewalls:\n * Palo Alto Networks LIVEcommunity article (https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431)\n * Palo Alto Networks official and detailed technical documentation (https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices)"
            }
          ],
          "x_affectedList": [
            "PAN-OS 12.1.7",
            "PAN-OS 12.1.6",
            "PAN-OS 12.1.5",
            "PAN-OS 12.1.4-h6",
            "PAN-OS 12.1.4-h5",
            "PAN-OS 12.1.4-h3",
            "PAN-OS 12.1.4-h2",
            "PAN-OS 12.1.4",
            "PAN-OS 12.1.3-h3",
            "PAN-OS 12.1.3-h1",
            "PAN-OS 12.1.3",
            "PAN-OS 12.1.2",
            "PAN-OS 11.2.12",
            "PAN-OS 11.2.11",
            "PAN-OS 11.2.10-h8",
            "PAN-OS 11.2.10-h7",
            "PAN-OS 11.2.10-h6",
            "PAN-OS 11.2.10-h5",
            "PAN-OS 11.2.10-h4",
            "PAN-OS 11.2.10-h3",
            "PAN-OS 11.2.10-h2",
            "PAN-OS 11.2.10-h1",
            "PAN-OS 11.2.10",
            "PAN-OS 11.2.9",
            "PAN-OS 11.2.8",
            "PAN-OS 11.2.7-h15",
            "PAN-OS 11.2.7-h14",
            "PAN-OS 11.2.7-h13",
            "PAN-OS 11.2.7-h12",
            "PAN-OS 11.2.7-h11",
            "PAN-OS 11.2.7-h10",
            "PAN-OS 11.2.7-h8",
            "PAN-OS 11.2.7-h7",
            "PAN-OS 11.2.7-h4",
            "PAN-OS 11.2.7-h3",
            "PAN-OS 11.2.7-h2",
            "PAN-OS 11.2.7-h1",
            "PAN-OS 11.2.7",
            "PAN-OS 11.2.6",
            "PAN-OS 11.2.5",
            "PAN-OS 11.2.4-h17",
            "PAN-OS 11.2.4-h15",
            "PAN-OS 11.2.4-h14",
            "PAN-OS 11.2.4-h12",
            "PAN-OS 11.2.4-h11",
            "PAN-OS 11.2.4-h10",
            "PAN-OS 11.2.4-h9",
            "PAN-OS 11.2.4-h8",
            "PAN-OS 11.2.4-h7",
            "PAN-OS 11.2.4-h6",
            "PAN-OS 11.2.4-h5",
            "PAN-OS 11.2.4-h4",
            "PAN-OS 11.2.4-h3",
            "PAN-OS 11.2.4-h2",
            "PAN-OS 11.2.4-h1",
            "PAN-OS 11.2.4",
            "PAN-OS 11.2.3-h5",
            "PAN-OS 11.2.3-h4",
            "PAN-OS 11.2.3-h3",
            "PAN-OS 11.2.3-h2",
            "PAN-OS 11.2.3-h1",
            "PAN-OS 11.2.3",
            "PAN-OS 11.2.2-h2",
            "PAN-OS 11.2.2-h1",
            "PAN-OS 11.2.1-h1",
            "PAN-OS 11.2.1",
            "PAN-OS 11.2.0-h1",
            "PAN-OS 11.2.0",
            "PAN-OS 11.1.15",
            "PAN-OS 11.1.14",
            "PAN-OS 11.1.13-h6",
            "PAN-OS 11.1.13-h5",
            "PAN-OS 11.1.13-h3",
            "PAN-OS 11.1.13-h2",
            "PAN-OS 11.1.13-h1",
            "PAN-OS 11.1.13",
            "PAN-OS 11.1.12",
            "PAN-OS 11.1.11",
            "PAN-OS 11.1.10-h26",
            "PAN-OS 11.1.10-h25",
            "PAN-OS 11.1.10-h21",
            "PAN-OS 11.1.10-h12",
            "PAN-OS 11.1.10-h10",
            "PAN-OS 11.1.10-h9",
            "PAN-OS 11.1.10-h7",
            "PAN-OS 11.1.10-h5",
            "PAN-OS 11.1.10-h4",
            "PAN-OS 11.1.10-h1",
            "PAN-OS 11.1.10",
            "PAN-OS 11.1.9",
            "PAN-OS 11.1.8",
            "PAN-OS 11.1.6-h32",
            "PAN-OS 11.1.6-h29",
            "PAN-OS 11.1.6-h25",
            "PAN-OS 11.1.6-h23",
            "PAN-OS 11.1.6-h22",
            "PAN-OS 11.1.6-h21",
            "PAN-OS 11.1.6-h20",
            "PAN-OS 11.1.6-h19",
            "PAN-OS 11.1.6-h18",
            "PAN-OS 11.1.6-h17",
            "PAN-OS 11.1.6-h14",
            "PAN-OS 11.1.6-h10",
            "PAN-OS 11.1.6-h7",
            "PAN-OS 11.1.6-h6",
            "PAN-OS 11.1.6-h4",
            "PAN-OS 11.1.6-h3",
            "PAN-OS 11.1.6-h2",
            "PAN-OS 11.1.6-h1",
            "PAN-OS 11.1.6",
            "PAN-OS 11.1.5-h1",
            "PAN-OS 11.1.5",
            "PAN-OS 11.1.4-h33",
            "PAN-OS 11.1.4-h32",
            "PAN-OS 11.1.4-h27",
            "PAN-OS 11.1.4-h25",
            "PAN-OS 11.1.4-h18",
            "PAN-OS 11.1.4-h17",
            "PAN-OS 11.1.4-h15",
            "PAN-OS 11.1.4-h13",
            "PAN-OS 11.1.4-h12",
            "PAN-OS 11.1.4-h11",
            "PAN-OS 11.1.4-h10",
            "PAN-OS 11.1.4-h9",
            "PAN-OS 11.1.4-h8",
            "PAN-OS 11.1.4-h7",
            "PAN-OS 11.1.4-h6",
            "PAN-OS 11.1.4-h5",
            "PAN-OS 11.1.4-h4",
            "PAN-OS 11.1.4-h3",
            "PAN-OS 11.1.4-h2",
            "PAN-OS 11.1.4-h1",
            "PAN-OS 11.1.4",
            "PAN-OS 11.1.3-h13",
            "PAN-OS 11.1.3-h12",
            "PAN-OS 11.1.3-h11",
            "PAN-OS 11.1.3-h10",
            "PAN-OS 11.1.3-h9",
            "PAN-OS 11.1.3-h8",
            "PAN-OS 11.1.3-h7",
            "PAN-OS 11.1.3-h6",
            "PAN-OS 11.1.3-h5",
            "PAN-OS 11.1.3-h4",
            "PAN-OS 11.1.3-h3",
            "PAN-OS 11.1.3-h2",
            "PAN-OS 11.1.3-h1",
            "PAN-OS 11.1.3",
            "PAN-OS 11.1.2-h18",
            "PAN-OS 11.1.2-h17",
            "PAN-OS 11.1.2-h16",
            "PAN-OS 11.1.2-h15",
            "PAN-OS 11.1.2-h14",
            "PAN-OS 11.1.2-h13",
            "PAN-OS 11.1.2-h12",
            "PAN-OS 11.1.2-h11",
            "PAN-OS 11.1.2-h10",
            "PAN-OS 11.1.2-h9",
            "PAN-OS 11.1.2-h8",
            "PAN-OS 11.1.2-h7",
            "PAN-OS 11.1.2-h6",
            "PAN-OS 11.1.2-h5",
            "PAN-OS 11.1.2-h4",
            "PAN-OS 11.1.2-h3",
            "PAN-OS 11.1.2-h2",
            "PAN-OS 11.1.2-h1",
            "PAN-OS 11.1.2",
            "PAN-OS 11.1.1-h2",
            "PAN-OS 11.1.1-h1",
            "PAN-OS 11.1.1",
            "PAN-OS 11.1.0-h4",
            "PAN-OS 11.1.0-h3",
            "PAN-OS 11.1.0-h2",
            "PAN-OS 11.1.0-h1",
            "PAN-OS 11.1.0",
            "PAN-OS 10.2.18-h6",
            "PAN-OS 10.2.18-h5",
            "PAN-OS 10.2.18-h1",
            "PAN-OS 10.2.18",
            "PAN-OS 10.2.17",
            "PAN-OS 10.2.16-h7",
            "PAN-OS 10.2.16-h6",
            "PAN-OS 10.2.16-h4",
            "PAN-OS 10.2.16-h1",
            "PAN-OS 10.2.16",
            "PAN-OS 10.2.15",
            "PAN-OS 10.2.14-h1",
            "PAN-OS 10.2.14",
            "PAN-OS 10.2.13-h21",
            "PAN-OS 10.2.13-h18",
            "PAN-OS 10.2.13-h16",
            "PAN-OS 10.2.13-h15",
            "PAN-OS 10.2.13-h10",
            "PAN-OS 10.2.13-h7",
            "PAN-OS 10.2.13-h5",
            "PAN-OS 10.2.13-h4",
            "PAN-OS 10.2.13-h3",
            "PAN-OS 10.2.13-h2",
            "PAN-OS 10.2.13-h1",
            "PAN-OS 10.2.13",
            "PAN-OS 10.2.12-h6",
            "PAN-OS 10.2.12-h5",
            "PAN-OS 10.2.12-h4",
            "PAN-OS 10.2.12-h3",
            "PAN-OS 10.2.12-h2",
            "PAN-OS 10.2.12-h1",
            "PAN-OS 10.2.12",
            "PAN-OS 10.2.11-h13",
            "PAN-OS 10.2.11-h12",
            "PAN-OS 10.2.11-h11",
            "PAN-OS 10.2.11-h10",
            "PAN-OS 10.2.11-h9",
            "PAN-OS 10.2.11-h8",
            "PAN-OS 10.2.11-h7",
            "PAN-OS 10.2.11-h6",
            "PAN-OS 10.2.11-h5",
            "PAN-OS 10.2.11-h4",
            "PAN-OS 10.2.11-h3",
            "PAN-OS 10.2.11-h2",
            "PAN-OS 10.2.11-h1",
            "PAN-OS 10.2.11",
            "PAN-OS 10.2.10-h36",
            "PAN-OS 10.2.10-h31",
            "PAN-OS 10.2.10-h30",
            "PAN-OS 10.2.10-h27",
            "PAN-OS 10.2.10-h26",
            "PAN-OS 10.2.10-h23",
            "PAN-OS 10.2.10-h21",
            "PAN-OS 10.2.10-h18",
            "PAN-OS 10.2.10-h17",
            "PAN-OS 10.2.10-h14",
            "PAN-OS 10.2.10-h13",
            "PAN-OS 10.2.10-h12",
            "PAN-OS 10.2.10-h11",
            "PAN-OS 10.2.10-h10",
            "PAN-OS 10.2.10-h9",
            "PAN-OS 10.2.10-h8",
            "PAN-OS 10.2.10-h7",
            "PAN-OS 10.2.10-h6",
            "PAN-OS 10.2.10-h5",
            "PAN-OS 10.2.10-h4",
            "PAN-OS 10.2.10-h3",
            "PAN-OS 10.2.10-h2",
            "PAN-OS 10.2.10-h1",
            "PAN-OS 10.2.10",
            "PAN-OS 10.2.9-h21",
            "PAN-OS 10.2.9-h20",
            "PAN-OS 10.2.9-h19",
            "PAN-OS 10.2.9-h18",
            "PAN-OS 10.2.9-h17",
            "PAN-OS 10.2.9-h16",
            "PAN-OS 10.2.9-h15",
            "PAN-OS 10.2.9-h14",
            "PAN-OS 10.2.9-h13",
            "PAN-OS 10.2.9-h12",
            "PAN-OS 10.2.9-h11",
            "PAN-OS 10.2.9-h10",
            "PAN-OS 10.2.9-h9",
            "PAN-OS 10.2.9-h8",
            "PAN-OS 10.2.9-h7",
            "PAN-OS 10.2.9-h6",
            "PAN-OS 10.2.9-h5",
            "PAN-OS 10.2.9-h4",
            "PAN-OS 10.2.9-h3",
            "PAN-OS 10.2.9-h2",
            "PAN-OS 10.2.9-h1",
            "PAN-OS 10.2.9",
            "PAN-OS 10.2.8-h21",
            "PAN-OS 10.2.8-h20",
            "PAN-OS 10.2.8-h19",
            "PAN-OS 10.2.8-h18",
            "PAN-OS 10.2.8-h17",
            "PAN-OS 10.2.8-h16",
            "PAN-OS 10.2.8-h15",
            "PAN-OS 10.2.8-h14",
            "PAN-OS 10.2.8-h13",
            "PAN-OS 10.2.8-h12",
            "PAN-OS 10.2.8-h11",
            "PAN-OS 10.2.8-h10",
            "PAN-OS 10.2.8-h9",
            "PAN-OS 10.2.8-h8",
            "PAN-OS 10.2.8-h7",
            "PAN-OS 10.2.8-h6",
            "PAN-OS 10.2.8-h5",
            "PAN-OS 10.2.8-h4",
            "PAN-OS 10.2.8-h3",
            "PAN-OS 10.2.8-h2",
            "PAN-OS 10.2.8-h1",
            "PAN-OS 10.2.8",
            "PAN-OS 10.2.7-h34",
            "PAN-OS 10.2.7-h32",
            "PAN-OS 10.2.7-h24",
            "PAN-OS 10.2.7-h23",
            "PAN-OS 10.2.7-h22",
            "PAN-OS 10.2.7-h21",
            "PAN-OS 10.2.7-h20",
            "PAN-OS 10.2.7-h19",
            "PAN-OS 10.2.7-h18",
            "PAN-OS 10.2.7-h17",
            "PAN-OS 10.2.7-h16",
            "PAN-OS 10.2.7-h15",
            "PAN-OS 10.2.7-h14",
            "PAN-OS 10.2.7-h13",
            "PAN-OS 10.2.7-h12",
            "PAN-OS 10.2.7-h11",
            "PAN-OS 10.2.7-h10",
            "PAN-OS 10.2.7-h9",
            "PAN-OS 10.2.7-h8",
            "PAN-OS 10.2.7-h7",
            "PAN-OS 10.2.7-h6",
            "PAN-OS 10.2.7-h5",
            "PAN-OS 10.2.7-h4",
            "PAN-OS 10.2.7-h3",
            "PAN-OS 10.2.7-h2",
            "PAN-OS 10.2.7-h1",
            "PAN-OS 10.2.7",
            "PAN-OS 10.2.6-h6",
            "PAN-OS 10.2.6-h5",
            "PAN-OS 10.2.6-h4",
            "PAN-OS 10.2.6-h3",
            "PAN-OS 10.2.6-h2",
            "PAN-OS 10.2.6-h1",
            "PAN-OS 10.2.6",
            "PAN-OS 10.2.5-h9",
            "PAN-OS 10.2.5-h8",
            "PAN-OS 10.2.5-h7",
            "PAN-OS 10.2.5-h6",
            "PAN-OS 10.2.5-h5",
            "PAN-OS 10.2.5-h4",
            "PAN-OS 10.2.5-h3",
            "PAN-OS 10.2.5-h2",
            "PAN-OS 10.2.5-h1",
            "PAN-OS 10.2.5",
            "PAN-OS 10.2.4-h32",
            "PAN-OS 10.2.4-h31",
            "PAN-OS 10.2.4-h30",
            "PAN-OS 10.2.4-h29",
            "PAN-OS 10.2.4-h28",
            "PAN-OS 10.2.4-h27",
            "PAN-OS 10.2.4-h26",
            "PAN-OS 10.2.4-h25",
            "PAN-OS 10.2.4-h24",
            "PAN-OS 10.2.4-h23",
            "PAN-OS 10.2.4-h22",
            "PAN-OS 10.2.4-h21",
            "PAN-OS 10.2.4-h20",
            "PAN-OS 10.2.4-h19",
            "PAN-OS 10.2.4-h18",
            "PAN-OS 10.2.4-h17",
            "PAN-OS 10.2.4-h16",
            "PAN-OS 10.2.4-h15",
            "PAN-OS 10.2.4-h14",
            "PAN-OS 10.2.4-h13",
            "PAN-OS 10.2.4-h12",
            "PAN-OS 10.2.4-h11",
            "PAN-OS 10.2.4-h10",
            "PAN-OS 10.2.4-h9",
            "PAN-OS 10.2.4-h8",
            "PAN-OS 10.2.4-h7",
            "PAN-OS 10.2.4-h6",
            "PAN-OS 10.2.4-h5",
            "PAN-OS 10.2.4-h4",
            "PAN-OS 10.2.4-h3",
            "PAN-OS 10.2.4-h2",
            "PAN-OS 10.2.4-h1",
            "PAN-OS 10.2.4",
            "PAN-OS 10.2.3-h14",
            "PAN-OS 10.2.3-h13",
            "PAN-OS 10.2.3-h12",
            "PAN-OS 10.2.3-h11",
            "PAN-OS 10.2.3-h10",
            "PAN-OS 10.2.3-h9",
            "PAN-OS 10.2.3-h8",
            "PAN-OS 10.2.3-h7",
            "PAN-OS 10.2.3-h6",
            "PAN-OS 10.2.3-h5",
            "PAN-OS 10.2.3-h4",
            "PAN-OS 10.2.3-h3",
            "PAN-OS 10.2.3-h2",
            "PAN-OS 10.2.3-h1",
            "PAN-OS 10.2.3",
            "PAN-OS 10.2.2-h6",
            "PAN-OS 10.2.2-h5",
            "PAN-OS 10.2.2-h4",
            "PAN-OS 10.2.2-h3",
            "PAN-OS 10.2.2-h2",
            "PAN-OS 10.2.2-h1",
            "PAN-OS 10.2.2",
            "PAN-OS 10.2.1-h3",
            "PAN-OS 10.2.1-h2",
            "PAN-OS 10.2.1-h1",
            "PAN-OS 10.2.1",
            "PAN-OS 10.2.0-h4",
            "PAN-OS 10.2.0-h3",
            "PAN-OS 10.2.0-h2",
            "PAN-OS 10.2.0-h1",
            "PAN-OS 10.2.0"
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "assignerShortName": "palo_alto",
        "cveId": "CVE-2026-0281",
        "datePublished": "2026-07-09T19:03:44.381Z",
        "dateReserved": "2025-11-03T20:44:40.071Z",
        "dateUpdated": "2026-07-09T19:24:18.136Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0280 (GCVE-0-2026-0280)

    Vulnerability from nvd – Published: 2026-07-09 19:05 – Updated: 2026-07-09 19:23
    VLAI
    Title
    PAN-OS: IPv6 Firewall Policy Bypass
    Summary
    An IPv6 packet processing vulnerability in the dataplane of Palo Alto Networks PAN-OS® software enables an unauthenticated attacker to bypass firewall security policy enforcement, allowing network traffic that should be blocked to reach protected services. Cloud NGFW and Panorama are not impacted by this vulnerability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-131 - Incorrect Calculation of Buffer Size
    Assigner
    References
    Impacted products
    Vendor Product Version
    Palo Alto Networks Cloud NGFW Unaffected: All (custom)
    Create a notification for this product.
    Palo Alto Networks PAN-OS Affected: 12.1.0 , < 12.1.8 (custom)
    Affected: 11.2.0 , < 11.2.13 (custom)
    Affected: 11.1.0 , < 11.1.16 (custom)
    Affected: 10.2.0 , < 10.2.18-h8 (custom)
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.12:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h13:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.15:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.14:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h26:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h25:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h32:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h29:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h25:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h23:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h22:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h20:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h19:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h33:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h32:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h27:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h25:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h13:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h16:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h36:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h31:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h30:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h27:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h26:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h23:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h13:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h34:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h32:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h24:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h23:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h22:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h20:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h19:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h16:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h13:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Palo Alto Networks Panorama Unaffected: All (custom)
    Create a notification for this product.
    Palo Alto Networks Prisma Access Affected: 11.2.0 , < 11.2.7-h18 (custom)
    Affected: 10.2.0 , < 10.2.10-h39 (custom)
    Create a notification for this product.
    Date Public
    2026-07-08 16:00
    Credits
    Curious of TRAPA Security
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0280",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T19:23:50.545835Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T19:23:56.125Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Cloud NGFW",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h13:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h26:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h25:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h32:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h29:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h25:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h23:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h22:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h20:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h19:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h33:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h32:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h27:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h25:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h13:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h16:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h36:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h31:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h30:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h27:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h26:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h23:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h13:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h34:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h32:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h24:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h23:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h22:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h20:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h19:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h16:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h13:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "PAN-OS",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "12.1.8",
                      "status": "unaffected"
                    },
                    {
                      "at": "12.1.7-h2",
                      "status": "unaffected"
                    },
                    {
                      "at": "12.1.4-h8",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "12.1.8",
                  "status": "affected",
                  "version": "12.1.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "11.2.13",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.2.10-h11",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.2.7-h18",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.2.4-h20",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "11.2.13",
                  "status": "affected",
                  "version": "11.2.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "11.1.16",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.13-h9",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.10-h30",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.7-h8",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.6-h35",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.4-h35",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "11.1.16",
                  "status": "affected",
                  "version": "11.1.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "10.2.18-h8",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.16-h9",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.13-h23",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.10-h39",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.7-h36",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "10.2.18-h8",
                  "status": "affected",
                  "version": "10.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Panorama",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Prisma Access",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "11.2.7-h18",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "11.2.7-h18",
                  "status": "affected",
                  "version": "11.2.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "10.2.10-h39",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "10.2.10-h39",
                  "status": "affected",
                  "version": "10.2.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "configurations": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "This issue applies to PAN-OS firewalls with IPv6 enabled on one or more interfaces.\u003cbr\u003e\u003cbr\u003eYou can verify IPv6 is enabled by checking:\u003cbr\u003e\u2003Network -\u0026gt; Interfaces -\u0026gt; [Interface with Layer3 type] -\u0026gt; IPv6 \u0026gt; Enable IPv6 on the interface"
                }
              ],
              "value": "This issue applies to PAN-OS firewalls with IPv6 enabled on one or more interfaces.\n\nYou can verify IPv6 is enabled by checking:\n\u2003Network -\u003e Interfaces -\u003e [Interface with Layer3 type] -\u003e IPv6 \u003e Enable IPv6 on the interface"
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "12.1.8",
                      "versionStartIncluding": "12.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "12.1.7-h2",
                      "versionStartIncluding": "12.1.7",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "12.1.4-h8",
                      "versionStartIncluding": "12.1.4",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.2.13",
                      "versionStartIncluding": "11.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.2.10-h11",
                      "versionStartIncluding": "11.2.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.2.7-h18",
                      "versionStartIncluding": "11.2.7",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.2.4-h20",
                      "versionStartIncluding": "11.2.4",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.16",
                      "versionStartIncluding": "11.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.13-h9",
                      "versionStartIncluding": "11.1.13",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.10-h30",
                      "versionStartIncluding": "11.1.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.7-h8",
                      "versionStartIncluding": "11.1.7",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.6-h35",
                      "versionStartIncluding": "11.1.6",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.4-h35",
                      "versionStartIncluding": "11.1.4",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.18-h8",
                      "versionStartIncluding": "10.2.18",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.16-h9",
                      "versionStartIncluding": "10.2.16",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.13-h23",
                      "versionStartIncluding": "10.2.13",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.10-h39",
                      "versionStartIncluding": "10.2.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.7-h36",
                      "versionStartIncluding": "10.2.7",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:prisma_access:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.2.7-h18",
                      "versionStartIncluding": "11.2.7",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:prisma_access:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.10-h39",
                      "versionStartIncluding": "10.2.10",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Curious of TRAPA Security"
            }
          ],
          "datePublic": "2026-07-08T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An IPv6 packet processing vulnerability in the dataplane of Palo Alto Networks PAN-OS\u00ae software enables an unauthenticated attacker to bypass firewall security policy enforcement, allowing network traffic that should be blocked to reach protected services.\u003cbr\u003e\u003cbr\u003eCloud NGFW and Panorama are not impacted by this vulnerability."
                }
              ],
              "value": "An IPv6 packet processing vulnerability in the dataplane of Palo Alto Networks PAN-OS\u00ae software enables an unauthenticated attacker to bypass firewall security policy enforcement, allowing network traffic that should be blocked to reach protected services.\n\nCloud NGFW and Panorama are not impacted by this vulnerability."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
                }
              ],
              "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-153",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-153 Input Data Manipulation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 1.7,
                "baseSeverity": "LOW",
                "exploitMaturity": "UNREPORTED",
                "privilegesRequired": "NONE",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "LOW",
                "userInteraction": "NONE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/AU:Y/V:D/RE:M/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-131",
                  "description": "CWE-131 Incorrect Calculation of Buffer Size",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T19:05:24.367Z",
            "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
            "shortName": "palo_alto"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.paloaltonetworks.com/CVE-2026-0280"
            }
          ],
          "solutions": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003ctable\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eVersion\u003cbr\u003e\u003c/th\u003e\u003cth\u003eMinor Version\u003cbr\u003e\u003c/th\u003e\u003cth\u003eSuggested Solution\u003cbr\u003e\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eCloud NGFW\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003ePAN-OS 12.1\u003cbr\u003e\u003c/td\u003e\n                                \u003ctd\u003e12.1.5 through 12.1.7\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 12.1.7-h2 or 12.1.8 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e12.1.2 through 12.1.4\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 12.1.4-h8 or 12.1.8 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003ePAN-OS 11.2\u003cbr\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.2.11 through 11.2.12\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.2.13 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.2.8 through 11.2.10\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.2.10-h11 or 11.2.13 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.2.5 through 11.2.7\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.2.7-h18 or 11.2.13 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.2.0 through 11.2.4\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.2.4-h20 or 11.2.13 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003ePAN-OS 11.1\u003cbr\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.1.14 through 11.1.15\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.1.16 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.1.11 through 11.1.13\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.1.13-h9 or 11.1.16 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.1.8 through 11.1.10\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.1.10-h30 or 11.1.16 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.1.7 through 11.1.7\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.1.7-h8 or 11.1.16 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.1.5 through 11.1.6\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.1.6-h35 or 11.1.16 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.1.0 through 11.1.4\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.1.4-h35 or 11.1.16 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003ePAN-OS 10.2\u003cbr\u003e\u003c/td\u003e\n                                \u003ctd\u003e10.2.17 through 10.2.18\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 10.2.18-h8 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e10.2.14 through 10.2.16\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 10.2.16-h9 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e10.2.11 through 10.2.13\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 10.2.13-h23 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e10.2.8 through 10.2.10\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 10.2.10-h39 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e10.2.0 through 10.2.7\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 10.2.7-h36 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eAll older\u003cbr\u003eunsupported\u003cbr\u003ePAN-OS versions\u003c/td\u003e\u003ctd\u003e\u0026nbsp;\u003c/td\u003e\u003ctd\u003eUpgrade to a supported fixed version.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePrisma Access 11.2\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.2.0 through 11.2.7\u003c/td\u003e\u003ctd\u003eUpgrade to 11.2.7-h18 or later.*\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePrisma Access 10.2\u003c/td\u003e\u003ctd\u003e10.2.0 through 10.2.10\u003c/td\u003e\u003ctd\u003eUpgrade to 10.2.10-h39 or later.*\u003cbr\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cbr\u003e* See the note under Product Status for information regarding Prisma Access upgrades."
                }
              ],
              "value": "Version\nMinor Version\nSuggested Solution\nCloud NGFW\nNo action needed.\n                                PAN-OS 12.1\n\n                                12.1.5 through 12.1.7-h*\n                                Upgrade to 12.1.7-h2 or 12.1.8 or later.\n                            \n                                \n                                12.1.2 through 12.1.4-h*\n                                Upgrade to 12.1.4-h8 or 12.1.8 or later.\n                            \n                                PAN-OS 11.2\n\n                                11.2.11 through 11.2.12\n                                Upgrade to 11.2.13 or later.\n                            \n                                \n                                11.2.8 through 11.2.10-h*\n                                Upgrade to 11.2.10-h11 or 11.2.13 or later.\n                            \n                                \n                                11.2.5 through 11.2.7-h*\n                                Upgrade to 11.2.7-h18 or 11.2.13 or later.\n                            \n                                \n                                11.2.0 through 11.2.4-h*\n                                Upgrade to 11.2.4-h20 or 11.2.13 or later.\n                            \n                                PAN-OS 11.1\n\n                                11.1.14 through 11.1.15\n                                Upgrade to 11.1.16 or later.\n                            \n                                \n                                11.1.11 through 11.1.13-h*\n                                Upgrade to 11.1.13-h9 or 11.1.16 or later.\n                            \n                                \n                                11.1.8 through 11.1.10-h*\n                                Upgrade to 11.1.10-h30 or 11.1.16 or later.\n                            \n                                \n                                11.1.7 through 11.1.7-h*\n                                Upgrade to 11.1.7-h8 or 11.1.16 or later.\n                            \n                                \n                                11.1.5 through 11.1.6-h*\n                                Upgrade to 11.1.6-h35 or 11.1.16 or later.\n                            \n                                \n                                11.1.0 through 11.1.4-h*\n                                Upgrade to 11.1.4-h35 or 11.1.16 or later.\n                            \n                                PAN-OS 10.2\n\n                                10.2.17 through 10.2.18-h*\n                                Upgrade to 10.2.18-h8 or later.\n                            \n                                \n                                10.2.14 through 10.2.16-h*\n                                Upgrade to 10.2.16-h9 or later.\n                            \n                                \n                                10.2.11 through 10.2.13-h*\n                                Upgrade to 10.2.13-h23 or later.\n                            \n                                \n                                10.2.8 through 10.2.10-h*\n                                Upgrade to 10.2.10-h39 or later.\n                            \n                                \n                                10.2.0 through 10.2.7-h*\n                                Upgrade to 10.2.7-h36 or later.\n                            All older\nunsupported\nPAN-OS versions\u00a0Upgrade to a supported fixed version.Prisma Access 11.2\n11.2.0 through 11.2.7Upgrade to 11.2.7-h18 or later.*Prisma Access 10.210.2.0 through 10.2.10Upgrade to 10.2.10-h39 or later.*\n\n* See the note under Product Status for information regarding Prisma Access upgrades."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-08T16:00:00.000Z",
              "value": "Initial Publication"
            }
          ],
          "title": "PAN-OS: IPv6 Firewall Policy Bypass",
          "workarounds": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eThe only way to completely address this vulnerability is to upgrade to a fixed version. However, if operationally feasible for your environment, risk can be mitigated by enabling the default \"Non SYN TCP Reject\" setting via the following command:\u2003\u003c/p\u003e\u2003set deviceconfig setting session tcp-reject-non-syn yes"
                }
              ],
              "value": "The only way to completely address this vulnerability is to upgrade to a fixed version. However, if operationally feasible for your environment, risk can be mitigated by enabling the default \"Non SYN TCP Reject\" setting via the following command:\u2003\n\n\u2003set deviceconfig setting session tcp-reject-non-syn yes"
            }
          ],
          "x_affectedList": [
            "PAN-OS 12.1.7",
            "PAN-OS 12.1.6",
            "PAN-OS 12.1.5",
            "PAN-OS 12.1.4-h6",
            "PAN-OS 12.1.4-h5",
            "PAN-OS 12.1.4-h3",
            "PAN-OS 12.1.4-h2",
            "PAN-OS 12.1.4",
            "PAN-OS 12.1.3-h3",
            "PAN-OS 12.1.3-h1",
            "PAN-OS 12.1.3",
            "PAN-OS 12.1.2",
            "PAN-OS 11.2.12",
            "PAN-OS 11.2.11",
            "PAN-OS 11.2.10-h8",
            "PAN-OS 11.2.10-h7",
            "PAN-OS 11.2.10-h6",
            "PAN-OS 11.2.10-h5",
            "PAN-OS 11.2.10-h4",
            "PAN-OS 11.2.10-h3",
            "PAN-OS 11.2.10-h2",
            "PAN-OS 11.2.10-h1",
            "PAN-OS 11.2.10",
            "PAN-OS 11.2.9",
            "PAN-OS 11.2.8",
            "PAN-OS 11.2.7-h15",
            "PAN-OS 11.2.7-h14",
            "PAN-OS 11.2.7-h13",
            "PAN-OS 11.2.7-h12",
            "PAN-OS 11.2.7-h11",
            "PAN-OS 11.2.7-h10",
            "PAN-OS 11.2.7-h8",
            "PAN-OS 11.2.7-h7",
            "PAN-OS 11.2.7-h4",
            "PAN-OS 11.2.7-h3",
            "PAN-OS 11.2.7-h2",
            "PAN-OS 11.2.7-h1",
            "PAN-OS 11.2.7",
            "PAN-OS 11.2.6",
            "PAN-OS 11.2.5",
            "PAN-OS 11.2.4-h17",
            "PAN-OS 11.2.4-h15",
            "PAN-OS 11.2.4-h14",
            "PAN-OS 11.2.4-h12",
            "PAN-OS 11.2.4-h11",
            "PAN-OS 11.2.4-h10",
            "PAN-OS 11.2.4-h9",
            "PAN-OS 11.2.4-h8",
            "PAN-OS 11.2.4-h7",
            "PAN-OS 11.2.4-h6",
            "PAN-OS 11.2.4-h5",
            "PAN-OS 11.2.4-h4",
            "PAN-OS 11.2.4-h3",
            "PAN-OS 11.2.4-h2",
            "PAN-OS 11.2.4-h1",
            "PAN-OS 11.2.4",
            "PAN-OS 11.2.3-h5",
            "PAN-OS 11.2.3-h4",
            "PAN-OS 11.2.3-h3",
            "PAN-OS 11.2.3-h2",
            "PAN-OS 11.2.3-h1",
            "PAN-OS 11.2.3",
            "PAN-OS 11.2.2-h2",
            "PAN-OS 11.2.2-h1",
            "PAN-OS 11.2.1-h1",
            "PAN-OS 11.2.1",
            "PAN-OS 11.2.0-h1",
            "PAN-OS 11.2.0",
            "PAN-OS 11.1.15",
            "PAN-OS 11.1.14",
            "PAN-OS 11.1.13-h6",
            "PAN-OS 11.1.13-h5",
            "PAN-OS 11.1.13-h3",
            "PAN-OS 11.1.13-h2",
            "PAN-OS 11.1.13-h1",
            "PAN-OS 11.1.13",
            "PAN-OS 11.1.12",
            "PAN-OS 11.1.11",
            "PAN-OS 11.1.10-h26",
            "PAN-OS 11.1.10-h25",
            "PAN-OS 11.1.10-h21",
            "PAN-OS 11.1.10-h12",
            "PAN-OS 11.1.10-h10",
            "PAN-OS 11.1.10-h9",
            "PAN-OS 11.1.10-h7",
            "PAN-OS 11.1.10-h5",
            "PAN-OS 11.1.10-h4",
            "PAN-OS 11.1.10-h1",
            "PAN-OS 11.1.10",
            "PAN-OS 11.1.9",
            "PAN-OS 11.1.8",
            "PAN-OS 11.1.6-h32",
            "PAN-OS 11.1.6-h29",
            "PAN-OS 11.1.6-h25",
            "PAN-OS 11.1.6-h23",
            "PAN-OS 11.1.6-h22",
            "PAN-OS 11.1.6-h21",
            "PAN-OS 11.1.6-h20",
            "PAN-OS 11.1.6-h19",
            "PAN-OS 11.1.6-h18",
            "PAN-OS 11.1.6-h17",
            "PAN-OS 11.1.6-h14",
            "PAN-OS 11.1.6-h10",
            "PAN-OS 11.1.6-h7",
            "PAN-OS 11.1.6-h6",
            "PAN-OS 11.1.6-h4",
            "PAN-OS 11.1.6-h3",
            "PAN-OS 11.1.6-h2",
            "PAN-OS 11.1.6-h1",
            "PAN-OS 11.1.6",
            "PAN-OS 11.1.5-h1",
            "PAN-OS 11.1.5",
            "PAN-OS 11.1.4-h33",
            "PAN-OS 11.1.4-h32",
            "PAN-OS 11.1.4-h27",
            "PAN-OS 11.1.4-h25",
            "PAN-OS 11.1.4-h18",
            "PAN-OS 11.1.4-h17",
            "PAN-OS 11.1.4-h15",
            "PAN-OS 11.1.4-h13",
            "PAN-OS 11.1.4-h12",
            "PAN-OS 11.1.4-h11",
            "PAN-OS 11.1.4-h10",
            "PAN-OS 11.1.4-h9",
            "PAN-OS 11.1.4-h8",
            "PAN-OS 11.1.4-h7",
            "PAN-OS 11.1.4-h6",
            "PAN-OS 11.1.4-h5",
            "PAN-OS 11.1.4-h4",
            "PAN-OS 11.1.4-h3",
            "PAN-OS 11.1.4-h2",
            "PAN-OS 11.1.4-h1",
            "PAN-OS 11.1.4",
            "PAN-OS 11.1.3-h13",
            "PAN-OS 11.1.3-h12",
            "PAN-OS 11.1.3-h11",
            "PAN-OS 11.1.3-h10",
            "PAN-OS 11.1.3-h9",
            "PAN-OS 11.1.3-h8",
            "PAN-OS 11.1.3-h7",
            "PAN-OS 11.1.3-h6",
            "PAN-OS 11.1.3-h5",
            "PAN-OS 11.1.3-h4",
            "PAN-OS 11.1.3-h3",
            "PAN-OS 11.1.3-h2",
            "PAN-OS 11.1.3-h1",
            "PAN-OS 11.1.3",
            "PAN-OS 11.1.2-h18",
            "PAN-OS 11.1.2-h17",
            "PAN-OS 11.1.2-h16",
            "PAN-OS 11.1.2-h15",
            "PAN-OS 11.1.2-h14",
            "PAN-OS 11.1.2-h13",
            "PAN-OS 11.1.2-h12",
            "PAN-OS 11.1.2-h11",
            "PAN-OS 11.1.2-h10",
            "PAN-OS 11.1.2-h9",
            "PAN-OS 11.1.2-h8",
            "PAN-OS 11.1.2-h7",
            "PAN-OS 11.1.2-h6",
            "PAN-OS 11.1.2-h5",
            "PAN-OS 11.1.2-h4",
            "PAN-OS 11.1.2-h3",
            "PAN-OS 11.1.2-h2",
            "PAN-OS 11.1.2-h1",
            "PAN-OS 11.1.2",
            "PAN-OS 11.1.1-h2",
            "PAN-OS 11.1.1-h1",
            "PAN-OS 11.1.1",
            "PAN-OS 11.1.0-h4",
            "PAN-OS 11.1.0-h3",
            "PAN-OS 11.1.0-h2",
            "PAN-OS 11.1.0-h1",
            "PAN-OS 11.1.0",
            "PAN-OS 10.2.18-h6",
            "PAN-OS 10.2.18-h5",
            "PAN-OS 10.2.18-h1",
            "PAN-OS 10.2.18",
            "PAN-OS 10.2.17",
            "PAN-OS 10.2.16-h7",
            "PAN-OS 10.2.16-h6",
            "PAN-OS 10.2.16-h4",
            "PAN-OS 10.2.16-h1",
            "PAN-OS 10.2.16",
            "PAN-OS 10.2.15",
            "PAN-OS 10.2.14-h1",
            "PAN-OS 10.2.14",
            "PAN-OS 10.2.13-h21",
            "PAN-OS 10.2.13-h18",
            "PAN-OS 10.2.13-h16",
            "PAN-OS 10.2.13-h15",
            "PAN-OS 10.2.13-h10",
            "PAN-OS 10.2.13-h7",
            "PAN-OS 10.2.13-h5",
            "PAN-OS 10.2.13-h4",
            "PAN-OS 10.2.13-h3",
            "PAN-OS 10.2.13-h2",
            "PAN-OS 10.2.13-h1",
            "PAN-OS 10.2.13",
            "PAN-OS 10.2.12-h6",
            "PAN-OS 10.2.12-h5",
            "PAN-OS 10.2.12-h4",
            "PAN-OS 10.2.12-h3",
            "PAN-OS 10.2.12-h2",
            "PAN-OS 10.2.12-h1",
            "PAN-OS 10.2.12",
            "PAN-OS 10.2.11-h13",
            "PAN-OS 10.2.11-h12",
            "PAN-OS 10.2.11-h11",
            "PAN-OS 10.2.11-h10",
            "PAN-OS 10.2.11-h9",
            "PAN-OS 10.2.11-h8",
            "PAN-OS 10.2.11-h7",
            "PAN-OS 10.2.11-h6",
            "PAN-OS 10.2.11-h5",
            "PAN-OS 10.2.11-h4",
            "PAN-OS 10.2.11-h3",
            "PAN-OS 10.2.11-h2",
            "PAN-OS 10.2.11-h1",
            "PAN-OS 10.2.11",
            "PAN-OS 10.2.10-h36",
            "PAN-OS 10.2.10-h31",
            "PAN-OS 10.2.10-h30",
            "PAN-OS 10.2.10-h27",
            "PAN-OS 10.2.10-h26",
            "PAN-OS 10.2.10-h23",
            "PAN-OS 10.2.10-h21",
            "PAN-OS 10.2.10-h18",
            "PAN-OS 10.2.10-h17",
            "PAN-OS 10.2.10-h14",
            "PAN-OS 10.2.10-h13",
            "PAN-OS 10.2.10-h12",
            "PAN-OS 10.2.10-h11",
            "PAN-OS 10.2.10-h10",
            "PAN-OS 10.2.10-h9",
            "PAN-OS 10.2.10-h8",
            "PAN-OS 10.2.10-h7",
            "PAN-OS 10.2.10-h6",
            "PAN-OS 10.2.10-h5",
            "PAN-OS 10.2.10-h4",
            "PAN-OS 10.2.10-h3",
            "PAN-OS 10.2.10-h2",
            "PAN-OS 10.2.10-h1",
            "PAN-OS 10.2.10",
            "PAN-OS 10.2.9-h21",
            "PAN-OS 10.2.9-h20",
            "PAN-OS 10.2.9-h19",
            "PAN-OS 10.2.9-h18",
            "PAN-OS 10.2.9-h17",
            "PAN-OS 10.2.9-h16",
            "PAN-OS 10.2.9-h15",
            "PAN-OS 10.2.9-h14",
            "PAN-OS 10.2.9-h13",
            "PAN-OS 10.2.9-h12",
            "PAN-OS 10.2.9-h11",
            "PAN-OS 10.2.9-h10",
            "PAN-OS 10.2.9-h9",
            "PAN-OS 10.2.9-h8",
            "PAN-OS 10.2.9-h7",
            "PAN-OS 10.2.9-h6",
            "PAN-OS 10.2.9-h5",
            "PAN-OS 10.2.9-h4",
            "PAN-OS 10.2.9-h3",
            "PAN-OS 10.2.9-h2",
            "PAN-OS 10.2.9-h1",
            "PAN-OS 10.2.9",
            "PAN-OS 10.2.8-h21",
            "PAN-OS 10.2.8-h20",
            "PAN-OS 10.2.8-h19",
            "PAN-OS 10.2.8-h18",
            "PAN-OS 10.2.8-h17",
            "PAN-OS 10.2.8-h16",
            "PAN-OS 10.2.8-h15",
            "PAN-OS 10.2.8-h14",
            "PAN-OS 10.2.8-h13",
            "PAN-OS 10.2.8-h12",
            "PAN-OS 10.2.8-h11",
            "PAN-OS 10.2.8-h10",
            "PAN-OS 10.2.8-h9",
            "PAN-OS 10.2.8-h8",
            "PAN-OS 10.2.8-h7",
            "PAN-OS 10.2.8-h6",
            "PAN-OS 10.2.8-h5",
            "PAN-OS 10.2.8-h4",
            "PAN-OS 10.2.8-h3",
            "PAN-OS 10.2.8-h2",
            "PAN-OS 10.2.8-h1",
            "PAN-OS 10.2.8",
            "PAN-OS 10.2.7-h34",
            "PAN-OS 10.2.7-h32",
            "PAN-OS 10.2.7-h24",
            "PAN-OS 10.2.7-h23",
            "PAN-OS 10.2.7-h22",
            "PAN-OS 10.2.7-h21",
            "PAN-OS 10.2.7-h20",
            "PAN-OS 10.2.7-h19",
            "PAN-OS 10.2.7-h18",
            "PAN-OS 10.2.7-h17",
            "PAN-OS 10.2.7-h16",
            "PAN-OS 10.2.7-h15",
            "PAN-OS 10.2.7-h14",
            "PAN-OS 10.2.7-h13",
            "PAN-OS 10.2.7-h12",
            "PAN-OS 10.2.7-h11",
            "PAN-OS 10.2.7-h10",
            "PAN-OS 10.2.7-h9",
            "PAN-OS 10.2.7-h8",
            "PAN-OS 10.2.7-h7",
            "PAN-OS 10.2.7-h6",
            "PAN-OS 10.2.7-h5",
            "PAN-OS 10.2.7-h4",
            "PAN-OS 10.2.7-h3",
            "PAN-OS 10.2.7-h2",
            "PAN-OS 10.2.7-h1",
            "PAN-OS 10.2.7",
            "PAN-OS 10.2.6-h6",
            "PAN-OS 10.2.6-h5",
            "PAN-OS 10.2.6-h4",
            "PAN-OS 10.2.6-h3",
            "PAN-OS 10.2.6-h2",
            "PAN-OS 10.2.6-h1",
            "PAN-OS 10.2.6",
            "PAN-OS 10.2.5-h9",
            "PAN-OS 10.2.5-h8",
            "PAN-OS 10.2.5-h7",
            "PAN-OS 10.2.5-h6",
            "PAN-OS 10.2.5-h5",
            "PAN-OS 10.2.5-h4",
            "PAN-OS 10.2.5-h3",
            "PAN-OS 10.2.5-h2",
            "PAN-OS 10.2.5-h1",
            "PAN-OS 10.2.5",
            "PAN-OS 10.2.4-h32",
            "PAN-OS 10.2.4-h31",
            "PAN-OS 10.2.4-h30",
            "PAN-OS 10.2.4-h29",
            "PAN-OS 10.2.4-h28",
            "PAN-OS 10.2.4-h27",
            "PAN-OS 10.2.4-h26",
            "PAN-OS 10.2.4-h25",
            "PAN-OS 10.2.4-h24",
            "PAN-OS 10.2.4-h23",
            "PAN-OS 10.2.4-h22",
            "PAN-OS 10.2.4-h21",
            "PAN-OS 10.2.4-h20",
            "PAN-OS 10.2.4-h19",
            "PAN-OS 10.2.4-h18",
            "PAN-OS 10.2.4-h17",
            "PAN-OS 10.2.4-h16",
            "PAN-OS 10.2.4-h15",
            "PAN-OS 10.2.4-h14",
            "PAN-OS 10.2.4-h13",
            "PAN-OS 10.2.4-h12",
            "PAN-OS 10.2.4-h11",
            "PAN-OS 10.2.4-h10",
            "PAN-OS 10.2.4-h9",
            "PAN-OS 10.2.4-h8",
            "PAN-OS 10.2.4-h7",
            "PAN-OS 10.2.4-h6",
            "PAN-OS 10.2.4-h5",
            "PAN-OS 10.2.4-h4",
            "PAN-OS 10.2.4-h3",
            "PAN-OS 10.2.4-h2",
            "PAN-OS 10.2.4-h1",
            "PAN-OS 10.2.4",
            "PAN-OS 10.2.3-h14",
            "PAN-OS 10.2.3-h13",
            "PAN-OS 10.2.3-h12",
            "PAN-OS 10.2.3-h11",
            "PAN-OS 10.2.3-h10",
            "PAN-OS 10.2.3-h9",
            "PAN-OS 10.2.3-h8",
            "PAN-OS 10.2.3-h7",
            "PAN-OS 10.2.3-h6",
            "PAN-OS 10.2.3-h5",
            "PAN-OS 10.2.3-h4",
            "PAN-OS 10.2.3-h3",
            "PAN-OS 10.2.3-h2",
            "PAN-OS 10.2.3-h1",
            "PAN-OS 10.2.3",
            "PAN-OS 10.2.2-h6",
            "PAN-OS 10.2.2-h5",
            "PAN-OS 10.2.2-h4",
            "PAN-OS 10.2.2-h3",
            "PAN-OS 10.2.2-h2",
            "PAN-OS 10.2.2-h1",
            "PAN-OS 10.2.2",
            "PAN-OS 10.2.1-h3",
            "PAN-OS 10.2.1-h2",
            "PAN-OS 10.2.1-h1",
            "PAN-OS 10.2.1",
            "PAN-OS 10.2.0-h4",
            "PAN-OS 10.2.0-h3",
            "PAN-OS 10.2.0-h2",
            "PAN-OS 10.2.0-h1",
            "PAN-OS 10.2.0"
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "assignerShortName": "palo_alto",
        "cveId": "CVE-2026-0280",
        "datePublished": "2026-07-09T19:05:24.367Z",
        "dateReserved": "2025-11-03T20:44:39.119Z",
        "dateUpdated": "2026-07-09T19:23:56.125Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0279 (GCVE-0-2026-0279)

    Vulnerability from nvd – Published: 2026-07-09 19:08 – Updated: 2026-07-09 19:23
    VLAI
    Title
    PAN-OS: Multiple Cross-Site Scripting (XSS) Vulnerabilities
    Summary
    Multiple cross site scripting vulnerabilities in the User-ID™ Authentication Portal (aka Captive Portal) service, GlobalProtect™ gateway/portal features and Clientless VPN of Palo Alto Networks PAN-OS® software enables a malicious unauthenticated user to store or execute malicious JavaScript payload. The security risk posed by this issue is minimized when the management interface and access to the User-ID™ Authentication Portal is restricted to only trusted internal IP addresses according to our recommended best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . This issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series). Cloud NGFW is not affected by this vulnerability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Palo Alto Networks Cloud NGFW Unaffected: All (custom)
    Create a notification for this product.
    Palo Alto Networks PAN-OS Affected: 12.1.0 , < 12.1.8 (custom)
    Affected: 11.2.0 , < 11.2.13 (custom)
    Affected: 11.1.0 , < 11.1.16 (custom)
    Affected: 10.2.0 , < 10.2.18-h8 (custom)
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.12:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h16:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h13:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.15:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.14:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h37:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h36:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h31:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h30:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h27:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h26:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h23:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h13:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Palo Alto Networks Prisma Access Affected: 12.1.0 , < 12.1.8 (custom)
    Affected: 11.2.0 (custom)
    Affected: 10.2.0 (custom)
    Create a notification for this product.
    Date Public
    2026-07-08 16:00
    Credits
    our internal security research teams
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0279",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T19:23:35.978278Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T19:23:42.200Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Cloud NGFW",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h16:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h13:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h37:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h36:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h31:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h30:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h27:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h26:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h23:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h13:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "affected",
              "product": "PAN-OS",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "12.1.8",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "12.1.8",
                  "status": "affected",
                  "version": "12.1.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "11.2.13",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "11.2.13",
                  "status": "affected",
                  "version": "11.2.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "11.1.16",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "11.1.16",
                  "status": "affected",
                  "version": "11.1.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "10.2.18-h8",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.16-h9",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.13-h23",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.10-h39",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.7-h36",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "10.2.18-h8",
                  "status": "affected",
                  "version": "10.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "Prisma Access",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "12.1.8",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "12.1.8",
                  "status": "affected",
                  "version": "12.1.0",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "11.2.0",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "10.2.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "configurations": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "No special configuration is required to be affected by this issue."
                }
              ],
              "value": "No special configuration is required to be affected by this issue."
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "12.1.8",
                      "versionStartIncluding": "12.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.2.13",
                      "versionStartIncluding": "11.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.16",
                      "versionStartIncluding": "11.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionStartIncluding": "10.2.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:prisma_access:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "12.1.8",
                      "versionStartIncluding": "12.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:prisma_access:*:*:*:*:*:*:*:*",
                      "versionStartIncluding": "11.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:prisma_access:*:*:*:*:*:*:*:*",
                      "versionStartIncluding": "10.2.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "our internal security research teams"
            }
          ],
          "datePublic": "2026-07-08T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Multiple cross site scripting vulnerabilities in the User-ID\u2122 Authentication Portal (aka Captive Portal) service, GlobalProtect\u2122 gateway/portal features and Clientless VPN of Palo Alto Networks PAN-OS\u00ae software enables a malicious unauthenticated user to store or execute malicious JavaScript payload.\u003cbr\u003e\u003cp\u003e\u003cspan\u003eThe security risk posed by this issue is minimized when the management interface and access to the User-ID\u2122 Authentication Portal is restricted to only trusted internal IP addresses according to our recommended\u003c/span\u003e \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"\u003e\u003cspan\u003ebest practice deployment guidelines\u003c/span\u003e\u003c/a\u003e\u003cspan\u003e.\u003cbr\u003e\u003cbr\u003e\u003c/span\u003e\u003cspan\u003eThis issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series).\u003c/span\u003e\u003cb\u003e\u003cspan\u003e\u003cbr\u003e\u003c/span\u003e\u003cspan\u003e\u003cbr\u003e\u003c/span\u003e\u003c/b\u003e\u003cspan\u003eCloud NGFW is not affected by this vulnerability.\u003c/span\u003e\u003cbr\u003e\u003c/p\u003e"
                }
              ],
              "value": "Multiple cross site scripting vulnerabilities in the User-ID\u2122 Authentication Portal (aka Captive Portal) service, GlobalProtect\u2122 gateway/portal features and Clientless VPN of Palo Alto Networks PAN-OS\u00ae software enables a malicious unauthenticated user to store or execute malicious JavaScript payload.\n\n\nThe security risk posed by this issue is minimized when the management interface and access to the User-ID\u2122 Authentication Portal is restricted to only trusted internal IP addresses according to our recommended  best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .\n\nThis issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series).\n\nCloud NGFW is not affected by this vulnerability."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Palo Alto Networks is not aware of any malicious exploitation of these issues."
                }
              ],
              "value": "Palo Alto Networks is not aware of any malicious exploitation of these issues."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-63",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-63 Cross-Site Scripting (XSS)"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NO",
                "Recovery": "USER",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 1.3,
                "baseSeverity": "LOW",
                "exploitMaturity": "UNREPORTED",
                "privilegesRequired": "NONE",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "The risk is highest when you allow access to the management interface from external IP addresses on the internet."
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NO",
                "Recovery": "USER",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "ADJACENT",
                "baseScore": 1.2,
                "baseSeverity": "LOW",
                "exploitMaturity": "UNREPORTED",
                "privilegesRequired": "NONE",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "You can reduce the risk of exploitation by restricting access to a jump box that is the only system allowed to access the management interface."
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NO",
                "Recovery": "USER",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "ADJACENT",
                "baseScore": 0.4,
                "baseSeverity": "LOW",
                "exploitMaturity": "UNREPORTED",
                "privilegesRequired": "LOW",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "The risk of exploitation is lower for Prisma Access as it requires an authenticated user and the external network access to the management interface is restricted."
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T19:08:41.656Z",
            "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
            "shortName": "palo_alto"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.paloaltonetworks.com/CVE-2026-0279"
            }
          ],
          "solutions": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003ctable\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eVersion\u003cbr\u003e\u003c/th\u003e\u003cth\u003eMinor Version\u003cbr\u003e\u003c/th\u003e\u003cth\u003eSuggested Solution\u003cbr\u003e\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eCloud NGFW\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 12.1\u003c/td\u003e\u003ctd\u003e12.1.2 through 12.1.7-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 12.1.8\u0026nbsp; or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 11.2\u003c/td\u003e\u003ctd\u003e11.2.0 through 11.2.12\u003c/td\u003e\u003ctd\u003eUpgrade to 11.2.13 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 11.1\u003c/td\u003e\u003ctd\u003e11.1.0 through 11.1.15-h*\u003cbr\u003e\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.16\u0026nbsp; or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 10.2\u003c/td\u003e\u003ctd\u003e10.2.0 through 10.2*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.16, 11.2.13, 12.1.8  or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eAll older\u003cbr\u003eunsupported\u003cbr\u003ePAN-OS versions\u003c/td\u003e\u003ctd\u003e\u0026nbsp;\u003c/td\u003e\u003ctd\u003eUpgrade to a supported fixed version.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u0026nbsp;Prisma Access 12.1\u003c/td\u003e\u003ctd\u003e12.1.2 through 12.1.7-h*\u003c/td\u003e\u003ctd\u003e\u0026nbsp;Upgrade to 12.1.8  or later.*\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePrisma Access 11.2\u003c/td\u003e\u003ctd\u003e11.2.0 through 11.2*\u003c/td\u003e\u003ctd\u003eUpgrade to 12.1.8 or later.*\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePrisma Access 10.2\u003c/td\u003e\u003ctd\u003e10.2.0 through 10.2*\u003c/td\u003e\u003ctd\u003eUpgrade to 12.1.8 or later.*\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cbr\u003e* See the note under Product Status for information regarding Prisma Access upgrades."
                }
              ],
              "value": "Version\nMinor Version\nSuggested Solution\nCloud NGFW\nNo action needed.PAN-OS 12.112.1.2 through 12.1.7-h*Upgrade to 12.1.8\u00a0 or later.PAN-OS 11.211.2.0 through 11.2.12Upgrade to 11.2.13 or later.PAN-OS 11.111.1.0 through 11.1.15-h*\nUpgrade to 11.1.16\u00a0 or later.PAN-OS 10.210.2.0 through 10.2*Upgrade to 11.1.16, 11.2.13, 12.1.8  or later.All older\nunsupported\nPAN-OS versions\u00a0Upgrade to a supported fixed version.\u00a0Prisma Access 12.112.1.2 through 12.1.7-h*\u00a0Upgrade to 12.1.8  or later.*Prisma Access 11.211.2.0 through 11.2*Upgrade to 12.1.8 or later.*Prisma Access 10.210.2.0 through 10.2*Upgrade to 12.1.8 or later.*\n* See the note under Product Status for information regarding Prisma Access upgrades."
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-08T20:30:00.000Z",
              "value": "Updated the Unaffected version for Prisma Access."
            },
            {
              "lang": "en",
              "time": "2026-07-08T16:00:00.000Z",
              "value": "Initial publication"
            }
          ],
          "title": "PAN-OS: Multiple Cross-Site Scripting (XSS) Vulnerabilities",
          "workarounds": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eThe vast majority of firewalls already follow Palo Alto Networks\u0027 and industry best practices. However, if you have not already, we strongly recommend that you secure access to your management interface according to our \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"\u003ebest practice deployment guidelines\u003c/a\u003e.\u0026nbsp;Specifically, you should restrict management interface access to only trusted internal IP addresses.\u003c/p\u003e\u003cp\u003eReview information about how to secure management access to your Palo Alto Networks firewalls:\u003c/p\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"\u003e\u003c/a\u003e\u003cul\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"\u003e\u003c/a\u003e\u003cli\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"\u003e\u003c/a\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"\u003ePalo Alto Networks LIVEcommunity article\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices\"\u003ePalo Alto Networks official and detailed technical documentation\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e"
                }
              ],
              "value": "The vast majority of firewalls already follow Palo Alto Networks\u0027 and industry best practices. However, if you have not already, we strongly recommend that you secure access to your management interface according to our  best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .\u00a0Specifically, you should restrict management interface access to only trusted internal IP addresses.\n\n\n\nReview information about how to secure management access to your Palo Alto Networks firewalls:\n\n  https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431   https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431   *    https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431  Palo Alto Networks LIVEcommunity article https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 \n  *   Palo Alto Networks official and detailed technical documentation https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices"
            }
          ],
          "x_affectedList": [
            "PAN-OS 12.1.7",
            "PAN-OS 12.1.6",
            "PAN-OS 12.1.5",
            "PAN-OS 12.1.4-h6",
            "PAN-OS 12.1.4-h5",
            "PAN-OS 12.1.4-h3",
            "PAN-OS 12.1.4-h2",
            "PAN-OS 12.1.4",
            "PAN-OS 12.1.3-h3",
            "PAN-OS 12.1.3-h1",
            "PAN-OS 12.1.3",
            "PAN-OS 12.1.2",
            "PAN-OS 11.2.12",
            "PAN-OS 11.2.11",
            "PAN-OS 11.2.10-h8",
            "PAN-OS 11.2.10-h7",
            "PAN-OS 11.2.10-h6",
            "PAN-OS 11.2.10-h5",
            "PAN-OS 11.2.10-h4",
            "PAN-OS 11.2.10-h3",
            "PAN-OS 11.2.10-h2",
            "PAN-OS 11.2.10-h1",
            "PAN-OS 11.2.10",
            "PAN-OS 11.2.9",
            "PAN-OS 11.2.8",
            "PAN-OS 11.2.7-h15",
            "PAN-OS 11.2.7-h14",
            "PAN-OS 11.2.7-h13",
            "PAN-OS 11.2.7-h12",
            "PAN-OS 11.2.7-h11",
            "PAN-OS 11.2.7-h10",
            "PAN-OS 11.2.7-h8",
            "PAN-OS 11.2.7-h7",
            "PAN-OS 11.2.7-h4",
            "PAN-OS 11.2.7-h3",
            "PAN-OS 11.2.7-h2",
            "PAN-OS 11.2.7-h1",
            "PAN-OS 11.2.7",
            "PAN-OS 11.2.6",
            "PAN-OS 11.2.5",
            "PAN-OS 11.2.4-h17",
            "PAN-OS 11.2.4-h15",
            "PAN-OS 11.2.4-h14",
            "PAN-OS 11.2.4-h12",
            "PAN-OS 11.2.4-h11",
            "PAN-OS 11.2.4-h10",
            "PAN-OS 11.2.4-h9",
            "PAN-OS 11.2.4-h8",
            "PAN-OS 11.2.4-h7",
            "PAN-OS 11.2.4-h6",
            "PAN-OS 11.2.4-h5",
            "PAN-OS 11.2.4-h4",
            "PAN-OS 11.2.4-h3",
            "PAN-OS 11.2.4-h2",
            "PAN-OS 11.2.4-h1",
            "PAN-OS 11.2.4",
            "PAN-OS 11.2.3-h5",
            "PAN-OS 11.2.3-h4",
            "PAN-OS 11.2.3-h3",
            "PAN-OS 11.2.3-h2",
            "PAN-OS 11.2.3-h1",
            "PAN-OS 11.2.3",
            "PAN-OS 11.2.2-h2",
            "PAN-OS 11.2.2-h1",
            "PAN-OS 11.2.1-h1",
            "PAN-OS 11.2.1",
            "PAN-OS 11.2.0-h1",
            "PAN-OS 11.2.0",
            "PAN-OS 11.1.15",
            "PAN-OS 11.1.14",
            "PAN-OS 11.1.13-h6",
            "PAN-OS 11.1.13-h5",
            "PAN-OS 11.1.13-h3",
            "PAN-OS 11.1.13-h2",
            "PAN-OS 11.1.13-h1",
            "PAN-OS 11.1.13",
            "PAN-OS 11.1.12",
            "PAN-OS 11.1.11",
            "PAN-OS 11.1.10-h26",
            "PAN-OS 11.1.10-h25",
            "PAN-OS 11.1.10-h21",
            "PAN-OS 11.1.10-h12",
            "PAN-OS 11.1.10-h10",
            "PAN-OS 11.1.10-h9",
            "PAN-OS 11.1.10-h7",
            "PAN-OS 11.1.10-h5",
            "PAN-OS 11.1.10-h4",
            "PAN-OS 11.1.10-h1",
            "PAN-OS 11.1.10",
            "PAN-OS 11.1.9",
            "PAN-OS 11.1.8",
            "PAN-OS 11.1.6-h32",
            "PAN-OS 11.1.6-h29",
            "PAN-OS 11.1.6-h25",
            "PAN-OS 11.1.6-h23",
            "PAN-OS 11.1.6-h22",
            "PAN-OS 11.1.6-h21",
            "PAN-OS 11.1.6-h20",
            "PAN-OS 11.1.6-h19",
            "PAN-OS 11.1.6-h18",
            "PAN-OS 11.1.6-h17",
            "PAN-OS 11.1.6-h14",
            "PAN-OS 11.1.6-h10",
            "PAN-OS 11.1.6-h7",
            "PAN-OS 11.1.6-h6",
            "PAN-OS 11.1.6-h4",
            "PAN-OS 11.1.6-h3",
            "PAN-OS 11.1.6-h2",
            "PAN-OS 11.1.6-h1",
            "PAN-OS 11.1.6",
            "PAN-OS 11.1.5-h1",
            "PAN-OS 11.1.5",
            "PAN-OS 11.1.4-h33",
            "PAN-OS 11.1.4-h32",
            "PAN-OS 11.1.4-h27",
            "PAN-OS 11.1.4-h25",
            "PAN-OS 11.1.4-h18",
            "PAN-OS 11.1.4-h17",
            "PAN-OS 11.1.4-h15",
            "PAN-OS 11.1.4-h13",
            "PAN-OS 11.1.4-h12",
            "PAN-OS 11.1.4-h11",
            "PAN-OS 11.1.4-h10",
            "PAN-OS 11.1.4-h9",
            "PAN-OS 11.1.4-h8",
            "PAN-OS 11.1.4-h7",
            "PAN-OS 11.1.4-h6",
            "PAN-OS 11.1.4-h5",
            "PAN-OS 11.1.4-h4",
            "PAN-OS 11.1.4-h3",
            "PAN-OS 11.1.4-h2",
            "PAN-OS 11.1.4-h1",
            "PAN-OS 11.1.4",
            "PAN-OS 11.1.3-h13",
            "PAN-OS 11.1.3-h12",
            "PAN-OS 11.1.3-h11",
            "PAN-OS 11.1.3-h10",
            "PAN-OS 11.1.3-h9",
            "PAN-OS 11.1.3-h8",
            "PAN-OS 11.1.3-h7",
            "PAN-OS 11.1.3-h6",
            "PAN-OS 11.1.3-h5",
            "PAN-OS 11.1.3-h4",
            "PAN-OS 11.1.3-h3",
            "PAN-OS 11.1.3-h2",
            "PAN-OS 11.1.3-h1",
            "PAN-OS 11.1.3",
            "PAN-OS 11.1.2-h18",
            "PAN-OS 11.1.2-h17",
            "PAN-OS 11.1.2-h16",
            "PAN-OS 11.1.2-h15",
            "PAN-OS 11.1.2-h14",
            "PAN-OS 11.1.2-h13",
            "PAN-OS 11.1.2-h12",
            "PAN-OS 11.1.2-h11",
            "PAN-OS 11.1.2-h10",
            "PAN-OS 11.1.2-h9",
            "PAN-OS 11.1.2-h8",
            "PAN-OS 11.1.2-h7",
            "PAN-OS 11.1.2-h6",
            "PAN-OS 11.1.2-h5",
            "PAN-OS 11.1.2-h4",
            "PAN-OS 11.1.2-h3",
            "PAN-OS 11.1.2-h2",
            "PAN-OS 11.1.2-h1",
            "PAN-OS 11.1.2",
            "PAN-OS 11.1.1-h2",
            "PAN-OS 11.1.1-h1",
            "PAN-OS 11.1.1",
            "PAN-OS 11.1.0-h4",
            "PAN-OS 11.1.0-h3",
            "PAN-OS 11.1.0-h2",
            "PAN-OS 11.1.0-h1",
            "PAN-OS 11.1.0",
            "PAN-OS 10.2.18-h6",
            "PAN-OS 10.2.18-h5",
            "PAN-OS 10.2.18-h1",
            "PAN-OS 10.2.18",
            "PAN-OS 10.2.17",
            "PAN-OS 10.2.16-h7",
            "PAN-OS 10.2.16-h6",
            "PAN-OS 10.2.16-h4",
            "PAN-OS 10.2.16-h1",
            "PAN-OS 10.2.16",
            "PAN-OS 10.2.15",
            "PAN-OS 10.2.14-h1",
            "PAN-OS 10.2.14",
            "PAN-OS 10.2.13-h21",
            "PAN-OS 10.2.13-h18",
            "PAN-OS 10.2.13-h16",
            "PAN-OS 10.2.13-h15",
            "PAN-OS 10.2.13-h10",
            "PAN-OS 10.2.13-h7",
            "PAN-OS 10.2.13-h5",
            "PAN-OS 10.2.13-h4",
            "PAN-OS 10.2.13-h3",
            "PAN-OS 10.2.13-h2",
            "PAN-OS 10.2.13-h1",
            "PAN-OS 10.2.13",
            "PAN-OS 10.2.12-h6",
            "PAN-OS 10.2.12-h5",
            "PAN-OS 10.2.12-h4",
            "PAN-OS 10.2.12-h3",
            "PAN-OS 10.2.12-h2",
            "PAN-OS 10.2.12-h1",
            "PAN-OS 10.2.12",
            "PAN-OS 10.2.11-h13",
            "PAN-OS 10.2.11-h12",
            "PAN-OS 10.2.11-h11",
            "PAN-OS 10.2.11-h10",
            "PAN-OS 10.2.11-h9",
            "PAN-OS 10.2.11-h8",
            "PAN-OS 10.2.11-h7",
            "PAN-OS 10.2.11-h6",
            "PAN-OS 10.2.11-h5",
            "PAN-OS 10.2.11-h4",
            "PAN-OS 10.2.11-h3",
            "PAN-OS 10.2.11-h2",
            "PAN-OS 10.2.11-h1",
            "PAN-OS 10.2.11",
            "PAN-OS 10.2.10-h36",
            "PAN-OS 10.2.10-h31",
            "PAN-OS 10.2.10-h30",
            "PAN-OS 10.2.10-h27",
            "PAN-OS 10.2.10-h26",
            "PAN-OS 10.2.10-h23",
            "PAN-OS 10.2.10-h21",
            "PAN-OS 10.2.10-h18",
            "PAN-OS 10.2.10-h17",
            "PAN-OS 10.2.10-h14",
            "PAN-OS 10.2.10-h13",
            "PAN-OS 10.2.10-h12",
            "PAN-OS 10.2.10-h11",
            "PAN-OS 10.2.10-h10",
            "PAN-OS 10.2.10-h9",
            "PAN-OS 10.2.10-h8",
            "PAN-OS 10.2.10-h7",
            "PAN-OS 10.2.10-h6",
            "PAN-OS 10.2.10-h5",
            "PAN-OS 10.2.10-h4",
            "PAN-OS 10.2.10-h3",
            "PAN-OS 10.2.10-h2",
            "PAN-OS 10.2.10-h1",
            "PAN-OS 10.2.10",
            "PAN-OS 10.2.9-h21",
            "PAN-OS 10.2.9-h20",
            "PAN-OS 10.2.9-h19",
            "PAN-OS 10.2.9-h18",
            "PAN-OS 10.2.9-h17",
            "PAN-OS 10.2.9-h16",
            "PAN-OS 10.2.9-h15",
            "PAN-OS 10.2.9-h14",
            "PAN-OS 10.2.9-h13",
            "PAN-OS 10.2.9-h12",
            "PAN-OS 10.2.9-h11",
            "PAN-OS 10.2.9-h10",
            "PAN-OS 10.2.9-h9",
            "PAN-OS 10.2.9-h8",
            "PAN-OS 10.2.9-h7",
            "PAN-OS 10.2.9-h6",
            "PAN-OS 10.2.9-h5",
            "PAN-OS 10.2.9-h4",
            "PAN-OS 10.2.9-h3",
            "PAN-OS 10.2.9-h2",
            "PAN-OS 10.2.9-h1",
            "PAN-OS 10.2.9",
            "PAN-OS 10.2.8-h21",
            "PAN-OS 10.2.8-h20",
            "PAN-OS 10.2.8-h19",
            "PAN-OS 10.2.8-h18",
            "PAN-OS 10.2.8-h17",
            "PAN-OS 10.2.8-h16",
            "PAN-OS 10.2.8-h15",
            "PAN-OS 10.2.8-h14",
            "PAN-OS 10.2.8-h13",
            "PAN-OS 10.2.8-h12",
            "PAN-OS 10.2.8-h11",
            "PAN-OS 10.2.8-h10",
            "PAN-OS 10.2.8-h9",
            "PAN-OS 10.2.8-h8",
            "PAN-OS 10.2.8-h7",
            "PAN-OS 10.2.8-h6",
            "PAN-OS 10.2.8-h5",
            "PAN-OS 10.2.8-h4",
            "PAN-OS 10.2.8-h3",
            "PAN-OS 10.2.8-h2",
            "PAN-OS 10.2.8-h1",
            "PAN-OS 10.2.8",
            "PAN-OS 10.2.7-h34",
            "PAN-OS 10.2.7-h32",
            "PAN-OS 10.2.7-h24",
            "PAN-OS 10.2.7-h23",
            "PAN-OS 10.2.7-h22",
            "PAN-OS 10.2.7-h21",
            "PAN-OS 10.2.7-h20",
            "PAN-OS 10.2.7-h19",
            "PAN-OS 10.2.7-h18",
            "PAN-OS 10.2.7-h17",
            "PAN-OS 10.2.7-h16",
            "PAN-OS 10.2.7-h15",
            "PAN-OS 10.2.7-h14",
            "PAN-OS 10.2.7-h13",
            "PAN-OS 10.2.7-h12",
            "PAN-OS 10.2.7-h11",
            "PAN-OS 10.2.7-h10",
            "PAN-OS 10.2.7-h9",
            "PAN-OS 10.2.7-h8",
            "PAN-OS 10.2.7-h7",
            "PAN-OS 10.2.7-h6",
            "PAN-OS 10.2.7-h5",
            "PAN-OS 10.2.7-h4",
            "PAN-OS 10.2.7-h3",
            "PAN-OS 10.2.7-h2",
            "PAN-OS 10.2.7-h1",
            "PAN-OS 10.2.7",
            "PAN-OS 10.2.6-h6",
            "PAN-OS 10.2.6-h5",
            "PAN-OS 10.2.6-h4",
            "PAN-OS 10.2.6-h3",
            "PAN-OS 10.2.6-h2",
            "PAN-OS 10.2.6-h1",
            "PAN-OS 10.2.6",
            "PAN-OS 10.2.5-h9",
            "PAN-OS 10.2.5-h8",
            "PAN-OS 10.2.5-h7",
            "PAN-OS 10.2.5-h6",
            "PAN-OS 10.2.5-h5",
            "PAN-OS 10.2.5-h4",
            "PAN-OS 10.2.5-h3",
            "PAN-OS 10.2.5-h2",
            "PAN-OS 10.2.5-h1",
            "PAN-OS 10.2.5",
            "PAN-OS 10.2.4-h32",
            "PAN-OS 10.2.4-h31",
            "PAN-OS 10.2.4-h30",
            "PAN-OS 10.2.4-h29",
            "PAN-OS 10.2.4-h28",
            "PAN-OS 10.2.4-h27",
            "PAN-OS 10.2.4-h26",
            "PAN-OS 10.2.4-h25",
            "PAN-OS 10.2.4-h24",
            "PAN-OS 10.2.4-h23",
            "PAN-OS 10.2.4-h22",
            "PAN-OS 10.2.4-h21",
            "PAN-OS 10.2.4-h20",
            "PAN-OS 10.2.4-h19",
            "PAN-OS 10.2.4-h18",
            "PAN-OS 10.2.4-h17",
            "PAN-OS 10.2.4-h16",
            "PAN-OS 10.2.4-h15",
            "PAN-OS 10.2.4-h14",
            "PAN-OS 10.2.4-h13",
            "PAN-OS 10.2.4-h12",
            "PAN-OS 10.2.4-h11",
            "PAN-OS 10.2.4-h10",
            "PAN-OS 10.2.4-h9",
            "PAN-OS 10.2.4-h8",
            "PAN-OS 10.2.4-h7",
            "PAN-OS 10.2.4-h6",
            "PAN-OS 10.2.4-h5",
            "PAN-OS 10.2.4-h4",
            "PAN-OS 10.2.4-h3",
            "PAN-OS 10.2.4-h2",
            "PAN-OS 10.2.4-h1",
            "PAN-OS 10.2.4",
            "PAN-OS 10.2.3-h14",
            "PAN-OS 10.2.3-h13",
            "PAN-OS 10.2.3-h12",
            "PAN-OS 10.2.3-h11",
            "PAN-OS 10.2.3-h10",
            "PAN-OS 10.2.3-h9",
            "PAN-OS 10.2.3-h8",
            "PAN-OS 10.2.3-h7",
            "PAN-OS 10.2.3-h6",
            "PAN-OS 10.2.3-h5",
            "PAN-OS 10.2.3-h4",
            "PAN-OS 10.2.3-h3",
            "PAN-OS 10.2.3-h2",
            "PAN-OS 10.2.3-h1",
            "PAN-OS 10.2.3",
            "PAN-OS 10.2.2-h6",
            "PAN-OS 10.2.2-h5",
            "PAN-OS 10.2.2-h4",
            "PAN-OS 10.2.2-h3",
            "PAN-OS 10.2.2-h2",
            "PAN-OS 10.2.2-h1",
            "PAN-OS 10.2.2",
            "PAN-OS 10.2.1-h3",
            "PAN-OS 10.2.1-h2",
            "PAN-OS 10.2.1-h1",
            "PAN-OS 10.2.1",
            "PAN-OS 10.2.0-h4",
            "PAN-OS 10.2.0-h3",
            "PAN-OS 10.2.0-h2",
            "PAN-OS 10.2.0-h1",
            "PAN-OS 10.2.0"
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "assignerShortName": "palo_alto",
        "cveId": "CVE-2026-0279",
        "datePublished": "2026-07-09T19:08:41.656Z",
        "dateReserved": "2025-11-03T20:44:38.280Z",
        "dateUpdated": "2026-07-09T19:23:42.200Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0288 (GCVE-0-2026-0288)

    Vulnerability from nvd – Published: 2026-07-08 20:14 – Updated: 2026-07-09 18:48
    VLAI
    Title
    PAN-OS: Buffer Overflow Vulnerabilities in User-ID Terminal Server Agent
    Summary
    Multiple buffer overflow vulnerabilities in the User-ID Terminal Server Agent (TSA) component of Palo Alto Networks PAN-OS software allow an unauthenticated attacker with network access to cause a denial of service (DoS) condition or potentially execute arbitrary code by sending specially crafted network traffic. The security risk posed by this issue is minimized when the User-ID Terminal Server Agent connectivity is restricted to only trusted internal IP addresses according to our recommended best practice deployment guidelines https://docs.paloaltonetworks.com/ngfw/help/10-2/user-identification/device-user-identification-terminal-services-agents#:~:text=To%20minimize%20security%20risk%2C%20restrict%20TS%20Agent%20connectivity%20to%20trusted%20internal%20IP%20addresses%20only. . Panorama is not impacted by this vulnerability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Palo Alto Networks Cloud NGFW Unaffected: All (custom)
    Create a notification for this product.
    Palo Alto Networks PAN-OS Affected: 12.1.0 , < 12.1.8 (custom)
    Affected: 11.2.0 , < 11.2.13 (custom)
    Affected: 11.1.0 , < 11.1.16 (custom)
    Affected: 10.2.0 , < 10.2.7-h36 (custom)
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.12:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h16:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h13:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.15:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.14:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h28:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h27:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h26:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h25:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h34:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h33:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h32:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h29:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h25:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h23:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h22:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h20:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h19:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h34:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h33:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h32:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h27:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h25:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h13:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h22:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h16:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h37:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h36:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h31:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h30:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h27:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h26:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h23:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h13:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h35:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h34:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h32:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h24:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h23:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h22:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h20:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h19:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h16:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h13:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Palo Alto Networks Prisma Access Affected: 11.2.0 , < 11.2.7-h18 (custom)
    Affected: 10.2.0 , < 10.2.10-h39 (custom)
    Create a notification for this product.
    Date Public
    2026-07-08 16:00
    Credits
    Liang Zhu
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0288",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T03:55:51.922548Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T13:54:42.864Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "platforms": [
                "AWS",
                "Azure"
              ],
              "product": "Cloud NGFW",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h16:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h13:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h28:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h27:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h26:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h25:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h34:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h33:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h32:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h29:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h25:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h23:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h22:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h20:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h19:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h34:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h33:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h32:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h27:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h25:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h13:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h22:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h16:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h37:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h36:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h31:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h30:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h27:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h26:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h23:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h13:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h35:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h34:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h32:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h24:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h23:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h22:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h20:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h19:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h16:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h13:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "PAN-OS",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "12.1.8",
                      "status": "unaffected"
                    },
                    {
                      "at": "12.1.7-h2",
                      "status": "unaffected"
                    },
                    {
                      "at": "12.1.4-h8",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "12.1.8",
                  "status": "affected",
                  "version": "12.1.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "11.2.13",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.2.10-h12",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.2.7-h18",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.2.4-h20",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "11.2.13",
                  "status": "affected",
                  "version": "11.2.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "11.1.16",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.13-h9",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.10-h30",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.7-h8",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.6-h35",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.4-h35",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "11.1.16",
                  "status": "affected",
                  "version": "11.1.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "10.2.18-h8",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.16-h9",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.13-h23",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.10-h39",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.7-h36",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "10.2.7-h36",
                  "status": "affected",
                  "version": "10.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Prisma Access",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "11.2.7-h18",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "11.2.7-h18",
                  "status": "affected",
                  "version": "11.2.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "10.2.10-h39",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "10.2.10-h39",
                  "status": "affected",
                  "version": "10.2.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "configurations": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003e\u003cspan\u003eThis issue only affects PAN-OS devices with at least one Terminal Server Agent (TSA) entry configured\u003c/span\u003e\u003cb\u003e\u003cspan\u003e\u003cbr\u003e\u003c/span\u003e\u003cspan\u003e\u003cbr\u003e\u003c/span\u003e\u003c/b\u003e\u003cspan\u003eTo check if a PAN-OS device has a Terminal Server Agent configured, navigate to:\u003c/span\u003e\u003cb\u003e\u003cspan\u003e\u003cbr\u003e\u003c/span\u003e\u003cspan\u003e\u003cbr\u003e\u003c/span\u003e\u003c/b\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/ngfw/help/12-1/user-identification/device-user-identification-terminal-services-agents\"\u003e\u003cspan\u003eDevice \u0026gt; User Identification \u0026gt; Terminal Server Agents\u003c/span\u003e\u003c/a\u003e\u003cbr\u003e\u003c/p\u003e"
                }
              ],
              "value": "This issue only affects PAN-OS devices with at least one Terminal Server Agent (TSA) entry configured\n\nTo check if a PAN-OS device has a Terminal Server Agent configured, navigate to:\n\n Device \u003e User Identification \u003e Terminal Server Agents https://docs.paloaltonetworks.com/ngfw/help/12-1/user-identification/device-user-identification-terminal-services-agents"
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "12.1.8",
                      "versionStartIncluding": "12.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "12.1.7-h2",
                      "versionStartIncluding": "12.1.7",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "12.1.4-h8",
                      "versionStartIncluding": "12.1.4",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.2.13",
                      "versionStartIncluding": "11.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.2.10-h12",
                      "versionStartIncluding": "11.2.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.2.7-h18",
                      "versionStartIncluding": "11.2.7",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.2.4-h20",
                      "versionStartIncluding": "11.2.4",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.16",
                      "versionStartIncluding": "11.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.13-h9",
                      "versionStartIncluding": "11.1.13",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.10-h30",
                      "versionStartIncluding": "11.1.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.7-h8",
                      "versionStartIncluding": "11.1.7",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.6-h35",
                      "versionStartIncluding": "11.1.6",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.4-h35",
                      "versionStartIncluding": "11.1.4",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.18-h8",
                      "versionStartIncluding": "10.2.18",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.16-h9",
                      "versionStartIncluding": "10.2.16",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.13-h23",
                      "versionStartIncluding": "10.2.13",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.10-h39",
                      "versionStartIncluding": "10.2.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.7-h36",
                      "versionStartIncluding": "10.2.7",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:prisma_access:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.2.7-h18",
                      "versionStartIncluding": "11.2.7",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:prisma_access:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.10-h39",
                      "versionStartIncluding": "10.2.10",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Liang Zhu"
            }
          ],
          "datePublic": "2026-07-08T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eMultiple buffer overflow vulnerabilities in the User-ID Terminal Server Agent (TSA) component of Palo Alto Networks PAN-OS software allow an unauthenticated attacker with network access to cause a denial of service (DoS) condition or potentially execute arbitrary code by sending specially crafted network traffic.\u003cb\u003e\u003cbr\u003e\u003cbr\u003e\u003c/b\u003eThe security risk posed by this issue is minimized when the User-ID Terminal Server Agent connectivity is restricted to only trusted internal IP addresses according to our recommended\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/ngfw/help/10-2/user-identification/device-user-identification-terminal-services-agents#:~:text=To%20minimize%20security%20risk%2C%20restrict%20TS%20Agent%20connectivity%20to%20trusted%20internal%20IP%20addresses%20only.\"\u003e best practice deployment guidelines\u003c/a\u003e.\u003cb\u003e\u003cbr\u003e\u003cbr\u003e\u003c/b\u003e\u003cspan\u003ePanorama is not impacted by this vulnerability.\u003c/span\u003e\u003cbr\u003e\u003c/p\u003e"
                }
              ],
              "value": "Multiple buffer overflow vulnerabilities in the User-ID Terminal Server Agent (TSA) component of Palo Alto Networks PAN-OS software allow an unauthenticated attacker with network access to cause a denial of service (DoS) condition or potentially execute arbitrary code by sending specially crafted network traffic.\n\nThe security risk posed by this issue is minimized when the User-ID Terminal Server Agent connectivity is restricted to only trusted internal IP addresses according to our recommended  best practice deployment guidelines https://docs.paloaltonetworks.com/ngfw/help/10-2/user-identification/device-user-identification-terminal-services-agents#:~:text=To%20minimize%20security%20risk%2C%20restrict%20TS%20Agent%20connectivity%20to%20trusted%20internal%20IP%20addresses%20only. .\n\nPanorama is not impacted by this vulnerability."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Palo Alto Networks is not aware of any malicious exploitation of these issues."
                }
              ],
              "value": "Palo Alto Networks is not aware of any malicious exploitation of these issues."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100 Overflow Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NO",
                "Recovery": "USER",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "exploitMaturity": "UNREPORTED",
                "privilegesRequired": "NONE",
                "providerUrgency": "RED",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "LOW",
                "userInteraction": "NONE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:U/AU:N/R:U/V:D/RE:M/U:Red",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "The risk is highest when you configure the User-ID Terminal Server Agent (TSA) IP and port access from the Internet or any untrusted network."
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NO",
                "Recovery": "USER",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "ADJACENT",
                "baseScore": 5.2,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "UNREPORTED",
                "privilegesRequired": "NONE",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "LOW",
                "userInteraction": "NONE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:U/AU:N/R:U/V:D/RE:M/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "You can reduce the risk of exploitation by restricting User-ID Terminal Server Agent (TSA) IP and port access to only trusted internal IP addresses and preventing its exposure to the internet."
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NO",
                "Recovery": "USER",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "ADJACENT",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "UNREPORTED",
                "privilegesRequired": "LOW",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "LOW",
                "userInteraction": "NONE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:U/AU:N/R:U/V:D/RE:M/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "The risk of exploitation is lower for Prisma Access as it requires an authenticated user and the external network access to the User-ID Terminal Server Agent (TSA) IP and port is restricted."
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T18:48:32.880Z",
            "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
            "shortName": "palo_alto"
          },
          "references": [
            {
              "name": "https://security.paloaltonetworks.com/CVE-2026-PAN-323400",
              "url": "https://security.paloaltonetworks.com/"
            }
          ],
          "solutions": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003ctable\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eVersion\u003cbr\u003e\u003c/th\u003e\u003cth\u003eMinor Version\u003cbr\u003e\u003c/th\u003e\u003cth\u003eSuggested Solution\u003cbr\u003e\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eCloud NGFW\u003c/td\u003e\u003ctd\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003ePAN-OS 12.1\u003cbr\u003e\u003c/td\u003e\n                                \u003ctd\u003e12.1.5 through 12.1.7-h*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 12.1.7-h2 or 12.1.8 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e12.1.2 through 12.1.4-h*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 12.1.4-h8 or 12.1.8 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003ePAN-OS 11.2\u003cbr\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.2.0 through 11.2.12\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.2.13 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.2.0 through 11.2.10-h*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.2.10-h12 or 11.2.13 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.2.0 through 11.2.7-h*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.2.7-h18 or 11.2.13 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.2.0 through 11.2.4-h*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.2.4-h20 or 11.2.13 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003ePAN-OS 11.1\u003cbr\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.1.0 through 11.1.15\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.1.16 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.1.0 through 11.1.13-h*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.1.13-h9 or 11.1.16 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.1.0 through 11.1.10-h*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.1.10-h30 or 11.1.16 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.1.0 through 11.1.7-h*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.1.7-h8 or 11.1.16 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.1.0 through 11.1.6-h*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.1.6-h35 or 11.1.16 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.1.0 through 11.1.4-h*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.1.4-h35 or 11.1.16 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003ePAN-OS 10.2\u003cbr\u003e\u003c/td\u003e\n                                \u003ctd\u003e10.2.0 through 10.2.18-h*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 10.2.18-h8 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u0026nbsp;\u003c/td\u003e\u003ctd\u003e10.2.0 through 10.2.16-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 10.2.16-h9 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e10.2.0 through 10.2.13-h*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 10.2.13-h23 or later.\u003cbr\u003e\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e10.2.0 through 10.2.10-h*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 10.2.10-h39 or later.\u003cbr\u003e\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e10.2.0 through 10.2.7-h*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 10.2.7-h36 or later.\u003cbr\u003e\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eAll older\u003cbr\u003eunsupported\u003cbr\u003ePAN-OS versions\u003c/td\u003e\u003ctd\u003e\u0026nbsp;\u003c/td\u003e\u003ctd\u003eUpgrade to a supported fixed version.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003ePrisma Access 11.2\u003cbr\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.2.0 through 11.2.7\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.2.7-h18 or later.*\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003ePrisma Access 10.2\u003cbr\u003e\u003c/td\u003e\n                                \u003ctd\u003e10.2.0 through 10.2.10\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 10.2.10-h39 or later.*\u003cbr\u003e\u003c/td\u003e\n                            \u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cbr\u003e* See the note under Product Status for information regarding Prisma Access upgrades."
                }
              ],
              "value": "Version\nMinor Version\nSuggested Solution\nCloud NGFWNo action needed.\n                                PAN-OS 12.1\n\n                                12.1.5 through 12.1.7-h*\n                                Upgrade to 12.1.7-h2 or 12.1.8 or later.\n                            \n                                \n                                12.1.2 through 12.1.4-h*\n                                Upgrade to 12.1.4-h8 or 12.1.8 or later.\n                            \n                                PAN-OS 11.2\n\n                                11.2.0 through 11.2.12\n                                Upgrade to 11.2.13 or later.\n                            \n                                \n                                11.2.0 through 11.2.10-h*\n                                Upgrade to 11.2.10-h12 or 11.2.13 or later.\n                            \n                                \n                                11.2.0 through 11.2.7-h*\n                                Upgrade to 11.2.7-h18 or 11.2.13 or later.\n                            \n                                \n                                11.2.0 through 11.2.4-h*\n                                Upgrade to 11.2.4-h20 or 11.2.13 or later.\n                            \n                                PAN-OS 11.1\n\n                                11.1.0 through 11.1.15\n                                Upgrade to 11.1.16 or later.\n                            \n                                \n                                11.1.0 through 11.1.13-h*\n                                Upgrade to 11.1.13-h9 or 11.1.16 or later.\n                            \n                                \n                                11.1.0 through 11.1.10-h*\n                                Upgrade to 11.1.10-h30 or 11.1.16 or later.\n                            \n                                \n                                11.1.0 through 11.1.7-h*\n                                Upgrade to 11.1.7-h8 or 11.1.16 or later.\n                            \n                                \n                                11.1.0 through 11.1.6-h*\n                                Upgrade to 11.1.6-h35 or 11.1.16 or later.\n                            \n                                \n                                11.1.0 through 11.1.4-h*\n                                Upgrade to 11.1.4-h35 or 11.1.16 or later.\n                            \n                                PAN-OS 10.2\n\n                                10.2.0 through 10.2.18-h*\n                                Upgrade to 10.2.18-h8 or later.\n                            \u00a010.2.0 through 10.2.16-h*Upgrade to 10.2.16-h9 or later.\n                                \n                                10.2.0 through 10.2.13-h*\n                                Upgrade to 10.2.13-h23 or later.\n\n                            \n                                \n                                10.2.0 through 10.2.10-h*\n                                Upgrade to 10.2.10-h39 or later.\n\n                            \n                                \n                                10.2.0 through 10.2.7-h*\n                                Upgrade to 10.2.7-h36 or later.\n\n                            All older\nunsupported\nPAN-OS versions\u00a0Upgrade to a supported fixed version.\n                                Prisma Access 11.2\n\n                                11.2.0 through 11.2.7\n                                Upgrade to 11.2.7-h18 or later.*\n                            \n                                Prisma Access 10.2\n\n                                10.2.0 through 10.2.10\n                                Upgrade to 10.2.10-h39 or later.*\n\n                            \n* See the note under Product Status for information regarding Prisma Access upgrades."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-08T16:00:00.000Z",
              "value": "Initial publication"
            }
          ],
          "title": "PAN-OS: Buffer Overflow Vulnerabilities in User-ID Terminal Server Agent",
          "workarounds": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eThe vast majority of firewalls already follow Palo Alto Networks\u0027 and industry best practices. However, if you have not already, we strongly recommend that you restrict your User-ID Terminal Server Agent connectivity to only trusted internal IP addresses according to our\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/ngfw/help/10-2/user-identification/device-user-identification-terminal-services-agents#:~:text=To%20minimize%20security%20risk%2C%20restrict%20TS%20Agent%20connectivity%20to%20trusted%20internal%20IP%20addresses%20only.\"\u003ebest practice deployment guidelines\u003c/a\u003e\u003cbr\u003e\u003c/p\u003e"
                }
              ],
              "value": "The vast majority of firewalls already follow Palo Alto Networks\u0027 and industry best practices. However, if you have not already, we strongly recommend that you restrict your User-ID Terminal Server Agent connectivity to only trusted internal IP addresses according to our\u00a0 best practice deployment guidelines https://docs.paloaltonetworks.com/ngfw/help/10-2/user-identification/device-user-identification-terminal-services-agents#:~:text=To%20minimize%20security%20risk%2C%20restrict%20TS%20Agent%20connectivity%20to%20trusted%20internal%20IP%20addresses%20only."
            }
          ],
          "x_affectedList": [
            "PAN-OS 12.1.7",
            "PAN-OS 12.1.6",
            "PAN-OS 12.1.5",
            "PAN-OS 12.1.4-h6",
            "PAN-OS 12.1.4-h5",
            "PAN-OS 12.1.4-h3",
            "PAN-OS 12.1.4-h2",
            "PAN-OS 12.1.4",
            "PAN-OS 12.1.3-h3",
            "PAN-OS 12.1.3-h1",
            "PAN-OS 12.1.3",
            "PAN-OS 12.1.2",
            "PAN-OS 11.2.12",
            "PAN-OS 11.2.11",
            "PAN-OS 11.2.10-h8",
            "PAN-OS 11.2.10-h7",
            "PAN-OS 11.2.10-h6",
            "PAN-OS 11.2.10-h5",
            "PAN-OS 11.2.10-h4",
            "PAN-OS 11.2.10-h3",
            "PAN-OS 11.2.10-h2",
            "PAN-OS 11.2.10-h1",
            "PAN-OS 11.2.10",
            "PAN-OS 11.2.9",
            "PAN-OS 11.2.8",
            "PAN-OS 11.2.7-h15",
            "PAN-OS 11.2.7-h14",
            "PAN-OS 11.2.7-h13",
            "PAN-OS 11.2.7-h12",
            "PAN-OS 11.2.7-h11",
            "PAN-OS 11.2.7-h10",
            "PAN-OS 11.2.7-h8",
            "PAN-OS 11.2.7-h7",
            "PAN-OS 11.2.7-h4",
            "PAN-OS 11.2.7-h3",
            "PAN-OS 11.2.7-h2",
            "PAN-OS 11.2.7-h1",
            "PAN-OS 11.2.7",
            "PAN-OS 11.2.6",
            "PAN-OS 11.2.5",
            "PAN-OS 11.2.4-h17",
            "PAN-OS 11.2.4-h15",
            "PAN-OS 11.2.4-h14",
            "PAN-OS 11.2.4-h12",
            "PAN-OS 11.2.4-h11",
            "PAN-OS 11.2.4-h10",
            "PAN-OS 11.2.4-h9",
            "PAN-OS 11.2.4-h8",
            "PAN-OS 11.2.4-h7",
            "PAN-OS 11.2.4-h6",
            "PAN-OS 11.2.4-h5",
            "PAN-OS 11.2.4-h4",
            "PAN-OS 11.2.4-h3",
            "PAN-OS 11.2.4-h2",
            "PAN-OS 11.2.4-h1",
            "PAN-OS 11.2.4",
            "PAN-OS 11.2.3-h5",
            "PAN-OS 11.2.3-h4",
            "PAN-OS 11.2.3-h3",
            "PAN-OS 11.2.3-h2",
            "PAN-OS 11.2.3-h1",
            "PAN-OS 11.2.3",
            "PAN-OS 11.2.2-h2",
            "PAN-OS 11.2.2-h1",
            "PAN-OS 11.2.1-h1",
            "PAN-OS 11.2.1",
            "PAN-OS 11.2.0-h1",
            "PAN-OS 11.2.0",
            "PAN-OS 11.1.15",
            "PAN-OS 11.1.14",
            "PAN-OS 11.1.13-h6",
            "PAN-OS 11.1.13-h5",
            "PAN-OS 11.1.13-h3",
            "PAN-OS 11.1.13-h2",
            "PAN-OS 11.1.13-h1",
            "PAN-OS 11.1.13",
            "PAN-OS 11.1.12",
            "PAN-OS 11.1.11",
            "PAN-OS 11.1.10-h26",
            "PAN-OS 11.1.10-h25",
            "PAN-OS 11.1.10-h21",
            "PAN-OS 11.1.10-h12",
            "PAN-OS 11.1.10-h10",
            "PAN-OS 11.1.10-h9",
            "PAN-OS 11.1.10-h7",
            "PAN-OS 11.1.10-h5",
            "PAN-OS 11.1.10-h4",
            "PAN-OS 11.1.10-h1",
            "PAN-OS 11.1.10",
            "PAN-OS 11.1.9",
            "PAN-OS 11.1.8",
            "PAN-OS 11.1.6-h32",
            "PAN-OS 11.1.6-h29",
            "PAN-OS 11.1.6-h25",
            "PAN-OS 11.1.6-h23",
            "PAN-OS 11.1.6-h22",
            "PAN-OS 11.1.6-h21",
            "PAN-OS 11.1.6-h20",
            "PAN-OS 11.1.6-h19",
            "PAN-OS 11.1.6-h18",
            "PAN-OS 11.1.6-h17",
            "PAN-OS 11.1.6-h14",
            "PAN-OS 11.1.6-h10",
            "PAN-OS 11.1.6-h7",
            "PAN-OS 11.1.6-h6",
            "PAN-OS 11.1.6-h4",
            "PAN-OS 11.1.6-h3",
            "PAN-OS 11.1.6-h2",
            "PAN-OS 11.1.6-h1",
            "PAN-OS 11.1.6",
            "PAN-OS 11.1.5-h1",
            "PAN-OS 11.1.5",
            "PAN-OS 11.1.4-h33",
            "PAN-OS 11.1.4-h32",
            "PAN-OS 11.1.4-h27",
            "PAN-OS 11.1.4-h25",
            "PAN-OS 11.1.4-h18",
            "PAN-OS 11.1.4-h17",
            "PAN-OS 11.1.4-h15",
            "PAN-OS 11.1.4-h13",
            "PAN-OS 11.1.4-h12",
            "PAN-OS 11.1.4-h11",
            "PAN-OS 11.1.4-h10",
            "PAN-OS 11.1.4-h9",
            "PAN-OS 11.1.4-h8",
            "PAN-OS 11.1.4-h7",
            "PAN-OS 11.1.4-h6",
            "PAN-OS 11.1.4-h5",
            "PAN-OS 11.1.4-h4",
            "PAN-OS 11.1.4-h3",
            "PAN-OS 11.1.4-h2",
            "PAN-OS 11.1.4-h1",
            "PAN-OS 11.1.4",
            "PAN-OS 11.1.3-h13",
            "PAN-OS 11.1.3-h12",
            "PAN-OS 11.1.3-h11",
            "PAN-OS 11.1.3-h10",
            "PAN-OS 11.1.3-h9",
            "PAN-OS 11.1.3-h8",
            "PAN-OS 11.1.3-h7",
            "PAN-OS 11.1.3-h6",
            "PAN-OS 11.1.3-h5",
            "PAN-OS 11.1.3-h4",
            "PAN-OS 11.1.3-h3",
            "PAN-OS 11.1.3-h2",
            "PAN-OS 11.1.3-h1",
            "PAN-OS 11.1.3",
            "PAN-OS 11.1.2-h18",
            "PAN-OS 11.1.2-h17",
            "PAN-OS 11.1.2-h16",
            "PAN-OS 11.1.2-h15",
            "PAN-OS 11.1.2-h14",
            "PAN-OS 11.1.2-h13",
            "PAN-OS 11.1.2-h12",
            "PAN-OS 11.1.2-h11",
            "PAN-OS 11.1.2-h10",
            "PAN-OS 11.1.2-h9",
            "PAN-OS 11.1.2-h8",
            "PAN-OS 11.1.2-h7",
            "PAN-OS 11.1.2-h6",
            "PAN-OS 11.1.2-h5",
            "PAN-OS 11.1.2-h4",
            "PAN-OS 11.1.2-h3",
            "PAN-OS 11.1.2-h2",
            "PAN-OS 11.1.2-h1",
            "PAN-OS 11.1.2",
            "PAN-OS 11.1.1-h2",
            "PAN-OS 11.1.1-h1",
            "PAN-OS 11.1.1",
            "PAN-OS 11.1.0-h4",
            "PAN-OS 11.1.0-h3",
            "PAN-OS 11.1.0-h2",
            "PAN-OS 11.1.0-h1",
            "PAN-OS 11.1.0",
            "PAN-OS 10.2.18-h6",
            "PAN-OS 10.2.18-h5",
            "PAN-OS 10.2.18-h1",
            "PAN-OS 10.2.18",
            "PAN-OS 10.2.17",
            "PAN-OS 10.2.16-h7",
            "PAN-OS 10.2.16-h6",
            "PAN-OS 10.2.16-h4",
            "PAN-OS 10.2.16-h1",
            "PAN-OS 10.2.16",
            "PAN-OS 10.2.15",
            "PAN-OS 10.2.14-h1",
            "PAN-OS 10.2.14",
            "PAN-OS 10.2.13-h21",
            "PAN-OS 10.2.13-h18",
            "PAN-OS 10.2.13-h16",
            "PAN-OS 10.2.13-h15",
            "PAN-OS 10.2.13-h10",
            "PAN-OS 10.2.13-h7",
            "PAN-OS 10.2.13-h5",
            "PAN-OS 10.2.13-h4",
            "PAN-OS 10.2.13-h3",
            "PAN-OS 10.2.13-h2",
            "PAN-OS 10.2.13-h1",
            "PAN-OS 10.2.13",
            "PAN-OS 10.2.12-h6",
            "PAN-OS 10.2.12-h5",
            "PAN-OS 10.2.12-h4",
            "PAN-OS 10.2.12-h3",
            "PAN-OS 10.2.12-h2",
            "PAN-OS 10.2.12-h1",
            "PAN-OS 10.2.12",
            "PAN-OS 10.2.11-h13",
            "PAN-OS 10.2.11-h12",
            "PAN-OS 10.2.11-h11",
            "PAN-OS 10.2.11-h10",
            "PAN-OS 10.2.11-h9",
            "PAN-OS 10.2.11-h8",
            "PAN-OS 10.2.11-h7",
            "PAN-OS 10.2.11-h6",
            "PAN-OS 10.2.11-h5",
            "PAN-OS 10.2.11-h4",
            "PAN-OS 10.2.11-h3",
            "PAN-OS 10.2.11-h2",
            "PAN-OS 10.2.11-h1",
            "PAN-OS 10.2.11",
            "PAN-OS 10.2.10-h36",
            "PAN-OS 10.2.10-h31",
            "PAN-OS 10.2.10-h30",
            "PAN-OS 10.2.10-h27",
            "PAN-OS 10.2.10-h26",
            "PAN-OS 10.2.10-h23",
            "PAN-OS 10.2.10-h21",
            "PAN-OS 10.2.10-h18",
            "PAN-OS 10.2.10-h17",
            "PAN-OS 10.2.10-h14",
            "PAN-OS 10.2.10-h13",
            "PAN-OS 10.2.10-h12",
            "PAN-OS 10.2.10-h11",
            "PAN-OS 10.2.10-h10",
            "PAN-OS 10.2.10-h9",
            "PAN-OS 10.2.10-h8",
            "PAN-OS 10.2.10-h7",
            "PAN-OS 10.2.10-h6",
            "PAN-OS 10.2.10-h5",
            "PAN-OS 10.2.10-h4",
            "PAN-OS 10.2.10-h3",
            "PAN-OS 10.2.10-h2",
            "PAN-OS 10.2.10-h1",
            "PAN-OS 10.2.10",
            "PAN-OS 10.2.9-h21",
            "PAN-OS 10.2.9-h20",
            "PAN-OS 10.2.9-h19",
            "PAN-OS 10.2.9-h18",
            "PAN-OS 10.2.9-h17",
            "PAN-OS 10.2.9-h16",
            "PAN-OS 10.2.9-h15",
            "PAN-OS 10.2.9-h14",
            "PAN-OS 10.2.9-h13",
            "PAN-OS 10.2.9-h12",
            "PAN-OS 10.2.9-h11",
            "PAN-OS 10.2.9-h10",
            "PAN-OS 10.2.9-h9",
            "PAN-OS 10.2.9-h8",
            "PAN-OS 10.2.9-h7",
            "PAN-OS 10.2.9-h6",
            "PAN-OS 10.2.9-h5",
            "PAN-OS 10.2.9-h4",
            "PAN-OS 10.2.9-h3",
            "PAN-OS 10.2.9-h2",
            "PAN-OS 10.2.9-h1",
            "PAN-OS 10.2.9",
            "PAN-OS 10.2.8-h21",
            "PAN-OS 10.2.8-h20",
            "PAN-OS 10.2.8-h19",
            "PAN-OS 10.2.8-h18",
            "PAN-OS 10.2.8-h17",
            "PAN-OS 10.2.8-h16",
            "PAN-OS 10.2.8-h15",
            "PAN-OS 10.2.8-h14",
            "PAN-OS 10.2.8-h13",
            "PAN-OS 10.2.8-h12",
            "PAN-OS 10.2.8-h11",
            "PAN-OS 10.2.8-h10",
            "PAN-OS 10.2.8-h9",
            "PAN-OS 10.2.8-h8",
            "PAN-OS 10.2.8-h7",
            "PAN-OS 10.2.8-h6",
            "PAN-OS 10.2.8-h5",
            "PAN-OS 10.2.8-h4",
            "PAN-OS 10.2.8-h3",
            "PAN-OS 10.2.8-h2",
            "PAN-OS 10.2.8-h1",
            "PAN-OS 10.2.8",
            "PAN-OS 10.2.7-h34",
            "PAN-OS 10.2.7-h32",
            "PAN-OS 10.2.7-h24",
            "PAN-OS 10.2.7-h23",
            "PAN-OS 10.2.7-h22",
            "PAN-OS 10.2.7-h21",
            "PAN-OS 10.2.7-h20",
            "PAN-OS 10.2.7-h19",
            "PAN-OS 10.2.7-h18",
            "PAN-OS 10.2.7-h17",
            "PAN-OS 10.2.7-h16",
            "PAN-OS 10.2.7-h15",
            "PAN-OS 10.2.7-h14",
            "PAN-OS 10.2.7-h13",
            "PAN-OS 10.2.7-h12",
            "PAN-OS 10.2.7-h11",
            "PAN-OS 10.2.7-h10",
            "PAN-OS 10.2.7-h9",
            "PAN-OS 10.2.7-h8",
            "PAN-OS 10.2.7-h7",
            "PAN-OS 10.2.7-h6",
            "PAN-OS 10.2.7-h5",
            "PAN-OS 10.2.7-h4",
            "PAN-OS 10.2.7-h3",
            "PAN-OS 10.2.7-h2",
            "PAN-OS 10.2.7-h1",
            "PAN-OS 10.2.7",
            "PAN-OS 10.2.6-h6",
            "PAN-OS 10.2.6-h5",
            "PAN-OS 10.2.6-h4",
            "PAN-OS 10.2.6-h3",
            "PAN-OS 10.2.6-h2",
            "PAN-OS 10.2.6-h1",
            "PAN-OS 10.2.6",
            "PAN-OS 10.2.5-h9",
            "PAN-OS 10.2.5-h8",
            "PAN-OS 10.2.5-h7",
            "PAN-OS 10.2.5-h6",
            "PAN-OS 10.2.5-h5",
            "PAN-OS 10.2.5-h4",
            "PAN-OS 10.2.5-h3",
            "PAN-OS 10.2.5-h2",
            "PAN-OS 10.2.5-h1",
            "PAN-OS 10.2.5",
            "PAN-OS 10.2.4-h32",
            "PAN-OS 10.2.4-h31",
            "PAN-OS 10.2.4-h30",
            "PAN-OS 10.2.4-h29",
            "PAN-OS 10.2.4-h28",
            "PAN-OS 10.2.4-h27",
            "PAN-OS 10.2.4-h26",
            "PAN-OS 10.2.4-h25",
            "PAN-OS 10.2.4-h24",
            "PAN-OS 10.2.4-h23",
            "PAN-OS 10.2.4-h22",
            "PAN-OS 10.2.4-h21",
            "PAN-OS 10.2.4-h20",
            "PAN-OS 10.2.4-h19",
            "PAN-OS 10.2.4-h18",
            "PAN-OS 10.2.4-h17",
            "PAN-OS 10.2.4-h16",
            "PAN-OS 10.2.4-h15",
            "PAN-OS 10.2.4-h14",
            "PAN-OS 10.2.4-h13",
            "PAN-OS 10.2.4-h12",
            "PAN-OS 10.2.4-h11",
            "PAN-OS 10.2.4-h10",
            "PAN-OS 10.2.4-h9",
            "PAN-OS 10.2.4-h8",
            "PAN-OS 10.2.4-h7",
            "PAN-OS 10.2.4-h6",
            "PAN-OS 10.2.4-h5",
            "PAN-OS 10.2.4-h4",
            "PAN-OS 10.2.4-h3",
            "PAN-OS 10.2.4-h2",
            "PAN-OS 10.2.4-h1",
            "PAN-OS 10.2.4",
            "PAN-OS 10.2.3-h14",
            "PAN-OS 10.2.3-h13",
            "PAN-OS 10.2.3-h12",
            "PAN-OS 10.2.3-h11",
            "PAN-OS 10.2.3-h10",
            "PAN-OS 10.2.3-h9",
            "PAN-OS 10.2.3-h8",
            "PAN-OS 10.2.3-h7",
            "PAN-OS 10.2.3-h6",
            "PAN-OS 10.2.3-h5",
            "PAN-OS 10.2.3-h4",
            "PAN-OS 10.2.3-h3",
            "PAN-OS 10.2.3-h2",
            "PAN-OS 10.2.3-h1",
            "PAN-OS 10.2.3",
            "PAN-OS 10.2.2-h6",
            "PAN-OS 10.2.2-h5",
            "PAN-OS 10.2.2-h4",
            "PAN-OS 10.2.2-h3",
            "PAN-OS 10.2.2-h2",
            "PAN-OS 10.2.2-h1",
            "PAN-OS 10.2.2",
            "PAN-OS 10.2.1-h3",
            "PAN-OS 10.2.1-h2",
            "PAN-OS 10.2.1-h1",
            "PAN-OS 10.2.1",
            "PAN-OS 10.2.0-h4",
            "PAN-OS 10.2.0-h3",
            "PAN-OS 10.2.0-h2",
            "PAN-OS 10.2.0-h1",
            "PAN-OS 10.2.0"
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "assignerShortName": "palo_alto",
        "cveId": "CVE-2026-0288",
        "datePublished": "2026-07-08T20:14:32.405Z",
        "dateReserved": "2025-11-03T20:44:46.432Z",
        "dateUpdated": "2026-07-09T18:48:32.880Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0275 (GCVE-0-2026-0275)

    Vulnerability from cvelistv5 – Published: 2026-07-09 19:19 – Updated: 2026-07-09 19:19
    VLAI
    Title
    Prisma Browser: Local Privilege Escalation on macOS
    Summary
    A local privilege escalation vulnerability in Palo Alto Networks Prisma® Browser allows a locally authenticated administrator with access to the macOS local filesystem to perform actions on the device with root privileges. This issue only affects Prisma® Browser on macOS.
    CWE
    • CWE-269 - Improper Privilege Management
    Assigner
    References
    Impacted products
    Vendor Product Version
    Palo Alto Networks Prisma Browser Affected: 150.33.2.0 , < 150.33.2.46 (custom)
    Create a notification for this product.
    Date Public
    2026-07-08 16:00
    Credits
    Palo Alto Networks thanks Kun Peeks (@SwayZGl1tZyyy) for discovering and reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "macOS"
              ],
              "product": "Prisma Browser",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "150.33.2.46",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "150.33.2.46",
                  "status": "affected",
                  "version": "150.33.2.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "configurations": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "No special configuration is required to be affected by this issue."
                }
              ],
              "value": "No special configuration is required to be affected by this issue."
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:palo_alto_networks:prisma_browser:*:*:macos:*:*:*:*:*",
                      "versionEndExcluding": "150.33.2.46",
                      "versionStartIncluding": "150.33.2.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "other",
              "value": "Palo Alto Networks thanks Kun Peeks (@SwayZGl1tZyyy) for discovering and reporting this issue."
            }
          ],
          "datePublic": "2026-07-08T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A local privilege escalation vulnerability in Palo Alto Networks Prisma\u00ae Browser allows a locally authenticated administrator with access to the macOS local filesystem to perform actions on the device with root privileges. \u003cbr\u003e\u003cbr\u003eThis issue only affects Prisma\u00ae Browser on macOS."
                }
              ],
              "value": "A local privilege escalation vulnerability in Palo Alto Networks Prisma\u00ae Browser allows a locally authenticated administrator with access to the macOS local filesystem to perform actions on the device with root privileges. \n\nThis issue only affects Prisma\u00ae Browser on macOS."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003ePalo Alto Networks is not aware of any malicious exploitation of this issue.\u003c/p\u003e"
                }
              ],
              "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-233",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-233 Privilege Escalation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NO",
                "Recovery": "USER",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 2,
                "baseSeverity": "LOW",
                "exploitMaturity": "UNREPORTED",
                "privilegesRequired": "HIGH",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-269",
                  "description": "CWE-269 Improper Privilege Management",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T19:19:24.198Z",
            "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
            "shortName": "palo_alto"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.paloaltonetworks.com/CVE-2026-0275"
            }
          ],
          "solutions": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003ctable\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eVersion\u003c/th\u003e\u003cth\u003eSuggested Solution\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003ePrisma Browser\u003c/td\u003e\u003ctd\u003eUpgrade to 150.33.2.46\u0026nbsp;or later.\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e"
                }
              ],
              "value": "VersionSuggested SolutionPrisma BrowserUpgrade to 150.33.2.46\u00a0or later."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-08T16:00:00.000Z",
              "value": "Initial publication."
            }
          ],
          "title": "Prisma Browser: Local Privilege Escalation on macOS",
          "workarounds": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "No known workarounds exist for this issue."
                }
              ],
              "value": "No known workarounds exist for this issue."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "assignerShortName": "palo_alto",
        "cveId": "CVE-2026-0275",
        "datePublished": "2026-07-09T19:19:24.198Z",
        "dateReserved": "2025-11-03T20:44:34.621Z",
        "dateUpdated": "2026-07-09T19:19:24.198Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0276 (GCVE-0-2026-0276)

    Vulnerability from cvelistv5 – Published: 2026-07-09 19:17 – Updated: 2026-07-09 19:17
    VLAI
    Title
    Cortex XDR Broker VM: Privilege Escalation (PE) Vulnerability
    Summary
    A privilege escalation vulnerability in Palo Alto Networks Cortex® XDR Broker VM enables a locally authenticated user to perform actions as the root user.
    CWE
    • CWE-269 - — Improper Privilege Management
    Assigner
    References
    Impacted products
    Vendor Product Version
    Palo Alto Networks Cortex XDR Broker VM Affected: 20.0.96 , < 31.0.58 (custom)
    Create a notification for this product.
    Date Public
    2026-07-08 16:00
    Credits
    Palo Alto Networks thanks Martin Rougeron for discovering and reporting this issue
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Cortex XDR Broker VM",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "31.0.58",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "31.0.58",
                  "status": "affected",
                  "version": "20.0.96",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "configurations": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003e\u003cspan\u003eNo special configuration is required to be affected by this issue.\u003c/span\u003e\u003cbr\u003e\u003c/p\u003e"
                }
              ],
              "value": "No special configuration is required to be affected by this issue."
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:palo_alto_networks:cortex_xdr_broker_vm:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "31.0.58",
                      "versionStartIncluding": "20.0.96",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Palo Alto Networks thanks Martin Rougeron for discovering and reporting this issue"
            }
          ],
          "datePublic": "2026-07-08T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A privilege escalation vulnerability in Palo Alto Networks Cortex\u00ae XDR Broker VM enables a locally authenticated user to perform actions as the root user."
                }
              ],
              "value": "A privilege escalation vulnerability in Palo Alto Networks Cortex\u00ae XDR Broker VM enables a locally authenticated user to perform actions as the root user."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
                }
              ],
              "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-233",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-233 Privilege Escalation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NO",
                "Recovery": "USER",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 1.1,
                "baseSeverity": "LOW",
                "exploitMaturity": "UNREPORTED",
                "privilegesRequired": "LOW",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-269",
                  "description": "CWE-269 \u2014 Improper Privilege Management",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T19:17:01.145Z",
            "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
            "shortName": "palo_alto"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.paloaltonetworks.com/CVE-2026-0276"
            }
          ],
          "solutions": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eThis issue is fixed in Cortex XDR Broker VM 31.0.58, and all later Cortex XDR Broker VM versions.\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003eIf automatic upgrades are enabled for Broker VM, then no action is required at this time.\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003eIf automatic upgrades are not enabled for Broker VM, then we recommend that you do so to ensure that you always have the latest security patches installed in your software.\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"
                }
              ],
              "value": "This issue is fixed in Cortex XDR Broker VM 31.0.58, and all later Cortex XDR Broker VM versions.\n\n  *  \n\nIf automatic upgrades are enabled for Broker VM, then no action is required at this time.\n\n\n\n\n  *  \n\nIf automatic upgrades are not enabled for Broker VM, then we recommend that you do so to ensure that you always have the latest security patches installed in your software."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-08T16:00:00.000Z",
              "value": "Initial publication."
            }
          ],
          "title": "Cortex XDR Broker VM: Privilege Escalation (PE) Vulnerability",
          "workarounds": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "No known workarounds exist for this issue."
                }
              ],
              "value": "No known workarounds exist for this issue."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "assignerShortName": "palo_alto",
        "cveId": "CVE-2026-0276",
        "datePublished": "2026-07-09T19:17:01.145Z",
        "dateReserved": "2025-11-03T20:44:35.481Z",
        "dateUpdated": "2026-07-09T19:17:01.145Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0277 (GCVE-0-2026-0277)

    Vulnerability from cvelistv5 – Published: 2026-07-09 19:14 – Updated: 2026-07-09 19:14
    VLAI
    Title
    Prisma Access Agent: Improper Certificate Validation on iOS
    Summary
    An improper certificate validation vulnerability in the Prisma® Access Agent for iOS enables an attacker to perform a man-in-the-middle (MitM) attack to intercept VPN traffic. The Prisma Access Agent on Windows, macOS, Linux, Android and ChromeOS are not affected.
    CWE
    • CWE-295 - Improper Certificate Validation
    Assigner
    References
    Impacted products
    Date Public
    2026-07-08 16:00
    Credits
    our internal security research teams
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "iOS"
              ],
              "product": "Prisma Access Agent",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "26.2.1",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "26.2.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux",
                "Windows",
                "macOS",
                "Android",
                "ChromeOS"
              ],
              "product": "Prisma Access Agent",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "configurations": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "No special configuration is required to be affected by this issue."
                }
              ],
              "value": "No special configuration is required to be affected by this issue."
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:palo_alto_networks:prisma_access_agent:*:*:*:*:*:iOS:*:*",
                      "versionEndExcluding": "26.2.1",
                      "versionStartIncluding": "25.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "our internal security research teams"
            }
          ],
          "datePublic": "2026-07-08T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An improper certificate validation vulnerability in the Prisma\u00ae Access Agent for iOS enables an attacker to perform a man-in-the-middle (MitM) attack to intercept VPN traffic. \u003cbr\u003e\u003cbr\u003eThe Prisma Access Agent on Windows, macOS, Linux, Android and ChromeOS are not affected."
                }
              ],
              "value": "An improper certificate validation vulnerability in the Prisma\u00ae Access Agent for iOS enables an attacker to perform a man-in-the-middle (MitM) attack to intercept VPN traffic. \n\nThe Prisma Access Agent on Windows, macOS, Linux, Android and ChromeOS are not affected."
            }
          ],
          "exploits": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
                }
              ],
              "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-94",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-94 Adversary in the Middle (AiTM)"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NO",
                "Recovery": "USER",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "ADJACENT",
                "baseScore": 5.7,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "UNREPORTED",
                "privilegesRequired": "NONE",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "PASSIVE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-295",
                  "description": "CWE-295 Improper Certificate Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T19:14:50.806Z",
            "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
            "shortName": "palo_alto"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.paloaltonetworks.com/CVE-2026-0277"
            }
          ],
          "solutions": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003ctable\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eVersion\u003cbr\u003e\u003c/th\u003e\u003cth\u003eMinor Version\u003cbr\u003e\u003c/th\u003e\u003cth\u003eSuggested Solution\u003cbr\u003e\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\n                                    \u003ctd\u003ePrisma Access Agent on iOS\u003cbr\u003e\u003c/td\u003e\n                                    \u003ctd\u003e25.0 through 26.2\u003c/td\u003e\n                                    \u003ctd\u003eUpgrade to 26.2.1 or later.\u003c/td\u003e\n                                \u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePrisma Access Agent on Linux\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePrisma Access Agent on Windows\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePrisma Access Agent on macOS\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePrisma Access Agent on Android\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePrisma Access Agent on ChromeOS\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e"
                }
              ],
              "value": "Version\nMinor Version\nSuggested Solution\n\n                                    Prisma Access Agent on iOS\n\n                                    25.0 through 26.2\n                                    Upgrade to 26.2.1 or later.\n                                Prisma Access Agent on Linux\nNo action needed.Prisma Access Agent on Windows\nNo action needed.Prisma Access Agent on macOS\nNo action needed.Prisma Access Agent on Android\nNo action needed.Prisma Access Agent on ChromeOS\nNo action needed."
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-08T16:00:00.000Z",
              "value": "Initial Publication"
            }
          ],
          "title": "Prisma Access Agent: Improper Certificate Validation on iOS",
          "workarounds": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "No known workarounds exist for this issue."
                }
              ],
              "value": "No known workarounds exist for this issue."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "assignerShortName": "palo_alto",
        "cveId": "CVE-2026-0277",
        "datePublished": "2026-07-09T19:14:50.806Z",
        "dateReserved": "2025-11-03T20:44:36.317Z",
        "dateUpdated": "2026-07-09T19:14:50.806Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0278 (GCVE-0-2026-0278)

    Vulnerability from cvelistv5 – Published: 2026-07-09 19:12 – Updated: 2026-07-09 19:12
    VLAI
    Title
    Prisma Access Agent: Multiple DLP Policy Bypass Vulnerabilities on Windows
    Summary
    Multiple protection mechanism failures in the Prisma Access Agent Data Loss Prevention (DLP) component for Windows allow a local user to bypass DLP policy enforcement controls. The Prisma Access Agent on macOS is not affected.
    CWE
    • CWE-693 - Protection Mechanism Failure
    Assigner
    References
    Impacted products
    Date Public
    2026-07-08 16:00
    Credits
    Daniel Cuthbert and Vladislav Ovitchinikov from Banco Santander
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Prisma Access Agent",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "26.2.1",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "26.2.1",
                  "status": "affected",
                  "version": "24.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "macOS"
              ],
              "product": "Prisma Access Agent",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "configurations": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "No special configuration is required to be affected by this issue."
                }
              ],
              "value": "No special configuration is required to be affected by this issue."
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:palo_alto_networks:prisma_access_agent:*:*:windows:*:*:*:*:*",
                      "versionEndExcluding": "26.2.1",
                      "versionStartIncluding": "24.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:palo_alto_networks:prisma_access_agent:all:*:macos:*:*:*:*:*",
                      "vulnerable": false
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Daniel Cuthbert and Vladislav Ovitchinikov from Banco Santander"
            }
          ],
          "datePublic": "2026-07-08T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003e\u003cspan\u003eMultiple protection mechanism failures in the Prisma Access Agent Data Loss Prevention (DLP) component for Windows allow a local user to bypass DLP policy enforcement controls.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan\u003eThe Prisma Access Agent on macOS is not affected.\u003c/span\u003e\u003c/p\u003e"
                }
              ],
              "value": "Multiple protection mechanism failures in the Prisma Access Agent Data Loss Prevention (DLP) component for Windows allow a local user to bypass DLP policy enforcement controls.\n\n\n\nThe Prisma Access Agent on macOS is not affected."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
                }
              ],
              "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-212",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-212 Functionality Misuse"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NO",
                "Recovery": "AUTOMATIC",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 5.8,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "UNREPORTED",
                "privilegesRequired": "LOW",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "CONCENTRATED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/AU:N/R:A/V:C/RE:H/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "HIGH"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-693",
                  "description": "CWE-693 Protection Mechanism Failure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T19:12:11.045Z",
            "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
            "shortName": "palo_alto"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.paloaltonetworks.com/CVE-2026-0278"
            }
          ],
          "solutions": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003ctable\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eVersion\u003cbr\u003e\u003c/th\u003e\u003cth\u003eMinor Version\u003cbr\u003e\u003c/th\u003e\u003cth\u003eSuggested Solution\u003cbr\u003e\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\n                                    \u003ctd\u003ePrisma Access Agent   on Windows\u003cbr\u003e\u003c/td\u003e\n                                    \u003ctd\u003e24.0 through 26.2\u003c/td\u003e\n                                    \u003ctd\u003eUpgrade to 26.2.1 or later.\u003c/td\u003e\n                                \u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePrisma Access Agent on macOS\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e"
                }
              ],
              "value": "Version\nMinor Version\nSuggested Solution\n\n                                    Prisma Access Agent   on Windows\n\n                                    24.0 through 26.2\n                                    Upgrade to 26.2.1 or later.\n                                Prisma Access Agent on macOS\nNo action needed."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-08T16:00:00.000Z",
              "value": "Initial Publication"
            }
          ],
          "title": "Prisma Access Agent: Multiple DLP Policy Bypass Vulnerabilities on Windows",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "No known workarounds exist for this issue."
                }
              ],
              "value": "No known workarounds exist for this issue."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "assignerShortName": "palo_alto",
        "cveId": "CVE-2026-0278",
        "datePublished": "2026-07-09T19:12:11.045Z",
        "dateReserved": "2025-11-03T20:44:37.292Z",
        "dateUpdated": "2026-07-09T19:12:11.045Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0279 (GCVE-0-2026-0279)

    Vulnerability from cvelistv5 – Published: 2026-07-09 19:08 – Updated: 2026-07-09 19:23
    VLAI
    Title
    PAN-OS: Multiple Cross-Site Scripting (XSS) Vulnerabilities
    Summary
    Multiple cross site scripting vulnerabilities in the User-ID™ Authentication Portal (aka Captive Portal) service, GlobalProtect™ gateway/portal features and Clientless VPN of Palo Alto Networks PAN-OS® software enables a malicious unauthenticated user to store or execute malicious JavaScript payload. The security risk posed by this issue is minimized when the management interface and access to the User-ID™ Authentication Portal is restricted to only trusted internal IP addresses according to our recommended best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . This issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series). Cloud NGFW is not affected by this vulnerability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Palo Alto Networks Cloud NGFW Unaffected: All (custom)
    Create a notification for this product.
    Palo Alto Networks PAN-OS Affected: 12.1.0 , < 12.1.8 (custom)
    Affected: 11.2.0 , < 11.2.13 (custom)
    Affected: 11.1.0 , < 11.1.16 (custom)
    Affected: 10.2.0 , < 10.2.18-h8 (custom)
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.12:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h16:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h13:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.15:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.14:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h37:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h36:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h31:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h30:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h27:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h26:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h23:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h13:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Palo Alto Networks Prisma Access Affected: 12.1.0 , < 12.1.8 (custom)
    Affected: 11.2.0 (custom)
    Affected: 10.2.0 (custom)
    Create a notification for this product.
    Date Public
    2026-07-08 16:00
    Credits
    our internal security research teams
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0279",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T19:23:35.978278Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T19:23:42.200Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Cloud NGFW",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h16:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h13:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h37:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h36:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h31:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h30:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h27:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h26:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h23:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h13:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "affected",
              "product": "PAN-OS",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "12.1.8",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "12.1.8",
                  "status": "affected",
                  "version": "12.1.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "11.2.13",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "11.2.13",
                  "status": "affected",
                  "version": "11.2.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "11.1.16",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "11.1.16",
                  "status": "affected",
                  "version": "11.1.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "10.2.18-h8",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.16-h9",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.13-h23",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.10-h39",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.7-h36",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "10.2.18-h8",
                  "status": "affected",
                  "version": "10.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "Prisma Access",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "12.1.8",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "12.1.8",
                  "status": "affected",
                  "version": "12.1.0",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "11.2.0",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "10.2.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "configurations": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "No special configuration is required to be affected by this issue."
                }
              ],
              "value": "No special configuration is required to be affected by this issue."
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "12.1.8",
                      "versionStartIncluding": "12.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.2.13",
                      "versionStartIncluding": "11.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.16",
                      "versionStartIncluding": "11.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionStartIncluding": "10.2.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:prisma_access:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "12.1.8",
                      "versionStartIncluding": "12.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:prisma_access:*:*:*:*:*:*:*:*",
                      "versionStartIncluding": "11.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:prisma_access:*:*:*:*:*:*:*:*",
                      "versionStartIncluding": "10.2.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "our internal security research teams"
            }
          ],
          "datePublic": "2026-07-08T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Multiple cross site scripting vulnerabilities in the User-ID\u2122 Authentication Portal (aka Captive Portal) service, GlobalProtect\u2122 gateway/portal features and Clientless VPN of Palo Alto Networks PAN-OS\u00ae software enables a malicious unauthenticated user to store or execute malicious JavaScript payload.\u003cbr\u003e\u003cp\u003e\u003cspan\u003eThe security risk posed by this issue is minimized when the management interface and access to the User-ID\u2122 Authentication Portal is restricted to only trusted internal IP addresses according to our recommended\u003c/span\u003e \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"\u003e\u003cspan\u003ebest practice deployment guidelines\u003c/span\u003e\u003c/a\u003e\u003cspan\u003e.\u003cbr\u003e\u003cbr\u003e\u003c/span\u003e\u003cspan\u003eThis issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series).\u003c/span\u003e\u003cb\u003e\u003cspan\u003e\u003cbr\u003e\u003c/span\u003e\u003cspan\u003e\u003cbr\u003e\u003c/span\u003e\u003c/b\u003e\u003cspan\u003eCloud NGFW is not affected by this vulnerability.\u003c/span\u003e\u003cbr\u003e\u003c/p\u003e"
                }
              ],
              "value": "Multiple cross site scripting vulnerabilities in the User-ID\u2122 Authentication Portal (aka Captive Portal) service, GlobalProtect\u2122 gateway/portal features and Clientless VPN of Palo Alto Networks PAN-OS\u00ae software enables a malicious unauthenticated user to store or execute malicious JavaScript payload.\n\n\nThe security risk posed by this issue is minimized when the management interface and access to the User-ID\u2122 Authentication Portal is restricted to only trusted internal IP addresses according to our recommended  best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .\n\nThis issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series).\n\nCloud NGFW is not affected by this vulnerability."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Palo Alto Networks is not aware of any malicious exploitation of these issues."
                }
              ],
              "value": "Palo Alto Networks is not aware of any malicious exploitation of these issues."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-63",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-63 Cross-Site Scripting (XSS)"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NO",
                "Recovery": "USER",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 1.3,
                "baseSeverity": "LOW",
                "exploitMaturity": "UNREPORTED",
                "privilegesRequired": "NONE",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "The risk is highest when you allow access to the management interface from external IP addresses on the internet."
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NO",
                "Recovery": "USER",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "ADJACENT",
                "baseScore": 1.2,
                "baseSeverity": "LOW",
                "exploitMaturity": "UNREPORTED",
                "privilegesRequired": "NONE",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "You can reduce the risk of exploitation by restricting access to a jump box that is the only system allowed to access the management interface."
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NO",
                "Recovery": "USER",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "ADJACENT",
                "baseScore": 0.4,
                "baseSeverity": "LOW",
                "exploitMaturity": "UNREPORTED",
                "privilegesRequired": "LOW",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "The risk of exploitation is lower for Prisma Access as it requires an authenticated user and the external network access to the management interface is restricted."
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T19:08:41.656Z",
            "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
            "shortName": "palo_alto"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.paloaltonetworks.com/CVE-2026-0279"
            }
          ],
          "solutions": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003ctable\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eVersion\u003cbr\u003e\u003c/th\u003e\u003cth\u003eMinor Version\u003cbr\u003e\u003c/th\u003e\u003cth\u003eSuggested Solution\u003cbr\u003e\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eCloud NGFW\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 12.1\u003c/td\u003e\u003ctd\u003e12.1.2 through 12.1.7-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 12.1.8\u0026nbsp; or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 11.2\u003c/td\u003e\u003ctd\u003e11.2.0 through 11.2.12\u003c/td\u003e\u003ctd\u003eUpgrade to 11.2.13 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 11.1\u003c/td\u003e\u003ctd\u003e11.1.0 through 11.1.15-h*\u003cbr\u003e\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.16\u0026nbsp; or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 10.2\u003c/td\u003e\u003ctd\u003e10.2.0 through 10.2*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.16, 11.2.13, 12.1.8  or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eAll older\u003cbr\u003eunsupported\u003cbr\u003ePAN-OS versions\u003c/td\u003e\u003ctd\u003e\u0026nbsp;\u003c/td\u003e\u003ctd\u003eUpgrade to a supported fixed version.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u0026nbsp;Prisma Access 12.1\u003c/td\u003e\u003ctd\u003e12.1.2 through 12.1.7-h*\u003c/td\u003e\u003ctd\u003e\u0026nbsp;Upgrade to 12.1.8  or later.*\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePrisma Access 11.2\u003c/td\u003e\u003ctd\u003e11.2.0 through 11.2*\u003c/td\u003e\u003ctd\u003eUpgrade to 12.1.8 or later.*\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePrisma Access 10.2\u003c/td\u003e\u003ctd\u003e10.2.0 through 10.2*\u003c/td\u003e\u003ctd\u003eUpgrade to 12.1.8 or later.*\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cbr\u003e* See the note under Product Status for information regarding Prisma Access upgrades."
                }
              ],
              "value": "Version\nMinor Version\nSuggested Solution\nCloud NGFW\nNo action needed.PAN-OS 12.112.1.2 through 12.1.7-h*Upgrade to 12.1.8\u00a0 or later.PAN-OS 11.211.2.0 through 11.2.12Upgrade to 11.2.13 or later.PAN-OS 11.111.1.0 through 11.1.15-h*\nUpgrade to 11.1.16\u00a0 or later.PAN-OS 10.210.2.0 through 10.2*Upgrade to 11.1.16, 11.2.13, 12.1.8  or later.All older\nunsupported\nPAN-OS versions\u00a0Upgrade to a supported fixed version.\u00a0Prisma Access 12.112.1.2 through 12.1.7-h*\u00a0Upgrade to 12.1.8  or later.*Prisma Access 11.211.2.0 through 11.2*Upgrade to 12.1.8 or later.*Prisma Access 10.210.2.0 through 10.2*Upgrade to 12.1.8 or later.*\n* See the note under Product Status for information regarding Prisma Access upgrades."
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-08T20:30:00.000Z",
              "value": "Updated the Unaffected version for Prisma Access."
            },
            {
              "lang": "en",
              "time": "2026-07-08T16:00:00.000Z",
              "value": "Initial publication"
            }
          ],
          "title": "PAN-OS: Multiple Cross-Site Scripting (XSS) Vulnerabilities",
          "workarounds": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eThe vast majority of firewalls already follow Palo Alto Networks\u0027 and industry best practices. However, if you have not already, we strongly recommend that you secure access to your management interface according to our \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"\u003ebest practice deployment guidelines\u003c/a\u003e.\u0026nbsp;Specifically, you should restrict management interface access to only trusted internal IP addresses.\u003c/p\u003e\u003cp\u003eReview information about how to secure management access to your Palo Alto Networks firewalls:\u003c/p\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"\u003e\u003c/a\u003e\u003cul\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"\u003e\u003c/a\u003e\u003cli\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"\u003e\u003c/a\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"\u003ePalo Alto Networks LIVEcommunity article\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices\"\u003ePalo Alto Networks official and detailed technical documentation\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e"
                }
              ],
              "value": "The vast majority of firewalls already follow Palo Alto Networks\u0027 and industry best practices. However, if you have not already, we strongly recommend that you secure access to your management interface according to our  best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .\u00a0Specifically, you should restrict management interface access to only trusted internal IP addresses.\n\n\n\nReview information about how to secure management access to your Palo Alto Networks firewalls:\n\n  https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431   https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431   *    https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431  Palo Alto Networks LIVEcommunity article https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 \n  *   Palo Alto Networks official and detailed technical documentation https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices"
            }
          ],
          "x_affectedList": [
            "PAN-OS 12.1.7",
            "PAN-OS 12.1.6",
            "PAN-OS 12.1.5",
            "PAN-OS 12.1.4-h6",
            "PAN-OS 12.1.4-h5",
            "PAN-OS 12.1.4-h3",
            "PAN-OS 12.1.4-h2",
            "PAN-OS 12.1.4",
            "PAN-OS 12.1.3-h3",
            "PAN-OS 12.1.3-h1",
            "PAN-OS 12.1.3",
            "PAN-OS 12.1.2",
            "PAN-OS 11.2.12",
            "PAN-OS 11.2.11",
            "PAN-OS 11.2.10-h8",
            "PAN-OS 11.2.10-h7",
            "PAN-OS 11.2.10-h6",
            "PAN-OS 11.2.10-h5",
            "PAN-OS 11.2.10-h4",
            "PAN-OS 11.2.10-h3",
            "PAN-OS 11.2.10-h2",
            "PAN-OS 11.2.10-h1",
            "PAN-OS 11.2.10",
            "PAN-OS 11.2.9",
            "PAN-OS 11.2.8",
            "PAN-OS 11.2.7-h15",
            "PAN-OS 11.2.7-h14",
            "PAN-OS 11.2.7-h13",
            "PAN-OS 11.2.7-h12",
            "PAN-OS 11.2.7-h11",
            "PAN-OS 11.2.7-h10",
            "PAN-OS 11.2.7-h8",
            "PAN-OS 11.2.7-h7",
            "PAN-OS 11.2.7-h4",
            "PAN-OS 11.2.7-h3",
            "PAN-OS 11.2.7-h2",
            "PAN-OS 11.2.7-h1",
            "PAN-OS 11.2.7",
            "PAN-OS 11.2.6",
            "PAN-OS 11.2.5",
            "PAN-OS 11.2.4-h17",
            "PAN-OS 11.2.4-h15",
            "PAN-OS 11.2.4-h14",
            "PAN-OS 11.2.4-h12",
            "PAN-OS 11.2.4-h11",
            "PAN-OS 11.2.4-h10",
            "PAN-OS 11.2.4-h9",
            "PAN-OS 11.2.4-h8",
            "PAN-OS 11.2.4-h7",
            "PAN-OS 11.2.4-h6",
            "PAN-OS 11.2.4-h5",
            "PAN-OS 11.2.4-h4",
            "PAN-OS 11.2.4-h3",
            "PAN-OS 11.2.4-h2",
            "PAN-OS 11.2.4-h1",
            "PAN-OS 11.2.4",
            "PAN-OS 11.2.3-h5",
            "PAN-OS 11.2.3-h4",
            "PAN-OS 11.2.3-h3",
            "PAN-OS 11.2.3-h2",
            "PAN-OS 11.2.3-h1",
            "PAN-OS 11.2.3",
            "PAN-OS 11.2.2-h2",
            "PAN-OS 11.2.2-h1",
            "PAN-OS 11.2.1-h1",
            "PAN-OS 11.2.1",
            "PAN-OS 11.2.0-h1",
            "PAN-OS 11.2.0",
            "PAN-OS 11.1.15",
            "PAN-OS 11.1.14",
            "PAN-OS 11.1.13-h6",
            "PAN-OS 11.1.13-h5",
            "PAN-OS 11.1.13-h3",
            "PAN-OS 11.1.13-h2",
            "PAN-OS 11.1.13-h1",
            "PAN-OS 11.1.13",
            "PAN-OS 11.1.12",
            "PAN-OS 11.1.11",
            "PAN-OS 11.1.10-h26",
            "PAN-OS 11.1.10-h25",
            "PAN-OS 11.1.10-h21",
            "PAN-OS 11.1.10-h12",
            "PAN-OS 11.1.10-h10",
            "PAN-OS 11.1.10-h9",
            "PAN-OS 11.1.10-h7",
            "PAN-OS 11.1.10-h5",
            "PAN-OS 11.1.10-h4",
            "PAN-OS 11.1.10-h1",
            "PAN-OS 11.1.10",
            "PAN-OS 11.1.9",
            "PAN-OS 11.1.8",
            "PAN-OS 11.1.6-h32",
            "PAN-OS 11.1.6-h29",
            "PAN-OS 11.1.6-h25",
            "PAN-OS 11.1.6-h23",
            "PAN-OS 11.1.6-h22",
            "PAN-OS 11.1.6-h21",
            "PAN-OS 11.1.6-h20",
            "PAN-OS 11.1.6-h19",
            "PAN-OS 11.1.6-h18",
            "PAN-OS 11.1.6-h17",
            "PAN-OS 11.1.6-h14",
            "PAN-OS 11.1.6-h10",
            "PAN-OS 11.1.6-h7",
            "PAN-OS 11.1.6-h6",
            "PAN-OS 11.1.6-h4",
            "PAN-OS 11.1.6-h3",
            "PAN-OS 11.1.6-h2",
            "PAN-OS 11.1.6-h1",
            "PAN-OS 11.1.6",
            "PAN-OS 11.1.5-h1",
            "PAN-OS 11.1.5",
            "PAN-OS 11.1.4-h33",
            "PAN-OS 11.1.4-h32",
            "PAN-OS 11.1.4-h27",
            "PAN-OS 11.1.4-h25",
            "PAN-OS 11.1.4-h18",
            "PAN-OS 11.1.4-h17",
            "PAN-OS 11.1.4-h15",
            "PAN-OS 11.1.4-h13",
            "PAN-OS 11.1.4-h12",
            "PAN-OS 11.1.4-h11",
            "PAN-OS 11.1.4-h10",
            "PAN-OS 11.1.4-h9",
            "PAN-OS 11.1.4-h8",
            "PAN-OS 11.1.4-h7",
            "PAN-OS 11.1.4-h6",
            "PAN-OS 11.1.4-h5",
            "PAN-OS 11.1.4-h4",
            "PAN-OS 11.1.4-h3",
            "PAN-OS 11.1.4-h2",
            "PAN-OS 11.1.4-h1",
            "PAN-OS 11.1.4",
            "PAN-OS 11.1.3-h13",
            "PAN-OS 11.1.3-h12",
            "PAN-OS 11.1.3-h11",
            "PAN-OS 11.1.3-h10",
            "PAN-OS 11.1.3-h9",
            "PAN-OS 11.1.3-h8",
            "PAN-OS 11.1.3-h7",
            "PAN-OS 11.1.3-h6",
            "PAN-OS 11.1.3-h5",
            "PAN-OS 11.1.3-h4",
            "PAN-OS 11.1.3-h3",
            "PAN-OS 11.1.3-h2",
            "PAN-OS 11.1.3-h1",
            "PAN-OS 11.1.3",
            "PAN-OS 11.1.2-h18",
            "PAN-OS 11.1.2-h17",
            "PAN-OS 11.1.2-h16",
            "PAN-OS 11.1.2-h15",
            "PAN-OS 11.1.2-h14",
            "PAN-OS 11.1.2-h13",
            "PAN-OS 11.1.2-h12",
            "PAN-OS 11.1.2-h11",
            "PAN-OS 11.1.2-h10",
            "PAN-OS 11.1.2-h9",
            "PAN-OS 11.1.2-h8",
            "PAN-OS 11.1.2-h7",
            "PAN-OS 11.1.2-h6",
            "PAN-OS 11.1.2-h5",
            "PAN-OS 11.1.2-h4",
            "PAN-OS 11.1.2-h3",
            "PAN-OS 11.1.2-h2",
            "PAN-OS 11.1.2-h1",
            "PAN-OS 11.1.2",
            "PAN-OS 11.1.1-h2",
            "PAN-OS 11.1.1-h1",
            "PAN-OS 11.1.1",
            "PAN-OS 11.1.0-h4",
            "PAN-OS 11.1.0-h3",
            "PAN-OS 11.1.0-h2",
            "PAN-OS 11.1.0-h1",
            "PAN-OS 11.1.0",
            "PAN-OS 10.2.18-h6",
            "PAN-OS 10.2.18-h5",
            "PAN-OS 10.2.18-h1",
            "PAN-OS 10.2.18",
            "PAN-OS 10.2.17",
            "PAN-OS 10.2.16-h7",
            "PAN-OS 10.2.16-h6",
            "PAN-OS 10.2.16-h4",
            "PAN-OS 10.2.16-h1",
            "PAN-OS 10.2.16",
            "PAN-OS 10.2.15",
            "PAN-OS 10.2.14-h1",
            "PAN-OS 10.2.14",
            "PAN-OS 10.2.13-h21",
            "PAN-OS 10.2.13-h18",
            "PAN-OS 10.2.13-h16",
            "PAN-OS 10.2.13-h15",
            "PAN-OS 10.2.13-h10",
            "PAN-OS 10.2.13-h7",
            "PAN-OS 10.2.13-h5",
            "PAN-OS 10.2.13-h4",
            "PAN-OS 10.2.13-h3",
            "PAN-OS 10.2.13-h2",
            "PAN-OS 10.2.13-h1",
            "PAN-OS 10.2.13",
            "PAN-OS 10.2.12-h6",
            "PAN-OS 10.2.12-h5",
            "PAN-OS 10.2.12-h4",
            "PAN-OS 10.2.12-h3",
            "PAN-OS 10.2.12-h2",
            "PAN-OS 10.2.12-h1",
            "PAN-OS 10.2.12",
            "PAN-OS 10.2.11-h13",
            "PAN-OS 10.2.11-h12",
            "PAN-OS 10.2.11-h11",
            "PAN-OS 10.2.11-h10",
            "PAN-OS 10.2.11-h9",
            "PAN-OS 10.2.11-h8",
            "PAN-OS 10.2.11-h7",
            "PAN-OS 10.2.11-h6",
            "PAN-OS 10.2.11-h5",
            "PAN-OS 10.2.11-h4",
            "PAN-OS 10.2.11-h3",
            "PAN-OS 10.2.11-h2",
            "PAN-OS 10.2.11-h1",
            "PAN-OS 10.2.11",
            "PAN-OS 10.2.10-h36",
            "PAN-OS 10.2.10-h31",
            "PAN-OS 10.2.10-h30",
            "PAN-OS 10.2.10-h27",
            "PAN-OS 10.2.10-h26",
            "PAN-OS 10.2.10-h23",
            "PAN-OS 10.2.10-h21",
            "PAN-OS 10.2.10-h18",
            "PAN-OS 10.2.10-h17",
            "PAN-OS 10.2.10-h14",
            "PAN-OS 10.2.10-h13",
            "PAN-OS 10.2.10-h12",
            "PAN-OS 10.2.10-h11",
            "PAN-OS 10.2.10-h10",
            "PAN-OS 10.2.10-h9",
            "PAN-OS 10.2.10-h8",
            "PAN-OS 10.2.10-h7",
            "PAN-OS 10.2.10-h6",
            "PAN-OS 10.2.10-h5",
            "PAN-OS 10.2.10-h4",
            "PAN-OS 10.2.10-h3",
            "PAN-OS 10.2.10-h2",
            "PAN-OS 10.2.10-h1",
            "PAN-OS 10.2.10",
            "PAN-OS 10.2.9-h21",
            "PAN-OS 10.2.9-h20",
            "PAN-OS 10.2.9-h19",
            "PAN-OS 10.2.9-h18",
            "PAN-OS 10.2.9-h17",
            "PAN-OS 10.2.9-h16",
            "PAN-OS 10.2.9-h15",
            "PAN-OS 10.2.9-h14",
            "PAN-OS 10.2.9-h13",
            "PAN-OS 10.2.9-h12",
            "PAN-OS 10.2.9-h11",
            "PAN-OS 10.2.9-h10",
            "PAN-OS 10.2.9-h9",
            "PAN-OS 10.2.9-h8",
            "PAN-OS 10.2.9-h7",
            "PAN-OS 10.2.9-h6",
            "PAN-OS 10.2.9-h5",
            "PAN-OS 10.2.9-h4",
            "PAN-OS 10.2.9-h3",
            "PAN-OS 10.2.9-h2",
            "PAN-OS 10.2.9-h1",
            "PAN-OS 10.2.9",
            "PAN-OS 10.2.8-h21",
            "PAN-OS 10.2.8-h20",
            "PAN-OS 10.2.8-h19",
            "PAN-OS 10.2.8-h18",
            "PAN-OS 10.2.8-h17",
            "PAN-OS 10.2.8-h16",
            "PAN-OS 10.2.8-h15",
            "PAN-OS 10.2.8-h14",
            "PAN-OS 10.2.8-h13",
            "PAN-OS 10.2.8-h12",
            "PAN-OS 10.2.8-h11",
            "PAN-OS 10.2.8-h10",
            "PAN-OS 10.2.8-h9",
            "PAN-OS 10.2.8-h8",
            "PAN-OS 10.2.8-h7",
            "PAN-OS 10.2.8-h6",
            "PAN-OS 10.2.8-h5",
            "PAN-OS 10.2.8-h4",
            "PAN-OS 10.2.8-h3",
            "PAN-OS 10.2.8-h2",
            "PAN-OS 10.2.8-h1",
            "PAN-OS 10.2.8",
            "PAN-OS 10.2.7-h34",
            "PAN-OS 10.2.7-h32",
            "PAN-OS 10.2.7-h24",
            "PAN-OS 10.2.7-h23",
            "PAN-OS 10.2.7-h22",
            "PAN-OS 10.2.7-h21",
            "PAN-OS 10.2.7-h20",
            "PAN-OS 10.2.7-h19",
            "PAN-OS 10.2.7-h18",
            "PAN-OS 10.2.7-h17",
            "PAN-OS 10.2.7-h16",
            "PAN-OS 10.2.7-h15",
            "PAN-OS 10.2.7-h14",
            "PAN-OS 10.2.7-h13",
            "PAN-OS 10.2.7-h12",
            "PAN-OS 10.2.7-h11",
            "PAN-OS 10.2.7-h10",
            "PAN-OS 10.2.7-h9",
            "PAN-OS 10.2.7-h8",
            "PAN-OS 10.2.7-h7",
            "PAN-OS 10.2.7-h6",
            "PAN-OS 10.2.7-h5",
            "PAN-OS 10.2.7-h4",
            "PAN-OS 10.2.7-h3",
            "PAN-OS 10.2.7-h2",
            "PAN-OS 10.2.7-h1",
            "PAN-OS 10.2.7",
            "PAN-OS 10.2.6-h6",
            "PAN-OS 10.2.6-h5",
            "PAN-OS 10.2.6-h4",
            "PAN-OS 10.2.6-h3",
            "PAN-OS 10.2.6-h2",
            "PAN-OS 10.2.6-h1",
            "PAN-OS 10.2.6",
            "PAN-OS 10.2.5-h9",
            "PAN-OS 10.2.5-h8",
            "PAN-OS 10.2.5-h7",
            "PAN-OS 10.2.5-h6",
            "PAN-OS 10.2.5-h5",
            "PAN-OS 10.2.5-h4",
            "PAN-OS 10.2.5-h3",
            "PAN-OS 10.2.5-h2",
            "PAN-OS 10.2.5-h1",
            "PAN-OS 10.2.5",
            "PAN-OS 10.2.4-h32",
            "PAN-OS 10.2.4-h31",
            "PAN-OS 10.2.4-h30",
            "PAN-OS 10.2.4-h29",
            "PAN-OS 10.2.4-h28",
            "PAN-OS 10.2.4-h27",
            "PAN-OS 10.2.4-h26",
            "PAN-OS 10.2.4-h25",
            "PAN-OS 10.2.4-h24",
            "PAN-OS 10.2.4-h23",
            "PAN-OS 10.2.4-h22",
            "PAN-OS 10.2.4-h21",
            "PAN-OS 10.2.4-h20",
            "PAN-OS 10.2.4-h19",
            "PAN-OS 10.2.4-h18",
            "PAN-OS 10.2.4-h17",
            "PAN-OS 10.2.4-h16",
            "PAN-OS 10.2.4-h15",
            "PAN-OS 10.2.4-h14",
            "PAN-OS 10.2.4-h13",
            "PAN-OS 10.2.4-h12",
            "PAN-OS 10.2.4-h11",
            "PAN-OS 10.2.4-h10",
            "PAN-OS 10.2.4-h9",
            "PAN-OS 10.2.4-h8",
            "PAN-OS 10.2.4-h7",
            "PAN-OS 10.2.4-h6",
            "PAN-OS 10.2.4-h5",
            "PAN-OS 10.2.4-h4",
            "PAN-OS 10.2.4-h3",
            "PAN-OS 10.2.4-h2",
            "PAN-OS 10.2.4-h1",
            "PAN-OS 10.2.4",
            "PAN-OS 10.2.3-h14",
            "PAN-OS 10.2.3-h13",
            "PAN-OS 10.2.3-h12",
            "PAN-OS 10.2.3-h11",
            "PAN-OS 10.2.3-h10",
            "PAN-OS 10.2.3-h9",
            "PAN-OS 10.2.3-h8",
            "PAN-OS 10.2.3-h7",
            "PAN-OS 10.2.3-h6",
            "PAN-OS 10.2.3-h5",
            "PAN-OS 10.2.3-h4",
            "PAN-OS 10.2.3-h3",
            "PAN-OS 10.2.3-h2",
            "PAN-OS 10.2.3-h1",
            "PAN-OS 10.2.3",
            "PAN-OS 10.2.2-h6",
            "PAN-OS 10.2.2-h5",
            "PAN-OS 10.2.2-h4",
            "PAN-OS 10.2.2-h3",
            "PAN-OS 10.2.2-h2",
            "PAN-OS 10.2.2-h1",
            "PAN-OS 10.2.2",
            "PAN-OS 10.2.1-h3",
            "PAN-OS 10.2.1-h2",
            "PAN-OS 10.2.1-h1",
            "PAN-OS 10.2.1",
            "PAN-OS 10.2.0-h4",
            "PAN-OS 10.2.0-h3",
            "PAN-OS 10.2.0-h2",
            "PAN-OS 10.2.0-h1",
            "PAN-OS 10.2.0"
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "assignerShortName": "palo_alto",
        "cveId": "CVE-2026-0279",
        "datePublished": "2026-07-09T19:08:41.656Z",
        "dateReserved": "2025-11-03T20:44:38.280Z",
        "dateUpdated": "2026-07-09T19:23:42.200Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0280 (GCVE-0-2026-0280)

    Vulnerability from cvelistv5 – Published: 2026-07-09 19:05 – Updated: 2026-07-09 19:23
    VLAI
    Title
    PAN-OS: IPv6 Firewall Policy Bypass
    Summary
    An IPv6 packet processing vulnerability in the dataplane of Palo Alto Networks PAN-OS® software enables an unauthenticated attacker to bypass firewall security policy enforcement, allowing network traffic that should be blocked to reach protected services. Cloud NGFW and Panorama are not impacted by this vulnerability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-131 - Incorrect Calculation of Buffer Size
    Assigner
    References
    Impacted products
    Vendor Product Version
    Palo Alto Networks Cloud NGFW Unaffected: All (custom)
    Create a notification for this product.
    Palo Alto Networks PAN-OS Affected: 12.1.0 , < 12.1.8 (custom)
    Affected: 11.2.0 , < 11.2.13 (custom)
    Affected: 11.1.0 , < 11.1.16 (custom)
    Affected: 10.2.0 , < 10.2.18-h8 (custom)
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.12:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h13:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.15:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.14:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h26:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h25:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h32:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h29:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h25:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h23:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h22:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h20:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h19:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h33:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h32:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h27:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h25:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h13:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h16:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h36:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h31:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h30:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h27:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h26:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h23:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h13:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h34:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h32:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h24:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h23:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h22:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h20:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h19:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h16:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h13:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Palo Alto Networks Panorama Unaffected: All (custom)
    Create a notification for this product.
    Palo Alto Networks Prisma Access Affected: 11.2.0 , < 11.2.7-h18 (custom)
    Affected: 10.2.0 , < 10.2.10-h39 (custom)
    Create a notification for this product.
    Date Public
    2026-07-08 16:00
    Credits
    Curious of TRAPA Security
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0280",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T19:23:50.545835Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T19:23:56.125Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Cloud NGFW",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h13:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h26:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h25:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h32:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h29:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h25:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h23:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h22:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h20:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h19:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h33:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h32:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h27:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h25:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h13:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h16:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h36:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h31:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h30:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h27:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h26:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h23:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h13:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h34:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h32:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h24:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h23:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h22:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h20:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h19:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h16:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h13:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "PAN-OS",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "12.1.8",
                      "status": "unaffected"
                    },
                    {
                      "at": "12.1.7-h2",
                      "status": "unaffected"
                    },
                    {
                      "at": "12.1.4-h8",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "12.1.8",
                  "status": "affected",
                  "version": "12.1.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "11.2.13",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.2.10-h11",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.2.7-h18",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.2.4-h20",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "11.2.13",
                  "status": "affected",
                  "version": "11.2.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "11.1.16",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.13-h9",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.10-h30",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.7-h8",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.6-h35",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.4-h35",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "11.1.16",
                  "status": "affected",
                  "version": "11.1.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "10.2.18-h8",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.16-h9",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.13-h23",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.10-h39",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.7-h36",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "10.2.18-h8",
                  "status": "affected",
                  "version": "10.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Panorama",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Prisma Access",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "11.2.7-h18",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "11.2.7-h18",
                  "status": "affected",
                  "version": "11.2.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "10.2.10-h39",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "10.2.10-h39",
                  "status": "affected",
                  "version": "10.2.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "configurations": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "This issue applies to PAN-OS firewalls with IPv6 enabled on one or more interfaces.\u003cbr\u003e\u003cbr\u003eYou can verify IPv6 is enabled by checking:\u003cbr\u003e\u2003Network -\u0026gt; Interfaces -\u0026gt; [Interface with Layer3 type] -\u0026gt; IPv6 \u0026gt; Enable IPv6 on the interface"
                }
              ],
              "value": "This issue applies to PAN-OS firewalls with IPv6 enabled on one or more interfaces.\n\nYou can verify IPv6 is enabled by checking:\n\u2003Network -\u003e Interfaces -\u003e [Interface with Layer3 type] -\u003e IPv6 \u003e Enable IPv6 on the interface"
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "12.1.8",
                      "versionStartIncluding": "12.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "12.1.7-h2",
                      "versionStartIncluding": "12.1.7",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "12.1.4-h8",
                      "versionStartIncluding": "12.1.4",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.2.13",
                      "versionStartIncluding": "11.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.2.10-h11",
                      "versionStartIncluding": "11.2.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.2.7-h18",
                      "versionStartIncluding": "11.2.7",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.2.4-h20",
                      "versionStartIncluding": "11.2.4",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.16",
                      "versionStartIncluding": "11.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.13-h9",
                      "versionStartIncluding": "11.1.13",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.10-h30",
                      "versionStartIncluding": "11.1.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.7-h8",
                      "versionStartIncluding": "11.1.7",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.6-h35",
                      "versionStartIncluding": "11.1.6",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.4-h35",
                      "versionStartIncluding": "11.1.4",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.18-h8",
                      "versionStartIncluding": "10.2.18",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.16-h9",
                      "versionStartIncluding": "10.2.16",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.13-h23",
                      "versionStartIncluding": "10.2.13",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.10-h39",
                      "versionStartIncluding": "10.2.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.7-h36",
                      "versionStartIncluding": "10.2.7",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:prisma_access:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.2.7-h18",
                      "versionStartIncluding": "11.2.7",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:prisma_access:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.10-h39",
                      "versionStartIncluding": "10.2.10",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Curious of TRAPA Security"
            }
          ],
          "datePublic": "2026-07-08T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An IPv6 packet processing vulnerability in the dataplane of Palo Alto Networks PAN-OS\u00ae software enables an unauthenticated attacker to bypass firewall security policy enforcement, allowing network traffic that should be blocked to reach protected services.\u003cbr\u003e\u003cbr\u003eCloud NGFW and Panorama are not impacted by this vulnerability."
                }
              ],
              "value": "An IPv6 packet processing vulnerability in the dataplane of Palo Alto Networks PAN-OS\u00ae software enables an unauthenticated attacker to bypass firewall security policy enforcement, allowing network traffic that should be blocked to reach protected services.\n\nCloud NGFW and Panorama are not impacted by this vulnerability."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
                }
              ],
              "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-153",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-153 Input Data Manipulation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 1.7,
                "baseSeverity": "LOW",
                "exploitMaturity": "UNREPORTED",
                "privilegesRequired": "NONE",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "LOW",
                "userInteraction": "NONE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/AU:Y/V:D/RE:M/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-131",
                  "description": "CWE-131 Incorrect Calculation of Buffer Size",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T19:05:24.367Z",
            "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
            "shortName": "palo_alto"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.paloaltonetworks.com/CVE-2026-0280"
            }
          ],
          "solutions": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003ctable\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eVersion\u003cbr\u003e\u003c/th\u003e\u003cth\u003eMinor Version\u003cbr\u003e\u003c/th\u003e\u003cth\u003eSuggested Solution\u003cbr\u003e\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eCloud NGFW\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003ePAN-OS 12.1\u003cbr\u003e\u003c/td\u003e\n                                \u003ctd\u003e12.1.5 through 12.1.7\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 12.1.7-h2 or 12.1.8 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e12.1.2 through 12.1.4\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 12.1.4-h8 or 12.1.8 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003ePAN-OS 11.2\u003cbr\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.2.11 through 11.2.12\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.2.13 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.2.8 through 11.2.10\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.2.10-h11 or 11.2.13 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.2.5 through 11.2.7\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.2.7-h18 or 11.2.13 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.2.0 through 11.2.4\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.2.4-h20 or 11.2.13 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003ePAN-OS 11.1\u003cbr\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.1.14 through 11.1.15\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.1.16 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.1.11 through 11.1.13\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.1.13-h9 or 11.1.16 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.1.8 through 11.1.10\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.1.10-h30 or 11.1.16 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.1.7 through 11.1.7\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.1.7-h8 or 11.1.16 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.1.5 through 11.1.6\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.1.6-h35 or 11.1.16 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.1.0 through 11.1.4\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.1.4-h35 or 11.1.16 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003ePAN-OS 10.2\u003cbr\u003e\u003c/td\u003e\n                                \u003ctd\u003e10.2.17 through 10.2.18\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 10.2.18-h8 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e10.2.14 through 10.2.16\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 10.2.16-h9 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e10.2.11 through 10.2.13\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 10.2.13-h23 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e10.2.8 through 10.2.10\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 10.2.10-h39 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e10.2.0 through 10.2.7\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 10.2.7-h36 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eAll older\u003cbr\u003eunsupported\u003cbr\u003ePAN-OS versions\u003c/td\u003e\u003ctd\u003e\u0026nbsp;\u003c/td\u003e\u003ctd\u003eUpgrade to a supported fixed version.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePrisma Access 11.2\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.2.0 through 11.2.7\u003c/td\u003e\u003ctd\u003eUpgrade to 11.2.7-h18 or later.*\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePrisma Access 10.2\u003c/td\u003e\u003ctd\u003e10.2.0 through 10.2.10\u003c/td\u003e\u003ctd\u003eUpgrade to 10.2.10-h39 or later.*\u003cbr\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cbr\u003e* See the note under Product Status for information regarding Prisma Access upgrades."
                }
              ],
              "value": "Version\nMinor Version\nSuggested Solution\nCloud NGFW\nNo action needed.\n                                PAN-OS 12.1\n\n                                12.1.5 through 12.1.7-h*\n                                Upgrade to 12.1.7-h2 or 12.1.8 or later.\n                            \n                                \n                                12.1.2 through 12.1.4-h*\n                                Upgrade to 12.1.4-h8 or 12.1.8 or later.\n                            \n                                PAN-OS 11.2\n\n                                11.2.11 through 11.2.12\n                                Upgrade to 11.2.13 or later.\n                            \n                                \n                                11.2.8 through 11.2.10-h*\n                                Upgrade to 11.2.10-h11 or 11.2.13 or later.\n                            \n                                \n                                11.2.5 through 11.2.7-h*\n                                Upgrade to 11.2.7-h18 or 11.2.13 or later.\n                            \n                                \n                                11.2.0 through 11.2.4-h*\n                                Upgrade to 11.2.4-h20 or 11.2.13 or later.\n                            \n                                PAN-OS 11.1\n\n                                11.1.14 through 11.1.15\n                                Upgrade to 11.1.16 or later.\n                            \n                                \n                                11.1.11 through 11.1.13-h*\n                                Upgrade to 11.1.13-h9 or 11.1.16 or later.\n                            \n                                \n                                11.1.8 through 11.1.10-h*\n                                Upgrade to 11.1.10-h30 or 11.1.16 or later.\n                            \n                                \n                                11.1.7 through 11.1.7-h*\n                                Upgrade to 11.1.7-h8 or 11.1.16 or later.\n                            \n                                \n                                11.1.5 through 11.1.6-h*\n                                Upgrade to 11.1.6-h35 or 11.1.16 or later.\n                            \n                                \n                                11.1.0 through 11.1.4-h*\n                                Upgrade to 11.1.4-h35 or 11.1.16 or later.\n                            \n                                PAN-OS 10.2\n\n                                10.2.17 through 10.2.18-h*\n                                Upgrade to 10.2.18-h8 or later.\n                            \n                                \n                                10.2.14 through 10.2.16-h*\n                                Upgrade to 10.2.16-h9 or later.\n                            \n                                \n                                10.2.11 through 10.2.13-h*\n                                Upgrade to 10.2.13-h23 or later.\n                            \n                                \n                                10.2.8 through 10.2.10-h*\n                                Upgrade to 10.2.10-h39 or later.\n                            \n                                \n                                10.2.0 through 10.2.7-h*\n                                Upgrade to 10.2.7-h36 or later.\n                            All older\nunsupported\nPAN-OS versions\u00a0Upgrade to a supported fixed version.Prisma Access 11.2\n11.2.0 through 11.2.7Upgrade to 11.2.7-h18 or later.*Prisma Access 10.210.2.0 through 10.2.10Upgrade to 10.2.10-h39 or later.*\n\n* See the note under Product Status for information regarding Prisma Access upgrades."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-08T16:00:00.000Z",
              "value": "Initial Publication"
            }
          ],
          "title": "PAN-OS: IPv6 Firewall Policy Bypass",
          "workarounds": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eThe only way to completely address this vulnerability is to upgrade to a fixed version. However, if operationally feasible for your environment, risk can be mitigated by enabling the default \"Non SYN TCP Reject\" setting via the following command:\u2003\u003c/p\u003e\u2003set deviceconfig setting session tcp-reject-non-syn yes"
                }
              ],
              "value": "The only way to completely address this vulnerability is to upgrade to a fixed version. However, if operationally feasible for your environment, risk can be mitigated by enabling the default \"Non SYN TCP Reject\" setting via the following command:\u2003\n\n\u2003set deviceconfig setting session tcp-reject-non-syn yes"
            }
          ],
          "x_affectedList": [
            "PAN-OS 12.1.7",
            "PAN-OS 12.1.6",
            "PAN-OS 12.1.5",
            "PAN-OS 12.1.4-h6",
            "PAN-OS 12.1.4-h5",
            "PAN-OS 12.1.4-h3",
            "PAN-OS 12.1.4-h2",
            "PAN-OS 12.1.4",
            "PAN-OS 12.1.3-h3",
            "PAN-OS 12.1.3-h1",
            "PAN-OS 12.1.3",
            "PAN-OS 12.1.2",
            "PAN-OS 11.2.12",
            "PAN-OS 11.2.11",
            "PAN-OS 11.2.10-h8",
            "PAN-OS 11.2.10-h7",
            "PAN-OS 11.2.10-h6",
            "PAN-OS 11.2.10-h5",
            "PAN-OS 11.2.10-h4",
            "PAN-OS 11.2.10-h3",
            "PAN-OS 11.2.10-h2",
            "PAN-OS 11.2.10-h1",
            "PAN-OS 11.2.10",
            "PAN-OS 11.2.9",
            "PAN-OS 11.2.8",
            "PAN-OS 11.2.7-h15",
            "PAN-OS 11.2.7-h14",
            "PAN-OS 11.2.7-h13",
            "PAN-OS 11.2.7-h12",
            "PAN-OS 11.2.7-h11",
            "PAN-OS 11.2.7-h10",
            "PAN-OS 11.2.7-h8",
            "PAN-OS 11.2.7-h7",
            "PAN-OS 11.2.7-h4",
            "PAN-OS 11.2.7-h3",
            "PAN-OS 11.2.7-h2",
            "PAN-OS 11.2.7-h1",
            "PAN-OS 11.2.7",
            "PAN-OS 11.2.6",
            "PAN-OS 11.2.5",
            "PAN-OS 11.2.4-h17",
            "PAN-OS 11.2.4-h15",
            "PAN-OS 11.2.4-h14",
            "PAN-OS 11.2.4-h12",
            "PAN-OS 11.2.4-h11",
            "PAN-OS 11.2.4-h10",
            "PAN-OS 11.2.4-h9",
            "PAN-OS 11.2.4-h8",
            "PAN-OS 11.2.4-h7",
            "PAN-OS 11.2.4-h6",
            "PAN-OS 11.2.4-h5",
            "PAN-OS 11.2.4-h4",
            "PAN-OS 11.2.4-h3",
            "PAN-OS 11.2.4-h2",
            "PAN-OS 11.2.4-h1",
            "PAN-OS 11.2.4",
            "PAN-OS 11.2.3-h5",
            "PAN-OS 11.2.3-h4",
            "PAN-OS 11.2.3-h3",
            "PAN-OS 11.2.3-h2",
            "PAN-OS 11.2.3-h1",
            "PAN-OS 11.2.3",
            "PAN-OS 11.2.2-h2",
            "PAN-OS 11.2.2-h1",
            "PAN-OS 11.2.1-h1",
            "PAN-OS 11.2.1",
            "PAN-OS 11.2.0-h1",
            "PAN-OS 11.2.0",
            "PAN-OS 11.1.15",
            "PAN-OS 11.1.14",
            "PAN-OS 11.1.13-h6",
            "PAN-OS 11.1.13-h5",
            "PAN-OS 11.1.13-h3",
            "PAN-OS 11.1.13-h2",
            "PAN-OS 11.1.13-h1",
            "PAN-OS 11.1.13",
            "PAN-OS 11.1.12",
            "PAN-OS 11.1.11",
            "PAN-OS 11.1.10-h26",
            "PAN-OS 11.1.10-h25",
            "PAN-OS 11.1.10-h21",
            "PAN-OS 11.1.10-h12",
            "PAN-OS 11.1.10-h10",
            "PAN-OS 11.1.10-h9",
            "PAN-OS 11.1.10-h7",
            "PAN-OS 11.1.10-h5",
            "PAN-OS 11.1.10-h4",
            "PAN-OS 11.1.10-h1",
            "PAN-OS 11.1.10",
            "PAN-OS 11.1.9",
            "PAN-OS 11.1.8",
            "PAN-OS 11.1.6-h32",
            "PAN-OS 11.1.6-h29",
            "PAN-OS 11.1.6-h25",
            "PAN-OS 11.1.6-h23",
            "PAN-OS 11.1.6-h22",
            "PAN-OS 11.1.6-h21",
            "PAN-OS 11.1.6-h20",
            "PAN-OS 11.1.6-h19",
            "PAN-OS 11.1.6-h18",
            "PAN-OS 11.1.6-h17",
            "PAN-OS 11.1.6-h14",
            "PAN-OS 11.1.6-h10",
            "PAN-OS 11.1.6-h7",
            "PAN-OS 11.1.6-h6",
            "PAN-OS 11.1.6-h4",
            "PAN-OS 11.1.6-h3",
            "PAN-OS 11.1.6-h2",
            "PAN-OS 11.1.6-h1",
            "PAN-OS 11.1.6",
            "PAN-OS 11.1.5-h1",
            "PAN-OS 11.1.5",
            "PAN-OS 11.1.4-h33",
            "PAN-OS 11.1.4-h32",
            "PAN-OS 11.1.4-h27",
            "PAN-OS 11.1.4-h25",
            "PAN-OS 11.1.4-h18",
            "PAN-OS 11.1.4-h17",
            "PAN-OS 11.1.4-h15",
            "PAN-OS 11.1.4-h13",
            "PAN-OS 11.1.4-h12",
            "PAN-OS 11.1.4-h11",
            "PAN-OS 11.1.4-h10",
            "PAN-OS 11.1.4-h9",
            "PAN-OS 11.1.4-h8",
            "PAN-OS 11.1.4-h7",
            "PAN-OS 11.1.4-h6",
            "PAN-OS 11.1.4-h5",
            "PAN-OS 11.1.4-h4",
            "PAN-OS 11.1.4-h3",
            "PAN-OS 11.1.4-h2",
            "PAN-OS 11.1.4-h1",
            "PAN-OS 11.1.4",
            "PAN-OS 11.1.3-h13",
            "PAN-OS 11.1.3-h12",
            "PAN-OS 11.1.3-h11",
            "PAN-OS 11.1.3-h10",
            "PAN-OS 11.1.3-h9",
            "PAN-OS 11.1.3-h8",
            "PAN-OS 11.1.3-h7",
            "PAN-OS 11.1.3-h6",
            "PAN-OS 11.1.3-h5",
            "PAN-OS 11.1.3-h4",
            "PAN-OS 11.1.3-h3",
            "PAN-OS 11.1.3-h2",
            "PAN-OS 11.1.3-h1",
            "PAN-OS 11.1.3",
            "PAN-OS 11.1.2-h18",
            "PAN-OS 11.1.2-h17",
            "PAN-OS 11.1.2-h16",
            "PAN-OS 11.1.2-h15",
            "PAN-OS 11.1.2-h14",
            "PAN-OS 11.1.2-h13",
            "PAN-OS 11.1.2-h12",
            "PAN-OS 11.1.2-h11",
            "PAN-OS 11.1.2-h10",
            "PAN-OS 11.1.2-h9",
            "PAN-OS 11.1.2-h8",
            "PAN-OS 11.1.2-h7",
            "PAN-OS 11.1.2-h6",
            "PAN-OS 11.1.2-h5",
            "PAN-OS 11.1.2-h4",
            "PAN-OS 11.1.2-h3",
            "PAN-OS 11.1.2-h2",
            "PAN-OS 11.1.2-h1",
            "PAN-OS 11.1.2",
            "PAN-OS 11.1.1-h2",
            "PAN-OS 11.1.1-h1",
            "PAN-OS 11.1.1",
            "PAN-OS 11.1.0-h4",
            "PAN-OS 11.1.0-h3",
            "PAN-OS 11.1.0-h2",
            "PAN-OS 11.1.0-h1",
            "PAN-OS 11.1.0",
            "PAN-OS 10.2.18-h6",
            "PAN-OS 10.2.18-h5",
            "PAN-OS 10.2.18-h1",
            "PAN-OS 10.2.18",
            "PAN-OS 10.2.17",
            "PAN-OS 10.2.16-h7",
            "PAN-OS 10.2.16-h6",
            "PAN-OS 10.2.16-h4",
            "PAN-OS 10.2.16-h1",
            "PAN-OS 10.2.16",
            "PAN-OS 10.2.15",
            "PAN-OS 10.2.14-h1",
            "PAN-OS 10.2.14",
            "PAN-OS 10.2.13-h21",
            "PAN-OS 10.2.13-h18",
            "PAN-OS 10.2.13-h16",
            "PAN-OS 10.2.13-h15",
            "PAN-OS 10.2.13-h10",
            "PAN-OS 10.2.13-h7",
            "PAN-OS 10.2.13-h5",
            "PAN-OS 10.2.13-h4",
            "PAN-OS 10.2.13-h3",
            "PAN-OS 10.2.13-h2",
            "PAN-OS 10.2.13-h1",
            "PAN-OS 10.2.13",
            "PAN-OS 10.2.12-h6",
            "PAN-OS 10.2.12-h5",
            "PAN-OS 10.2.12-h4",
            "PAN-OS 10.2.12-h3",
            "PAN-OS 10.2.12-h2",
            "PAN-OS 10.2.12-h1",
            "PAN-OS 10.2.12",
            "PAN-OS 10.2.11-h13",
            "PAN-OS 10.2.11-h12",
            "PAN-OS 10.2.11-h11",
            "PAN-OS 10.2.11-h10",
            "PAN-OS 10.2.11-h9",
            "PAN-OS 10.2.11-h8",
            "PAN-OS 10.2.11-h7",
            "PAN-OS 10.2.11-h6",
            "PAN-OS 10.2.11-h5",
            "PAN-OS 10.2.11-h4",
            "PAN-OS 10.2.11-h3",
            "PAN-OS 10.2.11-h2",
            "PAN-OS 10.2.11-h1",
            "PAN-OS 10.2.11",
            "PAN-OS 10.2.10-h36",
            "PAN-OS 10.2.10-h31",
            "PAN-OS 10.2.10-h30",
            "PAN-OS 10.2.10-h27",
            "PAN-OS 10.2.10-h26",
            "PAN-OS 10.2.10-h23",
            "PAN-OS 10.2.10-h21",
            "PAN-OS 10.2.10-h18",
            "PAN-OS 10.2.10-h17",
            "PAN-OS 10.2.10-h14",
            "PAN-OS 10.2.10-h13",
            "PAN-OS 10.2.10-h12",
            "PAN-OS 10.2.10-h11",
            "PAN-OS 10.2.10-h10",
            "PAN-OS 10.2.10-h9",
            "PAN-OS 10.2.10-h8",
            "PAN-OS 10.2.10-h7",
            "PAN-OS 10.2.10-h6",
            "PAN-OS 10.2.10-h5",
            "PAN-OS 10.2.10-h4",
            "PAN-OS 10.2.10-h3",
            "PAN-OS 10.2.10-h2",
            "PAN-OS 10.2.10-h1",
            "PAN-OS 10.2.10",
            "PAN-OS 10.2.9-h21",
            "PAN-OS 10.2.9-h20",
            "PAN-OS 10.2.9-h19",
            "PAN-OS 10.2.9-h18",
            "PAN-OS 10.2.9-h17",
            "PAN-OS 10.2.9-h16",
            "PAN-OS 10.2.9-h15",
            "PAN-OS 10.2.9-h14",
            "PAN-OS 10.2.9-h13",
            "PAN-OS 10.2.9-h12",
            "PAN-OS 10.2.9-h11",
            "PAN-OS 10.2.9-h10",
            "PAN-OS 10.2.9-h9",
            "PAN-OS 10.2.9-h8",
            "PAN-OS 10.2.9-h7",
            "PAN-OS 10.2.9-h6",
            "PAN-OS 10.2.9-h5",
            "PAN-OS 10.2.9-h4",
            "PAN-OS 10.2.9-h3",
            "PAN-OS 10.2.9-h2",
            "PAN-OS 10.2.9-h1",
            "PAN-OS 10.2.9",
            "PAN-OS 10.2.8-h21",
            "PAN-OS 10.2.8-h20",
            "PAN-OS 10.2.8-h19",
            "PAN-OS 10.2.8-h18",
            "PAN-OS 10.2.8-h17",
            "PAN-OS 10.2.8-h16",
            "PAN-OS 10.2.8-h15",
            "PAN-OS 10.2.8-h14",
            "PAN-OS 10.2.8-h13",
            "PAN-OS 10.2.8-h12",
            "PAN-OS 10.2.8-h11",
            "PAN-OS 10.2.8-h10",
            "PAN-OS 10.2.8-h9",
            "PAN-OS 10.2.8-h8",
            "PAN-OS 10.2.8-h7",
            "PAN-OS 10.2.8-h6",
            "PAN-OS 10.2.8-h5",
            "PAN-OS 10.2.8-h4",
            "PAN-OS 10.2.8-h3",
            "PAN-OS 10.2.8-h2",
            "PAN-OS 10.2.8-h1",
            "PAN-OS 10.2.8",
            "PAN-OS 10.2.7-h34",
            "PAN-OS 10.2.7-h32",
            "PAN-OS 10.2.7-h24",
            "PAN-OS 10.2.7-h23",
            "PAN-OS 10.2.7-h22",
            "PAN-OS 10.2.7-h21",
            "PAN-OS 10.2.7-h20",
            "PAN-OS 10.2.7-h19",
            "PAN-OS 10.2.7-h18",
            "PAN-OS 10.2.7-h17",
            "PAN-OS 10.2.7-h16",
            "PAN-OS 10.2.7-h15",
            "PAN-OS 10.2.7-h14",
            "PAN-OS 10.2.7-h13",
            "PAN-OS 10.2.7-h12",
            "PAN-OS 10.2.7-h11",
            "PAN-OS 10.2.7-h10",
            "PAN-OS 10.2.7-h9",
            "PAN-OS 10.2.7-h8",
            "PAN-OS 10.2.7-h7",
            "PAN-OS 10.2.7-h6",
            "PAN-OS 10.2.7-h5",
            "PAN-OS 10.2.7-h4",
            "PAN-OS 10.2.7-h3",
            "PAN-OS 10.2.7-h2",
            "PAN-OS 10.2.7-h1",
            "PAN-OS 10.2.7",
            "PAN-OS 10.2.6-h6",
            "PAN-OS 10.2.6-h5",
            "PAN-OS 10.2.6-h4",
            "PAN-OS 10.2.6-h3",
            "PAN-OS 10.2.6-h2",
            "PAN-OS 10.2.6-h1",
            "PAN-OS 10.2.6",
            "PAN-OS 10.2.5-h9",
            "PAN-OS 10.2.5-h8",
            "PAN-OS 10.2.5-h7",
            "PAN-OS 10.2.5-h6",
            "PAN-OS 10.2.5-h5",
            "PAN-OS 10.2.5-h4",
            "PAN-OS 10.2.5-h3",
            "PAN-OS 10.2.5-h2",
            "PAN-OS 10.2.5-h1",
            "PAN-OS 10.2.5",
            "PAN-OS 10.2.4-h32",
            "PAN-OS 10.2.4-h31",
            "PAN-OS 10.2.4-h30",
            "PAN-OS 10.2.4-h29",
            "PAN-OS 10.2.4-h28",
            "PAN-OS 10.2.4-h27",
            "PAN-OS 10.2.4-h26",
            "PAN-OS 10.2.4-h25",
            "PAN-OS 10.2.4-h24",
            "PAN-OS 10.2.4-h23",
            "PAN-OS 10.2.4-h22",
            "PAN-OS 10.2.4-h21",
            "PAN-OS 10.2.4-h20",
            "PAN-OS 10.2.4-h19",
            "PAN-OS 10.2.4-h18",
            "PAN-OS 10.2.4-h17",
            "PAN-OS 10.2.4-h16",
            "PAN-OS 10.2.4-h15",
            "PAN-OS 10.2.4-h14",
            "PAN-OS 10.2.4-h13",
            "PAN-OS 10.2.4-h12",
            "PAN-OS 10.2.4-h11",
            "PAN-OS 10.2.4-h10",
            "PAN-OS 10.2.4-h9",
            "PAN-OS 10.2.4-h8",
            "PAN-OS 10.2.4-h7",
            "PAN-OS 10.2.4-h6",
            "PAN-OS 10.2.4-h5",
            "PAN-OS 10.2.4-h4",
            "PAN-OS 10.2.4-h3",
            "PAN-OS 10.2.4-h2",
            "PAN-OS 10.2.4-h1",
            "PAN-OS 10.2.4",
            "PAN-OS 10.2.3-h14",
            "PAN-OS 10.2.3-h13",
            "PAN-OS 10.2.3-h12",
            "PAN-OS 10.2.3-h11",
            "PAN-OS 10.2.3-h10",
            "PAN-OS 10.2.3-h9",
            "PAN-OS 10.2.3-h8",
            "PAN-OS 10.2.3-h7",
            "PAN-OS 10.2.3-h6",
            "PAN-OS 10.2.3-h5",
            "PAN-OS 10.2.3-h4",
            "PAN-OS 10.2.3-h3",
            "PAN-OS 10.2.3-h2",
            "PAN-OS 10.2.3-h1",
            "PAN-OS 10.2.3",
            "PAN-OS 10.2.2-h6",
            "PAN-OS 10.2.2-h5",
            "PAN-OS 10.2.2-h4",
            "PAN-OS 10.2.2-h3",
            "PAN-OS 10.2.2-h2",
            "PAN-OS 10.2.2-h1",
            "PAN-OS 10.2.2",
            "PAN-OS 10.2.1-h3",
            "PAN-OS 10.2.1-h2",
            "PAN-OS 10.2.1-h1",
            "PAN-OS 10.2.1",
            "PAN-OS 10.2.0-h4",
            "PAN-OS 10.2.0-h3",
            "PAN-OS 10.2.0-h2",
            "PAN-OS 10.2.0-h1",
            "PAN-OS 10.2.0"
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "assignerShortName": "palo_alto",
        "cveId": "CVE-2026-0280",
        "datePublished": "2026-07-09T19:05:24.367Z",
        "dateReserved": "2025-11-03T20:44:39.119Z",
        "dateUpdated": "2026-07-09T19:23:56.125Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0281 (GCVE-0-2026-0281)

    Vulnerability from cvelistv5 – Published: 2026-07-09 19:03 – Updated: 2026-07-09 19:24
    VLAI
    Title
    PAN-OS: Information Disclosure Vulnerability in Management Web Interface
    Summary
    An information disclosure vulnerability in Palo Alto Networks PAN-OS® software enables an unauthenticated attacker with network access to the management web interface to obtain web session tokens. This requires a legitimate user to first click on a malicious link provided by the attacker. The security risk posed by this issue is minimized by restricting access to the management web interface to only trusted internal IP addresses according to our recommended best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . This issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series). Cloud NGFW and Prisma® Access are not impacted by this vulnerability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-524 - Use of Cache Containing Sensitive Information
    Assigner
    References
    Impacted products
    Vendor Product Version
    Palo Alto Networks Cloud NGFW Unaffected: All (custom)
    Create a notification for this product.
    Palo Alto Networks PAN-OS Affected: 12.1.0 , < 12.1.8 (custom)
    Affected: 11.2.0 , < 11.2.13 (custom)
    Affected: 11.1.0 , < 11.1.16 (custom)
    Affected: 10.2.0 , < 10.2.18-h8 (custom)
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.12:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.15:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.14:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Palo Alto Networks Prisma Access Unaffected: All (custom)
    Create a notification for this product.
    Date Public
    2026-07-08 16:00
    Credits
    our internal security research teams
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0281",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T19:24:10.424243Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T19:24:18.136Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Cloud NGFW",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "PAN-OS",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "12.1.8",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "12.1.8",
                  "status": "affected",
                  "version": "12.1.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "11.2.13",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "11.2.13",
                  "status": "affected",
                  "version": "11.2.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "11.1.16",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "11.1.16",
                  "status": "affected",
                  "version": "11.1.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "10.2.18-h8",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.16-h9",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.13-h23",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.10-h39",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.7-h36",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "10.2.18-h8",
                  "status": "affected",
                  "version": "10.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Prisma Access",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "configurations": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "No special configuration is required to be affected by this issue."
                }
              ],
              "value": "No special configuration is required to be affected by this issue."
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "12.1.8",
                      "versionStartIncluding": "12.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.2.13",
                      "versionStartIncluding": "11.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.16",
                      "versionStartIncluding": "11.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionStartIncluding": "10.2.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "our internal security research teams"
            }
          ],
          "datePublic": "2026-07-08T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An information disclosure vulnerability in Palo Alto Networks PAN-OS\u00ae software enables an unauthenticated attacker with network access to the management web interface to obtain web session tokens. This requires a legitimate user to first click on a malicious link provided by the attacker.\u003cbr\u003e\u003cbr\u003eThe security risk posed by this issue is minimized by restricting access to the management web interface to only trusted internal IP addresses according to our recommended \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"\u003ebest practice deployment guidelines\u003c/a\u003e.\u003cbr\u003e\u003cbr\u003eThis issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series).\u003cbr\u003e\u003cbr\u003eCloud NGFW and Prisma\u00ae Access are not impacted by this vulnerability."
                }
              ],
              "value": "An information disclosure vulnerability in Palo Alto Networks PAN-OS\u00ae software enables an unauthenticated attacker with network access to the management web interface to obtain web session tokens. This requires a legitimate user to first click on a malicious link provided by the attacker.\n\nThe security risk posed by this issue is minimized by restricting access to the management web interface to only trusted internal IP addresses according to our recommended  best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .\n\nThis issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series).\n\nCloud NGFW and Prisma\u00ae Access are not impacted by this vulnerability."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
                }
              ],
              "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-141",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-141 Cache Poisoning"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NO",
                "Recovery": "AUTOMATIC",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 2.1,
                "baseSeverity": "LOW",
                "exploitMaturity": "UNREPORTED",
                "privilegesRequired": "NONE",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/AU:N/R:A/V:D/RE:M/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "The risk is highest when you allow access to the management interface from external IP addresses on the internet."
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NO",
                "Recovery": "AUTOMATIC",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 1.7,
                "baseSeverity": "LOW",
                "exploitMaturity": "UNREPORTED",
                "privilegesRequired": "NONE",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/AU:N/R:A/V:D/RE:M/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "You can reduce the risk of exploitation by restricting access to a jump box that is the only system allowed to access the management interface."
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-524",
                  "description": "CWE-524 Use of Cache Containing Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T19:03:44.381Z",
            "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
            "shortName": "palo_alto"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.paloaltonetworks.com/CVE-2026-0281"
            }
          ],
          "solutions": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003ctable\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eVersion\u003c/th\u003e\u003cth\u003eMinor Version Range\u003c/th\u003e\u003cth\u003eSuggested Solution\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eCloud NGFW\u003c/td\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 12.1\u003c/td\u003e\u003ctd\u003e12.1.2 through 12.1.7-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 12.1.8 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 11.2\u003c/td\u003e\u003ctd\u003e11.2.0 through 11.2.12\u003c/td\u003e\u003ctd\u003eUpgrade to 11.2.13 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 11.1\u003c/td\u003e\u003ctd\u003e11.1.0 through 11.1.15-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.16 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 10.2\u003c/td\u003e\u003ctd\u003e10.2.0 through 10.2*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.16, 11.2.13, 12.1.8 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eAll older\u003cbr\u003eunsupported\u003cbr\u003ePAN-OS versions\u003c/td\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003eUpgrade to a supported fixed version.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePrisma Access\u003c/td\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e"
                }
              ],
              "value": "VersionMinor Version RangeSuggested SolutionCloud NGFW\nNo action needed.PAN-OS 12.112.1.2 through 12.1.7-h*Upgrade to 12.1.8 or later.PAN-OS 11.211.2.0 through 11.2.12Upgrade to 11.2.13 or later.PAN-OS 11.111.1.0 through 11.1.15-h*Upgrade to 11.1.16 or later.PAN-OS 10.210.2.0 through 10.2*Upgrade to 11.1.16, 11.2.13, 12.1.8 or later.All older\nunsupported\nPAN-OS versions\nUpgrade to a supported fixed version.Prisma Access\nNo action needed."
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-08T16:00:00.000Z",
              "value": "Initial publication."
            }
          ],
          "title": "PAN-OS: Information Disclosure Vulnerability in Management Web Interface",
          "workarounds": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The vast majority of firewalls already follow Palo Alto Networks\u0027 and industry best practices. However, if you have not already, we strongly recommend that you secure access to your management interface according to our \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"\u003ebest practice deployment guidelines\u003c/a\u003e. Specifically, you should restrict management interface access to only trusted internal IP addresses.\u003cbr\u003e\u003cbr\u003eReview information about how to secure management access to your Palo Alto Networks firewalls:\u003cul\u003e\u003cli\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"\u003ePalo Alto Networks LIVEcommunity article\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices\"\u003ePalo Alto Networks official and detailed technical documentation\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e"
                }
              ],
              "value": "The vast majority of firewalls already follow Palo Alto Networks\u0027 and industry best practices. However, if you have not already, we strongly recommend that you secure access to your management interface according to our best practice deployment guidelines (https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431). Specifically, you should restrict management interface access to only trusted internal IP addresses.\n\nReview information about how to secure management access to your Palo Alto Networks firewalls:\n * Palo Alto Networks LIVEcommunity article (https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431)\n * Palo Alto Networks official and detailed technical documentation (https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices)"
            }
          ],
          "x_affectedList": [
            "PAN-OS 12.1.7",
            "PAN-OS 12.1.6",
            "PAN-OS 12.1.5",
            "PAN-OS 12.1.4-h6",
            "PAN-OS 12.1.4-h5",
            "PAN-OS 12.1.4-h3",
            "PAN-OS 12.1.4-h2",
            "PAN-OS 12.1.4",
            "PAN-OS 12.1.3-h3",
            "PAN-OS 12.1.3-h1",
            "PAN-OS 12.1.3",
            "PAN-OS 12.1.2",
            "PAN-OS 11.2.12",
            "PAN-OS 11.2.11",
            "PAN-OS 11.2.10-h8",
            "PAN-OS 11.2.10-h7",
            "PAN-OS 11.2.10-h6",
            "PAN-OS 11.2.10-h5",
            "PAN-OS 11.2.10-h4",
            "PAN-OS 11.2.10-h3",
            "PAN-OS 11.2.10-h2",
            "PAN-OS 11.2.10-h1",
            "PAN-OS 11.2.10",
            "PAN-OS 11.2.9",
            "PAN-OS 11.2.8",
            "PAN-OS 11.2.7-h15",
            "PAN-OS 11.2.7-h14",
            "PAN-OS 11.2.7-h13",
            "PAN-OS 11.2.7-h12",
            "PAN-OS 11.2.7-h11",
            "PAN-OS 11.2.7-h10",
            "PAN-OS 11.2.7-h8",
            "PAN-OS 11.2.7-h7",
            "PAN-OS 11.2.7-h4",
            "PAN-OS 11.2.7-h3",
            "PAN-OS 11.2.7-h2",
            "PAN-OS 11.2.7-h1",
            "PAN-OS 11.2.7",
            "PAN-OS 11.2.6",
            "PAN-OS 11.2.5",
            "PAN-OS 11.2.4-h17",
            "PAN-OS 11.2.4-h15",
            "PAN-OS 11.2.4-h14",
            "PAN-OS 11.2.4-h12",
            "PAN-OS 11.2.4-h11",
            "PAN-OS 11.2.4-h10",
            "PAN-OS 11.2.4-h9",
            "PAN-OS 11.2.4-h8",
            "PAN-OS 11.2.4-h7",
            "PAN-OS 11.2.4-h6",
            "PAN-OS 11.2.4-h5",
            "PAN-OS 11.2.4-h4",
            "PAN-OS 11.2.4-h3",
            "PAN-OS 11.2.4-h2",
            "PAN-OS 11.2.4-h1",
            "PAN-OS 11.2.4",
            "PAN-OS 11.2.3-h5",
            "PAN-OS 11.2.3-h4",
            "PAN-OS 11.2.3-h3",
            "PAN-OS 11.2.3-h2",
            "PAN-OS 11.2.3-h1",
            "PAN-OS 11.2.3",
            "PAN-OS 11.2.2-h2",
            "PAN-OS 11.2.2-h1",
            "PAN-OS 11.2.1-h1",
            "PAN-OS 11.2.1",
            "PAN-OS 11.2.0-h1",
            "PAN-OS 11.2.0",
            "PAN-OS 11.1.15",
            "PAN-OS 11.1.14",
            "PAN-OS 11.1.13-h6",
            "PAN-OS 11.1.13-h5",
            "PAN-OS 11.1.13-h3",
            "PAN-OS 11.1.13-h2",
            "PAN-OS 11.1.13-h1",
            "PAN-OS 11.1.13",
            "PAN-OS 11.1.12",
            "PAN-OS 11.1.11",
            "PAN-OS 11.1.10-h26",
            "PAN-OS 11.1.10-h25",
            "PAN-OS 11.1.10-h21",
            "PAN-OS 11.1.10-h12",
            "PAN-OS 11.1.10-h10",
            "PAN-OS 11.1.10-h9",
            "PAN-OS 11.1.10-h7",
            "PAN-OS 11.1.10-h5",
            "PAN-OS 11.1.10-h4",
            "PAN-OS 11.1.10-h1",
            "PAN-OS 11.1.10",
            "PAN-OS 11.1.9",
            "PAN-OS 11.1.8",
            "PAN-OS 11.1.6-h32",
            "PAN-OS 11.1.6-h29",
            "PAN-OS 11.1.6-h25",
            "PAN-OS 11.1.6-h23",
            "PAN-OS 11.1.6-h22",
            "PAN-OS 11.1.6-h21",
            "PAN-OS 11.1.6-h20",
            "PAN-OS 11.1.6-h19",
            "PAN-OS 11.1.6-h18",
            "PAN-OS 11.1.6-h17",
            "PAN-OS 11.1.6-h14",
            "PAN-OS 11.1.6-h10",
            "PAN-OS 11.1.6-h7",
            "PAN-OS 11.1.6-h6",
            "PAN-OS 11.1.6-h4",
            "PAN-OS 11.1.6-h3",
            "PAN-OS 11.1.6-h2",
            "PAN-OS 11.1.6-h1",
            "PAN-OS 11.1.6",
            "PAN-OS 11.1.5-h1",
            "PAN-OS 11.1.5",
            "PAN-OS 11.1.4-h33",
            "PAN-OS 11.1.4-h32",
            "PAN-OS 11.1.4-h27",
            "PAN-OS 11.1.4-h25",
            "PAN-OS 11.1.4-h18",
            "PAN-OS 11.1.4-h17",
            "PAN-OS 11.1.4-h15",
            "PAN-OS 11.1.4-h13",
            "PAN-OS 11.1.4-h12",
            "PAN-OS 11.1.4-h11",
            "PAN-OS 11.1.4-h10",
            "PAN-OS 11.1.4-h9",
            "PAN-OS 11.1.4-h8",
            "PAN-OS 11.1.4-h7",
            "PAN-OS 11.1.4-h6",
            "PAN-OS 11.1.4-h5",
            "PAN-OS 11.1.4-h4",
            "PAN-OS 11.1.4-h3",
            "PAN-OS 11.1.4-h2",
            "PAN-OS 11.1.4-h1",
            "PAN-OS 11.1.4",
            "PAN-OS 11.1.3-h13",
            "PAN-OS 11.1.3-h12",
            "PAN-OS 11.1.3-h11",
            "PAN-OS 11.1.3-h10",
            "PAN-OS 11.1.3-h9",
            "PAN-OS 11.1.3-h8",
            "PAN-OS 11.1.3-h7",
            "PAN-OS 11.1.3-h6",
            "PAN-OS 11.1.3-h5",
            "PAN-OS 11.1.3-h4",
            "PAN-OS 11.1.3-h3",
            "PAN-OS 11.1.3-h2",
            "PAN-OS 11.1.3-h1",
            "PAN-OS 11.1.3",
            "PAN-OS 11.1.2-h18",
            "PAN-OS 11.1.2-h17",
            "PAN-OS 11.1.2-h16",
            "PAN-OS 11.1.2-h15",
            "PAN-OS 11.1.2-h14",
            "PAN-OS 11.1.2-h13",
            "PAN-OS 11.1.2-h12",
            "PAN-OS 11.1.2-h11",
            "PAN-OS 11.1.2-h10",
            "PAN-OS 11.1.2-h9",
            "PAN-OS 11.1.2-h8",
            "PAN-OS 11.1.2-h7",
            "PAN-OS 11.1.2-h6",
            "PAN-OS 11.1.2-h5",
            "PAN-OS 11.1.2-h4",
            "PAN-OS 11.1.2-h3",
            "PAN-OS 11.1.2-h2",
            "PAN-OS 11.1.2-h1",
            "PAN-OS 11.1.2",
            "PAN-OS 11.1.1-h2",
            "PAN-OS 11.1.1-h1",
            "PAN-OS 11.1.1",
            "PAN-OS 11.1.0-h4",
            "PAN-OS 11.1.0-h3",
            "PAN-OS 11.1.0-h2",
            "PAN-OS 11.1.0-h1",
            "PAN-OS 11.1.0",
            "PAN-OS 10.2.18-h6",
            "PAN-OS 10.2.18-h5",
            "PAN-OS 10.2.18-h1",
            "PAN-OS 10.2.18",
            "PAN-OS 10.2.17",
            "PAN-OS 10.2.16-h7",
            "PAN-OS 10.2.16-h6",
            "PAN-OS 10.2.16-h4",
            "PAN-OS 10.2.16-h1",
            "PAN-OS 10.2.16",
            "PAN-OS 10.2.15",
            "PAN-OS 10.2.14-h1",
            "PAN-OS 10.2.14",
            "PAN-OS 10.2.13-h21",
            "PAN-OS 10.2.13-h18",
            "PAN-OS 10.2.13-h16",
            "PAN-OS 10.2.13-h15",
            "PAN-OS 10.2.13-h10",
            "PAN-OS 10.2.13-h7",
            "PAN-OS 10.2.13-h5",
            "PAN-OS 10.2.13-h4",
            "PAN-OS 10.2.13-h3",
            "PAN-OS 10.2.13-h2",
            "PAN-OS 10.2.13-h1",
            "PAN-OS 10.2.13",
            "PAN-OS 10.2.12-h6",
            "PAN-OS 10.2.12-h5",
            "PAN-OS 10.2.12-h4",
            "PAN-OS 10.2.12-h3",
            "PAN-OS 10.2.12-h2",
            "PAN-OS 10.2.12-h1",
            "PAN-OS 10.2.12",
            "PAN-OS 10.2.11-h13",
            "PAN-OS 10.2.11-h12",
            "PAN-OS 10.2.11-h11",
            "PAN-OS 10.2.11-h10",
            "PAN-OS 10.2.11-h9",
            "PAN-OS 10.2.11-h8",
            "PAN-OS 10.2.11-h7",
            "PAN-OS 10.2.11-h6",
            "PAN-OS 10.2.11-h5",
            "PAN-OS 10.2.11-h4",
            "PAN-OS 10.2.11-h3",
            "PAN-OS 10.2.11-h2",
            "PAN-OS 10.2.11-h1",
            "PAN-OS 10.2.11",
            "PAN-OS 10.2.10-h36",
            "PAN-OS 10.2.10-h31",
            "PAN-OS 10.2.10-h30",
            "PAN-OS 10.2.10-h27",
            "PAN-OS 10.2.10-h26",
            "PAN-OS 10.2.10-h23",
            "PAN-OS 10.2.10-h21",
            "PAN-OS 10.2.10-h18",
            "PAN-OS 10.2.10-h17",
            "PAN-OS 10.2.10-h14",
            "PAN-OS 10.2.10-h13",
            "PAN-OS 10.2.10-h12",
            "PAN-OS 10.2.10-h11",
            "PAN-OS 10.2.10-h10",
            "PAN-OS 10.2.10-h9",
            "PAN-OS 10.2.10-h8",
            "PAN-OS 10.2.10-h7",
            "PAN-OS 10.2.10-h6",
            "PAN-OS 10.2.10-h5",
            "PAN-OS 10.2.10-h4",
            "PAN-OS 10.2.10-h3",
            "PAN-OS 10.2.10-h2",
            "PAN-OS 10.2.10-h1",
            "PAN-OS 10.2.10",
            "PAN-OS 10.2.9-h21",
            "PAN-OS 10.2.9-h20",
            "PAN-OS 10.2.9-h19",
            "PAN-OS 10.2.9-h18",
            "PAN-OS 10.2.9-h17",
            "PAN-OS 10.2.9-h16",
            "PAN-OS 10.2.9-h15",
            "PAN-OS 10.2.9-h14",
            "PAN-OS 10.2.9-h13",
            "PAN-OS 10.2.9-h12",
            "PAN-OS 10.2.9-h11",
            "PAN-OS 10.2.9-h10",
            "PAN-OS 10.2.9-h9",
            "PAN-OS 10.2.9-h8",
            "PAN-OS 10.2.9-h7",
            "PAN-OS 10.2.9-h6",
            "PAN-OS 10.2.9-h5",
            "PAN-OS 10.2.9-h4",
            "PAN-OS 10.2.9-h3",
            "PAN-OS 10.2.9-h2",
            "PAN-OS 10.2.9-h1",
            "PAN-OS 10.2.9",
            "PAN-OS 10.2.8-h21",
            "PAN-OS 10.2.8-h20",
            "PAN-OS 10.2.8-h19",
            "PAN-OS 10.2.8-h18",
            "PAN-OS 10.2.8-h17",
            "PAN-OS 10.2.8-h16",
            "PAN-OS 10.2.8-h15",
            "PAN-OS 10.2.8-h14",
            "PAN-OS 10.2.8-h13",
            "PAN-OS 10.2.8-h12",
            "PAN-OS 10.2.8-h11",
            "PAN-OS 10.2.8-h10",
            "PAN-OS 10.2.8-h9",
            "PAN-OS 10.2.8-h8",
            "PAN-OS 10.2.8-h7",
            "PAN-OS 10.2.8-h6",
            "PAN-OS 10.2.8-h5",
            "PAN-OS 10.2.8-h4",
            "PAN-OS 10.2.8-h3",
            "PAN-OS 10.2.8-h2",
            "PAN-OS 10.2.8-h1",
            "PAN-OS 10.2.8",
            "PAN-OS 10.2.7-h34",
            "PAN-OS 10.2.7-h32",
            "PAN-OS 10.2.7-h24",
            "PAN-OS 10.2.7-h23",
            "PAN-OS 10.2.7-h22",
            "PAN-OS 10.2.7-h21",
            "PAN-OS 10.2.7-h20",
            "PAN-OS 10.2.7-h19",
            "PAN-OS 10.2.7-h18",
            "PAN-OS 10.2.7-h17",
            "PAN-OS 10.2.7-h16",
            "PAN-OS 10.2.7-h15",
            "PAN-OS 10.2.7-h14",
            "PAN-OS 10.2.7-h13",
            "PAN-OS 10.2.7-h12",
            "PAN-OS 10.2.7-h11",
            "PAN-OS 10.2.7-h10",
            "PAN-OS 10.2.7-h9",
            "PAN-OS 10.2.7-h8",
            "PAN-OS 10.2.7-h7",
            "PAN-OS 10.2.7-h6",
            "PAN-OS 10.2.7-h5",
            "PAN-OS 10.2.7-h4",
            "PAN-OS 10.2.7-h3",
            "PAN-OS 10.2.7-h2",
            "PAN-OS 10.2.7-h1",
            "PAN-OS 10.2.7",
            "PAN-OS 10.2.6-h6",
            "PAN-OS 10.2.6-h5",
            "PAN-OS 10.2.6-h4",
            "PAN-OS 10.2.6-h3",
            "PAN-OS 10.2.6-h2",
            "PAN-OS 10.2.6-h1",
            "PAN-OS 10.2.6",
            "PAN-OS 10.2.5-h9",
            "PAN-OS 10.2.5-h8",
            "PAN-OS 10.2.5-h7",
            "PAN-OS 10.2.5-h6",
            "PAN-OS 10.2.5-h5",
            "PAN-OS 10.2.5-h4",
            "PAN-OS 10.2.5-h3",
            "PAN-OS 10.2.5-h2",
            "PAN-OS 10.2.5-h1",
            "PAN-OS 10.2.5",
            "PAN-OS 10.2.4-h32",
            "PAN-OS 10.2.4-h31",
            "PAN-OS 10.2.4-h30",
            "PAN-OS 10.2.4-h29",
            "PAN-OS 10.2.4-h28",
            "PAN-OS 10.2.4-h27",
            "PAN-OS 10.2.4-h26",
            "PAN-OS 10.2.4-h25",
            "PAN-OS 10.2.4-h24",
            "PAN-OS 10.2.4-h23",
            "PAN-OS 10.2.4-h22",
            "PAN-OS 10.2.4-h21",
            "PAN-OS 10.2.4-h20",
            "PAN-OS 10.2.4-h19",
            "PAN-OS 10.2.4-h18",
            "PAN-OS 10.2.4-h17",
            "PAN-OS 10.2.4-h16",
            "PAN-OS 10.2.4-h15",
            "PAN-OS 10.2.4-h14",
            "PAN-OS 10.2.4-h13",
            "PAN-OS 10.2.4-h12",
            "PAN-OS 10.2.4-h11",
            "PAN-OS 10.2.4-h10",
            "PAN-OS 10.2.4-h9",
            "PAN-OS 10.2.4-h8",
            "PAN-OS 10.2.4-h7",
            "PAN-OS 10.2.4-h6",
            "PAN-OS 10.2.4-h5",
            "PAN-OS 10.2.4-h4",
            "PAN-OS 10.2.4-h3",
            "PAN-OS 10.2.4-h2",
            "PAN-OS 10.2.4-h1",
            "PAN-OS 10.2.4",
            "PAN-OS 10.2.3-h14",
            "PAN-OS 10.2.3-h13",
            "PAN-OS 10.2.3-h12",
            "PAN-OS 10.2.3-h11",
            "PAN-OS 10.2.3-h10",
            "PAN-OS 10.2.3-h9",
            "PAN-OS 10.2.3-h8",
            "PAN-OS 10.2.3-h7",
            "PAN-OS 10.2.3-h6",
            "PAN-OS 10.2.3-h5",
            "PAN-OS 10.2.3-h4",
            "PAN-OS 10.2.3-h3",
            "PAN-OS 10.2.3-h2",
            "PAN-OS 10.2.3-h1",
            "PAN-OS 10.2.3",
            "PAN-OS 10.2.2-h6",
            "PAN-OS 10.2.2-h5",
            "PAN-OS 10.2.2-h4",
            "PAN-OS 10.2.2-h3",
            "PAN-OS 10.2.2-h2",
            "PAN-OS 10.2.2-h1",
            "PAN-OS 10.2.2",
            "PAN-OS 10.2.1-h3",
            "PAN-OS 10.2.1-h2",
            "PAN-OS 10.2.1-h1",
            "PAN-OS 10.2.1",
            "PAN-OS 10.2.0-h4",
            "PAN-OS 10.2.0-h3",
            "PAN-OS 10.2.0-h2",
            "PAN-OS 10.2.0-h1",
            "PAN-OS 10.2.0"
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "assignerShortName": "palo_alto",
        "cveId": "CVE-2026-0281",
        "datePublished": "2026-07-09T19:03:44.381Z",
        "dateReserved": "2025-11-03T20:44:40.071Z",
        "dateUpdated": "2026-07-09T19:24:18.136Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0282 (GCVE-0-2026-0282)

    Vulnerability from cvelistv5 – Published: 2026-07-09 19:02 – Updated: 2026-07-09 19:24
    VLAI
    Title
    PAN-OS: File Deletion Vulnerability in Management Web Interface
    Summary
    A file deletion vulnerability in Palo Alto Networks PAN-OS® software enables an unauthenticated attacker with network access to the management web interface to delete files from a temporary directory. The security risk posed by this issue is minimized by restricting access to the management web interface to only trusted internal IP addresses according to our recommended best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . This issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series). Cloud NGFW and Prisma® Access are not impacted by this vulnerability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    References
    Impacted products
    Vendor Product Version
    Palo Alto Networks Cloud NGFW Unaffected: All (custom)
    Create a notification for this product.
    Palo Alto Networks PAN-OS Affected: 12.1.0 , < 12.1.8 (custom)
    Affected: 11.2.0 , < 11.2.13 (custom)
    Affected: 11.1.0 , < 11.1.16 (custom)
    Affected: 10.2.0 , < 10.2.18-h8 (custom)
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.12:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.15:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.14:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Palo Alto Networks Prisma Access Unaffected: All (custom)
    Create a notification for this product.
    Date Public
    2026-07-08 16:00
    Credits
    our internal security research teams
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0282",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T19:24:34.179840Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T19:24:40.688Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Cloud NGFW",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "PAN-OS",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "12.1.8",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "12.1.8",
                  "status": "affected",
                  "version": "12.1.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "11.2.13",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "11.2.13",
                  "status": "affected",
                  "version": "11.2.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "11.1.16",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "11.1.16",
                  "status": "affected",
                  "version": "11.1.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "10.2.18-h8",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.16-h9",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.13-h23",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.10-h39",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.7-h36",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "10.2.18-h8",
                  "status": "affected",
                  "version": "10.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Prisma Access",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "configurations": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "No special configuration is required to be affected by this issue."
                }
              ],
              "value": "No special configuration is required to be affected by this issue."
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "12.1.8",
                      "versionStartIncluding": "12.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.2.13",
                      "versionStartIncluding": "11.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.16",
                      "versionStartIncluding": "11.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionStartIncluding": "10.2.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "our internal security research teams"
            }
          ],
          "datePublic": "2026-07-08T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A file deletion vulnerability in Palo Alto Networks PAN-OS\u00ae software enables an unauthenticated attacker with network access to the management web interface to delete files from a temporary directory.\u003cbr\u003e\u003cbr\u003eThe security risk posed by this issue is minimized by restricting access to the management web interface to only trusted internal IP addresses according to our recommended \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"\u003ebest practice deployment guidelines\u003c/a\u003e.\u003cbr\u003e\u003cbr\u003eThis issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series).\u003cbr\u003e\u003cbr\u003eCloud NGFW and Prisma\u00ae Access are not impacted by this vulnerability."
                }
              ],
              "value": "A file deletion vulnerability in Palo Alto Networks PAN-OS\u00ae software enables an unauthenticated attacker with network access to the management web interface to delete files from a temporary directory.\n\nThe security risk posed by this issue is minimized by restricting access to the management web interface to only trusted internal IP addresses according to our recommended  best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .\n\nThis issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series).\n\nCloud NGFW and Prisma\u00ae Access are not impacted by this vulnerability."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
                }
              ],
              "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-165",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-165 File Manipulation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NO",
                "Recovery": "USER",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 2.7,
                "baseSeverity": "LOW",
                "exploitMaturity": "UNREPORTED",
                "privilegesRequired": "NONE",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "The risk is highest when you allow access to the management interface from external IP addresses on the internet."
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NO",
                "Recovery": "USER",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 1.2,
                "baseSeverity": "LOW",
                "exploitMaturity": "UNREPORTED",
                "privilegesRequired": "NONE",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "You can reduce the risk of exploitation by restricting management access to a jump box that is the only system allowed to access the management interface."
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T19:02:26.722Z",
            "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
            "shortName": "palo_alto"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.paloaltonetworks.com/CVE-2026-0282"
            }
          ],
          "solutions": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003ctable\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eVersion\u003cbr\u003e\u003c/th\u003e\u003cth\u003eMinor Version Range\u003cbr\u003e\u003c/th\u003e\u003cth\u003eSuggested Solution\u003cbr\u003e\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eCloud NGFW All\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003ePAN-OS 12.1\u003cbr\u003e\u003c/td\u003e\n                                \u003ctd\u003e12.1.0 through 12.1.7-h*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 12.1.8 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003ePAN-OS 11.2\u003cbr\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.2.0 through 11.2.12\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.2.13 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003ePAN-OS 11.1\u003cbr\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.1.0 through 11.1.15-h*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.1.16 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 10.2\u003c/td\u003e\u003ctd\u003e10.2.0 through 10.2*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.16 or 11.2.13 or 12.1.8 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eAll older\u003cbr\u003eunsupported\u003cbr\u003ePAN-OS versions\u003c/td\u003e\u003ctd\u003e\u0026nbsp;\u003c/td\u003e\u003ctd\u003eUpgrade to a supported fixed version.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePrisma Access All\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e"
                }
              ],
              "value": "Version\nMinor Version Range\nSuggested Solution\nCloud NGFW All\nNo action needed.\n                                PAN-OS 12.1\n\n                                12.1.0 through 12.1.7-h*\n                                Upgrade to 12.1.8 or later.\n                            \n                                PAN-OS 11.2\n\n                                11.2.0 through 11.2.12\n                                Upgrade to 11.2.13 or later.\n                            \n                                PAN-OS 11.1\n\n                                11.1.0 through 11.1.15-h*\n                                Upgrade to 11.1.16 or later.\n                            PAN-OS 10.210.2.0 through 10.2*Upgrade to 11.1.16 or 11.2.13 or 12.1.8 or later.All older\nunsupported\nPAN-OS versions\u00a0Upgrade to a supported fixed version.Prisma Access All\nNo action needed."
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-08T16:00:00.000Z",
              "value": "Initial publication"
            }
          ],
          "title": "PAN-OS: File Deletion Vulnerability in Management Web Interface",
          "workarounds": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The vast majority of firewalls already follow Palo Alto Networks\u0027 and industry best practices. However, if you have not already, we strongly recommend that you secure access to your management interface according to our \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"\u003ebest practice deployment guidelines\u003c/a\u003e. Specifically, you should restrict management interface access to only trusted internal IP addresses.\u003cbr\u003e\u003cbr\u003eReview information about how to secure management access to your Palo Alto Networks firewalls:\u003cul\u003e\u003cli\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"\u003ePalo Alto Networks LIVEcommunity article\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices\"\u003ePalo Alto Networks official and detailed technical documentation\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e"
                }
              ],
              "value": "The vast majority of firewalls already follow Palo Alto Networks\u0027 and industry best practices. However, if you have not already, we strongly recommend that you secure access to your management interface according to our  best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . Specifically, you should restrict management interface access to only trusted internal IP addresses.\n\nReview information about how to secure management access to your Palo Alto Networks firewalls:  *   Palo Alto Networks LIVEcommunity article https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 \n  *   Palo Alto Networks official and detailed technical documentation https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices"
            }
          ],
          "x_affectedList": [
            "PAN-OS 12.1.7",
            "PAN-OS 12.1.6",
            "PAN-OS 12.1.5",
            "PAN-OS 12.1.4-h6",
            "PAN-OS 12.1.4-h5",
            "PAN-OS 12.1.4-h3",
            "PAN-OS 12.1.4-h2",
            "PAN-OS 12.1.4",
            "PAN-OS 12.1.3-h3",
            "PAN-OS 12.1.3-h1",
            "PAN-OS 12.1.3",
            "PAN-OS 12.1.2",
            "PAN-OS 11.2.12",
            "PAN-OS 11.2.11",
            "PAN-OS 11.2.10-h8",
            "PAN-OS 11.2.10-h7",
            "PAN-OS 11.2.10-h6",
            "PAN-OS 11.2.10-h5",
            "PAN-OS 11.2.10-h4",
            "PAN-OS 11.2.10-h3",
            "PAN-OS 11.2.10-h2",
            "PAN-OS 11.2.10-h1",
            "PAN-OS 11.2.10",
            "PAN-OS 11.2.9",
            "PAN-OS 11.2.8",
            "PAN-OS 11.2.7-h15",
            "PAN-OS 11.2.7-h14",
            "PAN-OS 11.2.7-h13",
            "PAN-OS 11.2.7-h12",
            "PAN-OS 11.2.7-h11",
            "PAN-OS 11.2.7-h10",
            "PAN-OS 11.2.7-h8",
            "PAN-OS 11.2.7-h7",
            "PAN-OS 11.2.7-h4",
            "PAN-OS 11.2.7-h3",
            "PAN-OS 11.2.7-h2",
            "PAN-OS 11.2.7-h1",
            "PAN-OS 11.2.7",
            "PAN-OS 11.2.6",
            "PAN-OS 11.2.5",
            "PAN-OS 11.2.4-h17",
            "PAN-OS 11.2.4-h15",
            "PAN-OS 11.2.4-h14",
            "PAN-OS 11.2.4-h12",
            "PAN-OS 11.2.4-h11",
            "PAN-OS 11.2.4-h10",
            "PAN-OS 11.2.4-h9",
            "PAN-OS 11.2.4-h8",
            "PAN-OS 11.2.4-h7",
            "PAN-OS 11.2.4-h6",
            "PAN-OS 11.2.4-h5",
            "PAN-OS 11.2.4-h4",
            "PAN-OS 11.2.4-h3",
            "PAN-OS 11.2.4-h2",
            "PAN-OS 11.2.4-h1",
            "PAN-OS 11.2.4",
            "PAN-OS 11.2.3-h5",
            "PAN-OS 11.2.3-h4",
            "PAN-OS 11.2.3-h3",
            "PAN-OS 11.2.3-h2",
            "PAN-OS 11.2.3-h1",
            "PAN-OS 11.2.3",
            "PAN-OS 11.2.2-h2",
            "PAN-OS 11.2.2-h1",
            "PAN-OS 11.2.1-h1",
            "PAN-OS 11.2.1",
            "PAN-OS 11.2.0-h1",
            "PAN-OS 11.2.0",
            "PAN-OS 11.1.15",
            "PAN-OS 11.1.14",
            "PAN-OS 11.1.13-h6",
            "PAN-OS 11.1.13-h5",
            "PAN-OS 11.1.13-h3",
            "PAN-OS 11.1.13-h2",
            "PAN-OS 11.1.13-h1",
            "PAN-OS 11.1.13",
            "PAN-OS 11.1.12",
            "PAN-OS 11.1.11",
            "PAN-OS 11.1.10-h26",
            "PAN-OS 11.1.10-h25",
            "PAN-OS 11.1.10-h21",
            "PAN-OS 11.1.10-h12",
            "PAN-OS 11.1.10-h10",
            "PAN-OS 11.1.10-h9",
            "PAN-OS 11.1.10-h7",
            "PAN-OS 11.1.10-h5",
            "PAN-OS 11.1.10-h4",
            "PAN-OS 11.1.10-h1",
            "PAN-OS 11.1.10",
            "PAN-OS 11.1.9",
            "PAN-OS 11.1.8",
            "PAN-OS 11.1.6-h32",
            "PAN-OS 11.1.6-h29",
            "PAN-OS 11.1.6-h25",
            "PAN-OS 11.1.6-h23",
            "PAN-OS 11.1.6-h22",
            "PAN-OS 11.1.6-h21",
            "PAN-OS 11.1.6-h20",
            "PAN-OS 11.1.6-h19",
            "PAN-OS 11.1.6-h18",
            "PAN-OS 11.1.6-h17",
            "PAN-OS 11.1.6-h14",
            "PAN-OS 11.1.6-h10",
            "PAN-OS 11.1.6-h7",
            "PAN-OS 11.1.6-h6",
            "PAN-OS 11.1.6-h4",
            "PAN-OS 11.1.6-h3",
            "PAN-OS 11.1.6-h2",
            "PAN-OS 11.1.6-h1",
            "PAN-OS 11.1.6",
            "PAN-OS 11.1.5-h1",
            "PAN-OS 11.1.5",
            "PAN-OS 11.1.4-h33",
            "PAN-OS 11.1.4-h32",
            "PAN-OS 11.1.4-h27",
            "PAN-OS 11.1.4-h25",
            "PAN-OS 11.1.4-h18",
            "PAN-OS 11.1.4-h17",
            "PAN-OS 11.1.4-h15",
            "PAN-OS 11.1.4-h13",
            "PAN-OS 11.1.4-h12",
            "PAN-OS 11.1.4-h11",
            "PAN-OS 11.1.4-h10",
            "PAN-OS 11.1.4-h9",
            "PAN-OS 11.1.4-h8",
            "PAN-OS 11.1.4-h7",
            "PAN-OS 11.1.4-h6",
            "PAN-OS 11.1.4-h5",
            "PAN-OS 11.1.4-h4",
            "PAN-OS 11.1.4-h3",
            "PAN-OS 11.1.4-h2",
            "PAN-OS 11.1.4-h1",
            "PAN-OS 11.1.4",
            "PAN-OS 11.1.3-h13",
            "PAN-OS 11.1.3-h12",
            "PAN-OS 11.1.3-h11",
            "PAN-OS 11.1.3-h10",
            "PAN-OS 11.1.3-h9",
            "PAN-OS 11.1.3-h8",
            "PAN-OS 11.1.3-h7",
            "PAN-OS 11.1.3-h6",
            "PAN-OS 11.1.3-h5",
            "PAN-OS 11.1.3-h4",
            "PAN-OS 11.1.3-h3",
            "PAN-OS 11.1.3-h2",
            "PAN-OS 11.1.3-h1",
            "PAN-OS 11.1.3",
            "PAN-OS 11.1.2-h18",
            "PAN-OS 11.1.2-h17",
            "PAN-OS 11.1.2-h16",
            "PAN-OS 11.1.2-h15",
            "PAN-OS 11.1.2-h14",
            "PAN-OS 11.1.2-h13",
            "PAN-OS 11.1.2-h12",
            "PAN-OS 11.1.2-h11",
            "PAN-OS 11.1.2-h10",
            "PAN-OS 11.1.2-h9",
            "PAN-OS 11.1.2-h8",
            "PAN-OS 11.1.2-h7",
            "PAN-OS 11.1.2-h6",
            "PAN-OS 11.1.2-h5",
            "PAN-OS 11.1.2-h4",
            "PAN-OS 11.1.2-h3",
            "PAN-OS 11.1.2-h2",
            "PAN-OS 11.1.2-h1",
            "PAN-OS 11.1.2",
            "PAN-OS 11.1.1-h2",
            "PAN-OS 11.1.1-h1",
            "PAN-OS 11.1.1",
            "PAN-OS 11.1.0-h4",
            "PAN-OS 11.1.0-h3",
            "PAN-OS 11.1.0-h2",
            "PAN-OS 11.1.0-h1",
            "PAN-OS 11.1.0",
            "PAN-OS 10.2.18-h6",
            "PAN-OS 10.2.18-h5",
            "PAN-OS 10.2.18-h1",
            "PAN-OS 10.2.18",
            "PAN-OS 10.2.17",
            "PAN-OS 10.2.16-h7",
            "PAN-OS 10.2.16-h6",
            "PAN-OS 10.2.16-h4",
            "PAN-OS 10.2.16-h1",
            "PAN-OS 10.2.16",
            "PAN-OS 10.2.15",
            "PAN-OS 10.2.14-h1",
            "PAN-OS 10.2.14",
            "PAN-OS 10.2.13-h21",
            "PAN-OS 10.2.13-h18",
            "PAN-OS 10.2.13-h16",
            "PAN-OS 10.2.13-h15",
            "PAN-OS 10.2.13-h10",
            "PAN-OS 10.2.13-h7",
            "PAN-OS 10.2.13-h5",
            "PAN-OS 10.2.13-h4",
            "PAN-OS 10.2.13-h3",
            "PAN-OS 10.2.13-h2",
            "PAN-OS 10.2.13-h1",
            "PAN-OS 10.2.13",
            "PAN-OS 10.2.12-h6",
            "PAN-OS 10.2.12-h5",
            "PAN-OS 10.2.12-h4",
            "PAN-OS 10.2.12-h3",
            "PAN-OS 10.2.12-h2",
            "PAN-OS 10.2.12-h1",
            "PAN-OS 10.2.12",
            "PAN-OS 10.2.11-h13",
            "PAN-OS 10.2.11-h12",
            "PAN-OS 10.2.11-h11",
            "PAN-OS 10.2.11-h10",
            "PAN-OS 10.2.11-h9",
            "PAN-OS 10.2.11-h8",
            "PAN-OS 10.2.11-h7",
            "PAN-OS 10.2.11-h6",
            "PAN-OS 10.2.11-h5",
            "PAN-OS 10.2.11-h4",
            "PAN-OS 10.2.11-h3",
            "PAN-OS 10.2.11-h2",
            "PAN-OS 10.2.11-h1",
            "PAN-OS 10.2.11",
            "PAN-OS 10.2.10-h36",
            "PAN-OS 10.2.10-h31",
            "PAN-OS 10.2.10-h30",
            "PAN-OS 10.2.10-h27",
            "PAN-OS 10.2.10-h26",
            "PAN-OS 10.2.10-h23",
            "PAN-OS 10.2.10-h21",
            "PAN-OS 10.2.10-h18",
            "PAN-OS 10.2.10-h17",
            "PAN-OS 10.2.10-h14",
            "PAN-OS 10.2.10-h13",
            "PAN-OS 10.2.10-h12",
            "PAN-OS 10.2.10-h11",
            "PAN-OS 10.2.10-h10",
            "PAN-OS 10.2.10-h9",
            "PAN-OS 10.2.10-h8",
            "PAN-OS 10.2.10-h7",
            "PAN-OS 10.2.10-h6",
            "PAN-OS 10.2.10-h5",
            "PAN-OS 10.2.10-h4",
            "PAN-OS 10.2.10-h3",
            "PAN-OS 10.2.10-h2",
            "PAN-OS 10.2.10-h1",
            "PAN-OS 10.2.10",
            "PAN-OS 10.2.9-h21",
            "PAN-OS 10.2.9-h20",
            "PAN-OS 10.2.9-h19",
            "PAN-OS 10.2.9-h18",
            "PAN-OS 10.2.9-h17",
            "PAN-OS 10.2.9-h16",
            "PAN-OS 10.2.9-h15",
            "PAN-OS 10.2.9-h14",
            "PAN-OS 10.2.9-h13",
            "PAN-OS 10.2.9-h12",
            "PAN-OS 10.2.9-h11",
            "PAN-OS 10.2.9-h10",
            "PAN-OS 10.2.9-h9",
            "PAN-OS 10.2.9-h8",
            "PAN-OS 10.2.9-h7",
            "PAN-OS 10.2.9-h6",
            "PAN-OS 10.2.9-h5",
            "PAN-OS 10.2.9-h4",
            "PAN-OS 10.2.9-h3",
            "PAN-OS 10.2.9-h2",
            "PAN-OS 10.2.9-h1",
            "PAN-OS 10.2.9",
            "PAN-OS 10.2.8-h21",
            "PAN-OS 10.2.8-h20",
            "PAN-OS 10.2.8-h19",
            "PAN-OS 10.2.8-h18",
            "PAN-OS 10.2.8-h17",
            "PAN-OS 10.2.8-h16",
            "PAN-OS 10.2.8-h15",
            "PAN-OS 10.2.8-h14",
            "PAN-OS 10.2.8-h13",
            "PAN-OS 10.2.8-h12",
            "PAN-OS 10.2.8-h11",
            "PAN-OS 10.2.8-h10",
            "PAN-OS 10.2.8-h9",
            "PAN-OS 10.2.8-h8",
            "PAN-OS 10.2.8-h7",
            "PAN-OS 10.2.8-h6",
            "PAN-OS 10.2.8-h5",
            "PAN-OS 10.2.8-h4",
            "PAN-OS 10.2.8-h3",
            "PAN-OS 10.2.8-h2",
            "PAN-OS 10.2.8-h1",
            "PAN-OS 10.2.8",
            "PAN-OS 10.2.7-h34",
            "PAN-OS 10.2.7-h32",
            "PAN-OS 10.2.7-h24",
            "PAN-OS 10.2.7-h23",
            "PAN-OS 10.2.7-h22",
            "PAN-OS 10.2.7-h21",
            "PAN-OS 10.2.7-h20",
            "PAN-OS 10.2.7-h19",
            "PAN-OS 10.2.7-h18",
            "PAN-OS 10.2.7-h17",
            "PAN-OS 10.2.7-h16",
            "PAN-OS 10.2.7-h15",
            "PAN-OS 10.2.7-h14",
            "PAN-OS 10.2.7-h13",
            "PAN-OS 10.2.7-h12",
            "PAN-OS 10.2.7-h11",
            "PAN-OS 10.2.7-h10",
            "PAN-OS 10.2.7-h9",
            "PAN-OS 10.2.7-h8",
            "PAN-OS 10.2.7-h7",
            "PAN-OS 10.2.7-h6",
            "PAN-OS 10.2.7-h5",
            "PAN-OS 10.2.7-h4",
            "PAN-OS 10.2.7-h3",
            "PAN-OS 10.2.7-h2",
            "PAN-OS 10.2.7-h1",
            "PAN-OS 10.2.7",
            "PAN-OS 10.2.6-h6",
            "PAN-OS 10.2.6-h5",
            "PAN-OS 10.2.6-h4",
            "PAN-OS 10.2.6-h3",
            "PAN-OS 10.2.6-h2",
            "PAN-OS 10.2.6-h1",
            "PAN-OS 10.2.6",
            "PAN-OS 10.2.5-h9",
            "PAN-OS 10.2.5-h8",
            "PAN-OS 10.2.5-h7",
            "PAN-OS 10.2.5-h6",
            "PAN-OS 10.2.5-h5",
            "PAN-OS 10.2.5-h4",
            "PAN-OS 10.2.5-h3",
            "PAN-OS 10.2.5-h2",
            "PAN-OS 10.2.5-h1",
            "PAN-OS 10.2.5",
            "PAN-OS 10.2.4-h32",
            "PAN-OS 10.2.4-h31",
            "PAN-OS 10.2.4-h30",
            "PAN-OS 10.2.4-h29",
            "PAN-OS 10.2.4-h28",
            "PAN-OS 10.2.4-h27",
            "PAN-OS 10.2.4-h26",
            "PAN-OS 10.2.4-h25",
            "PAN-OS 10.2.4-h24",
            "PAN-OS 10.2.4-h23",
            "PAN-OS 10.2.4-h22",
            "PAN-OS 10.2.4-h21",
            "PAN-OS 10.2.4-h20",
            "PAN-OS 10.2.4-h19",
            "PAN-OS 10.2.4-h18",
            "PAN-OS 10.2.4-h17",
            "PAN-OS 10.2.4-h16",
            "PAN-OS 10.2.4-h15",
            "PAN-OS 10.2.4-h14",
            "PAN-OS 10.2.4-h13",
            "PAN-OS 10.2.4-h12",
            "PAN-OS 10.2.4-h11",
            "PAN-OS 10.2.4-h10",
            "PAN-OS 10.2.4-h9",
            "PAN-OS 10.2.4-h8",
            "PAN-OS 10.2.4-h7",
            "PAN-OS 10.2.4-h6",
            "PAN-OS 10.2.4-h5",
            "PAN-OS 10.2.4-h4",
            "PAN-OS 10.2.4-h3",
            "PAN-OS 10.2.4-h2",
            "PAN-OS 10.2.4-h1",
            "PAN-OS 10.2.4",
            "PAN-OS 10.2.3-h14",
            "PAN-OS 10.2.3-h13",
            "PAN-OS 10.2.3-h12",
            "PAN-OS 10.2.3-h11",
            "PAN-OS 10.2.3-h10",
            "PAN-OS 10.2.3-h9",
            "PAN-OS 10.2.3-h8",
            "PAN-OS 10.2.3-h7",
            "PAN-OS 10.2.3-h6",
            "PAN-OS 10.2.3-h5",
            "PAN-OS 10.2.3-h4",
            "PAN-OS 10.2.3-h3",
            "PAN-OS 10.2.3-h2",
            "PAN-OS 10.2.3-h1",
            "PAN-OS 10.2.3",
            "PAN-OS 10.2.2-h6",
            "PAN-OS 10.2.2-h5",
            "PAN-OS 10.2.2-h4",
            "PAN-OS 10.2.2-h3",
            "PAN-OS 10.2.2-h2",
            "PAN-OS 10.2.2-h1",
            "PAN-OS 10.2.2",
            "PAN-OS 10.2.1-h3",
            "PAN-OS 10.2.1-h2",
            "PAN-OS 10.2.1-h1",
            "PAN-OS 10.2.1",
            "PAN-OS 10.2.0-h4",
            "PAN-OS 10.2.0-h3",
            "PAN-OS 10.2.0-h2",
            "PAN-OS 10.2.0-h1",
            "PAN-OS 10.2.0"
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "assignerShortName": "palo_alto",
        "cveId": "CVE-2026-0282",
        "datePublished": "2026-07-09T19:02:26.722Z",
        "dateReserved": "2025-11-03T20:44:41.184Z",
        "dateUpdated": "2026-07-09T19:24:40.688Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0283 (GCVE-0-2026-0283)

    Vulnerability from cvelistv5 – Published: 2026-07-09 19:01 – Updated: 2026-07-09 19:25
    VLAI
    Title
    PAN-OS: Authentication Bypass Vulnerability in Large Scale VPN (LSVPN)
    Summary
    An authentication bypass vulnerability in Large Scale VPN ( LSVPN) functionality of Palo Alto Networks PAN-OS software allows an attacker with network access to bypass security restrictions and establish an unauthorized site-to-site VPN connection. Panorama, Cloud NGFW, and Prisma® Access are not impacted by this vulnerability.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    References
    Impacted products
    Vendor Product Version
    Palo Alto Networks Cloud NGFW Unaffected: All (custom)
    Create a notification for this product.
    Palo Alto Networks PAN-OS Affected: 12.1.0 , < 12.1.8 (custom)
    Affected: 11.2.0 , < 11.2.13 (custom)
    Affected: 11.1.0 , < 11.1.16 (custom)
    Affected: 10.2.0 , < 10.2.18-h8 (custom)
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.12:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h16:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h13:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.15:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.14:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h28:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h27:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h26:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h25:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h34:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h33:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h32:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h29:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h25:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h23:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h22:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h20:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h19:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h34:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h33:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h32:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h27:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h25:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h13:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h22:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h16:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h37:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h36:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h31:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h30:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h27:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h26:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h23:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h13:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h35:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h34:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h32:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h24:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h23:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h22:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h20:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h19:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h16:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h13:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Palo Alto Networks Prisma Access Unaffected: All (custom)
    Create a notification for this product.
    Date Public
    2026-07-08 16:00
    Credits
    Vaibhav Nagar (internal reporter) and our internal security research teams
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0283",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T19:24:57.850143Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T19:25:07.889Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Cloud NGFW",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h16:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h13:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h28:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h27:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h26:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h25:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h34:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h33:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h32:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h29:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h25:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h23:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h22:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h20:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h19:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h34:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h33:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h32:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h27:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h25:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h13:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h22:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h16:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h37:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h36:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h31:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h30:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h27:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h26:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h23:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h13:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h35:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h34:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h32:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h24:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h23:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h22:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h20:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h19:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h16:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h13:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "PAN-OS",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "12.1.8",
                      "status": "unaffected"
                    },
                    {
                      "at": "12.1.7-h2",
                      "status": "unaffected"
                    },
                    {
                      "at": "12.1.4-h8",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "12.1.8",
                  "status": "affected",
                  "version": "12.1.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "11.2.13",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.2.10-h12",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.2.7-h18",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.2.4-h20",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "11.2.13",
                  "status": "affected",
                  "version": "11.2.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "11.1.16",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.13-h9",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.10-h30",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.7-h8",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.6-h35",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.4-h35",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "11.1.16",
                  "status": "affected",
                  "version": "11.1.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "10.2.18-h8",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.16-h9",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.13-h23",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.10-h39",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.7-h36",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "10.2.18-h8",
                  "status": "affected",
                  "version": "10.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Prisma Access",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "configurations": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eThis issue is applicable only to firewalls using Large Scale VPN (LSVPN) with configured satellites.\u003cbr\u003e\u003c/p\u003e\u003cp\u003eTo check if your firewall has LSVPN satellites configured, run the following from the PAN-OS CLI:\u003cbr\u003e\u003c/p\u003eshow config running | match satellite\u003cp\u003eIf output is returned, LSVPN is in use.\u003c/p\u003e\u003cp\u003eYou can also verify in the web interface by navigating to\u0026nbsp;\u003cb\u003eNetwork\u003c/b\u003e\u003cb\u003e \u0026gt; \u003c/b\u003e\u003cb\u003eGlobalProtect\u003c/b\u003e\u003cb\u003e \u0026gt; \u003c/b\u003e\u003cb\u003ePortals\u003c/b\u003e, selecting each portal, and checking whether the Satellite tab contains any\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/ngfw/administration/large-scale-vpn-lsvpn/configure-the-globalprotect-portal-for-lsvpn/define-the-satellite-configurations\"\u003econfigured satellites\u003c/a\u003e.\u003c/p\u003e"
                }
              ],
              "value": "This issue is applicable only to firewalls using Large Scale VPN (LSVPN) with configured satellites.\n\n\n\n\nTo check if your firewall has LSVPN satellites configured, run the following from the PAN-OS CLI:\n\n\nshow config running | match satellite\n\nIf output is returned, LSVPN is in use.\n\n\n\nYou can also verify in the web interface by navigating to\u00a0Network \u003e GlobalProtect \u003e Portals, selecting each portal, and checking whether the Satellite tab contains any\u00a0 configured satellites https://docs.paloaltonetworks.com/ngfw/administration/large-scale-vpn-lsvpn/configure-the-globalprotect-portal-for-lsvpn/define-the-satellite-configurations ."
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "12.1.8",
                      "versionStartIncluding": "12.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "12.1.7-h2",
                      "versionStartIncluding": "12.1.7",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "12.1.4-h8",
                      "versionStartIncluding": "12.1.4",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.2.13",
                      "versionStartIncluding": "11.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.2.10-h12",
                      "versionStartIncluding": "11.2.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.2.7-h18",
                      "versionStartIncluding": "11.2.7",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.2.4-h20",
                      "versionStartIncluding": "11.2.4",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.16",
                      "versionStartIncluding": "11.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.13-h9",
                      "versionStartIncluding": "11.1.13",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.10-h30",
                      "versionStartIncluding": "11.1.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.7-h8",
                      "versionStartIncluding": "11.1.7",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.6-h35",
                      "versionStartIncluding": "11.1.6",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.4-h35",
                      "versionStartIncluding": "11.1.4",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.18-h8",
                      "versionStartIncluding": "10.2.18",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.16-h9",
                      "versionStartIncluding": "10.2.16",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.13-h23",
                      "versionStartIncluding": "10.2.13",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.10-h39",
                      "versionStartIncluding": "10.2.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.7-h36",
                      "versionStartIncluding": "10.2.7",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Vaibhav Nagar (internal reporter)  and our internal security research teams"
            }
          ],
          "datePublic": "2026-07-08T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An authentication bypass vulnerability in Large Scale VPN ( LSVPN) functionality of Palo Alto Networks PAN-OS software allows an attacker with network access to bypass security restrictions and establish an unauthorized site-to-site VPN connection.\u003cbr\u003e\u003cbr\u003ePanorama, Cloud NGFW, and Prisma\u00ae Access are not impacted by this vulnerability."
                }
              ],
              "value": "An authentication bypass vulnerability in Large Scale VPN ( LSVPN) functionality of Palo Alto Networks PAN-OS software allows an attacker with network access to bypass security restrictions and establish an unauthorized site-to-site VPN connection.\n\nPanorama, Cloud NGFW, and Prisma\u00ae Access are not impacted by this vulnerability."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
                }
              ],
              "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-115",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-115 Authentication Bypass"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NO",
                "Recovery": "USER",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 4.5,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "UNREPORTED",
                "privilegesRequired": "NONE",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "LOW",
                "userInteraction": "NONE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:H/SI:L/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "The risk is highest when you allow access to the management interface from external IP addresses on the internet."
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306 Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T19:01:34.210Z",
            "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
            "shortName": "palo_alto"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.paloaltonetworks.com/CVE-2026-0283"
            }
          ],
          "solutions": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003ctable\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eVersion\u003cbr\u003e\u003c/th\u003e\u003cth\u003eMinor Version\u003cbr\u003e\u003c/th\u003e\u003cth\u003eSuggested Solution\u003cbr\u003e\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eCloud NGFW All\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003ePAN-OS 12.1\u003cbr\u003e\u003c/td\u003e\n                                \u003ctd\u003e12.1.5 through 12.1.7-h*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 12.1.7-h2 or 12.1.8 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e12.1.2 through 12.1.4-h*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 12.1.4-h8 or 12.1.8 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003ePAN-OS 11.2\u003cbr\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.2.11 through 11.2.12\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.2.13 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.2.8 through 11.2.10-h*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.2.10-h12 or 11.2.13 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.2.5 through 11.2.7-h*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.2.7-h18 or 11.2.13 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.2.0 through 11.2.4-h*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.2.4-h20 or 11.2.13 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003ePAN-OS 11.1\u003cbr\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.1.14 through 11.1.15\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.1.16 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.1.11 through 11.1.13-h*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.1.13-h9 or 11.1.16 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.1.8 through 11.1.10-h*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.1.10-h30 or 11.1.16 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.1.7 through 11.1.7-h*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.1.7-h8 or 11.1.16 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.1.5 through 11.1.6-h*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.1.6-h35 or 11.1.16 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.1.0 through 11.1.4-h*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.1.4-h35 or 11.1.16 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003ePAN-OS 10.2\u003cbr\u003e\u003c/td\u003e\n                                \u003ctd\u003e10.2.17 through 10.2.18-h*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 10.2.18-h8 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e10.2.14 through 10.2.16-h*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 10.2.16-h9 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e10.2.11 through 10.2.13-h*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 10.2.13-h23 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e10.2.8 through 10.2.10-h*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 10.2.10-h39 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e10.2.0 through 10.2.7-h*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 10.2.7-h36 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eAll older\u003cbr\u003eunsupported\u003cbr\u003ePAN-OS versions\u003c/td\u003e\u003ctd\u003e\u0026nbsp;\u003c/td\u003e\u003ctd\u003eUpgrade to a supported fixed version.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePrisma Access All\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e"
                }
              ],
              "value": "Version\nMinor Version\nSuggested Solution\nCloud NGFW All\nNo action needed.\n                                PAN-OS 12.1\n\n                                12.1.5 through 12.1.7-h*\n                                Upgrade to 12.1.7-h2 or 12.1.8 or later.\n                            \n                                \n                                12.1.2 through 12.1.4-h*\n                                Upgrade to 12.1.4-h8 or 12.1.8 or later.\n                            \n                                PAN-OS 11.2\n\n                                11.2.11 through 11.2.12\n                                Upgrade to 11.2.13 or later.\n                            \n                                \n                                11.2.8 through 11.2.10-h*\n                                Upgrade to 11.2.10-h12 or 11.2.13 or later.\n                            \n                                \n                                11.2.5 through 11.2.7-h*\n                                Upgrade to 11.2.7-h18 or 11.2.13 or later.\n                            \n                                \n                                11.2.0 through 11.2.4-h*\n                                Upgrade to 11.2.4-h20 or 11.2.13 or later.\n                            \n                                PAN-OS 11.1\n\n                                11.1.14 through 11.1.15\n                                Upgrade to 11.1.16 or later.\n                            \n                                \n                                11.1.11 through 11.1.13-h*\n                                Upgrade to 11.1.13-h9 or 11.1.16 or later.\n                            \n                                \n                                11.1.8 through 11.1.10-h*\n                                Upgrade to 11.1.10-h30 or 11.1.16 or later.\n                            \n                                \n                                11.1.7 through 11.1.7-h*\n                                Upgrade to 11.1.7-h8 or 11.1.16 or later.\n                            \n                                \n                                11.1.5 through 11.1.6-h*\n                                Upgrade to 11.1.6-h35 or 11.1.16 or later.\n                            \n                                \n                                11.1.0 through 11.1.4-h*\n                                Upgrade to 11.1.4-h35 or 11.1.16 or later.\n                            \n                                PAN-OS 10.2\n\n                                10.2.17 through 10.2.18-h*\n                                Upgrade to 10.2.18-h8 or later.\n                            \n                                \n                                10.2.14 through 10.2.16-h*\n                                Upgrade to 10.2.16-h9 or later.\n                            \n                                \n                                10.2.11 through 10.2.13-h*\n                                Upgrade to 10.2.13-h23 or later.\n                            \n                                \n                                10.2.8 through 10.2.10-h*\n                                Upgrade to 10.2.10-h39 or later.\n                            \n                                \n                                10.2.0 through 10.2.7-h*\n                                Upgrade to 10.2.7-h36 or later.\n                            All older\nunsupported\nPAN-OS versions\u00a0Upgrade to a supported fixed version.Prisma Access All\nNo action needed."
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-08T16:00:00.000Z",
              "value": "Initial publication"
            }
          ],
          "title": "PAN-OS: Authentication Bypass Vulnerability in Large Scale VPN (LSVPN)",
          "workarounds": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eCustomers with a Threat Prevention subscription are provided with limited coverage against this vulnerability when enabling Threat ID 510032 (from Applications and Threats content version\u0026nbsp;9122-10145 and later).\u0026nbsp;\u003cbr\u003e\u003cbr\u003eTo ensure the Threat ID provides effective protection against this vulnerability, ensure that \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/globalprotect-articles/applying-vulnerability-protection-to-globalprotect-interfaces/ta-p/340184\"\u003evulnerability protection security profile is applied to your GlobalProtect interface\u003c/a\u003e.\u003c/p\u003e"
                }
              ],
              "value": "Customers with a Threat Prevention subscription are provided with limited coverage against this vulnerability when enabling Threat ID 510032 (from Applications and Threats content version\u00a09122-10145 and later).\u00a0\n\nTo ensure the Threat ID provides effective protection against this vulnerability, ensure that  vulnerability protection security profile is applied to your GlobalProtect interface https://live.paloaltonetworks.com/t5/globalprotect-articles/applying-vulnerability-protection-to-globalprotect-interfaces/ta-p/340184 ."
            }
          ],
          "x_affectedList": [
            "PAN-OS 12.1.7-h1",
            "PAN-OS 12.1.7",
            "PAN-OS 12.1.6",
            "PAN-OS 12.1.5",
            "PAN-OS 12.1.4-h7",
            "PAN-OS 12.1.4-h6",
            "PAN-OS 12.1.4-h5",
            "PAN-OS 12.1.4-h3",
            "PAN-OS 12.1.4-h2",
            "PAN-OS 12.1.4",
            "PAN-OS 12.1.3-h3",
            "PAN-OS 12.1.3-h1",
            "PAN-OS 12.1.3",
            "PAN-OS 12.1.2",
            "PAN-OS 11.2.12",
            "PAN-OS 11.2.11",
            "PAN-OS 11.2.10-h10",
            "PAN-OS 11.2.10-h9",
            "PAN-OS 11.2.10-h8",
            "PAN-OS 11.2.10-h7",
            "PAN-OS 11.2.10-h6",
            "PAN-OS 11.2.10-h5",
            "PAN-OS 11.2.10-h4",
            "PAN-OS 11.2.10-h3",
            "PAN-OS 11.2.10-h2",
            "PAN-OS 11.2.10-h1",
            "PAN-OS 11.2.10",
            "PAN-OS 11.2.9",
            "PAN-OS 11.2.8",
            "PAN-OS 11.2.7-h17",
            "PAN-OS 11.2.7-h16",
            "PAN-OS 11.2.7-h15",
            "PAN-OS 11.2.7-h14",
            "PAN-OS 11.2.7-h13",
            "PAN-OS 11.2.7-h12",
            "PAN-OS 11.2.7-h11",
            "PAN-OS 11.2.7-h10",
            "PAN-OS 11.2.7-h8",
            "PAN-OS 11.2.7-h7",
            "PAN-OS 11.2.7-h4",
            "PAN-OS 11.2.7-h3",
            "PAN-OS 11.2.7-h2",
            "PAN-OS 11.2.7-h1",
            "PAN-OS 11.2.7",
            "PAN-OS 11.2.6",
            "PAN-OS 11.2.5",
            "PAN-OS 11.2.4-h18",
            "PAN-OS 11.2.4-h17",
            "PAN-OS 11.2.4-h15",
            "PAN-OS 11.2.4-h14",
            "PAN-OS 11.2.4-h12",
            "PAN-OS 11.2.4-h11",
            "PAN-OS 11.2.4-h10",
            "PAN-OS 11.2.4-h9",
            "PAN-OS 11.2.4-h8",
            "PAN-OS 11.2.4-h7",
            "PAN-OS 11.2.4-h6",
            "PAN-OS 11.2.4-h5",
            "PAN-OS 11.2.4-h4",
            "PAN-OS 11.2.4-h3",
            "PAN-OS 11.2.4-h2",
            "PAN-OS 11.2.4-h1",
            "PAN-OS 11.2.4",
            "PAN-OS 11.2.3-h5",
            "PAN-OS 11.2.3-h4",
            "PAN-OS 11.2.3-h3",
            "PAN-OS 11.2.3-h2",
            "PAN-OS 11.2.3-h1",
            "PAN-OS 11.2.3",
            "PAN-OS 11.2.2-h2",
            "PAN-OS 11.2.2-h1",
            "PAN-OS 11.2.1-h1",
            "PAN-OS 11.2.1",
            "PAN-OS 11.2.0-h1",
            "PAN-OS 11.2.0",
            "PAN-OS 11.1.15",
            "PAN-OS 11.1.14",
            "PAN-OS 11.1.13-h8",
            "PAN-OS 11.1.13-h7",
            "PAN-OS 11.1.13-h6",
            "PAN-OS 11.1.13-h5",
            "PAN-OS 11.1.13-h3",
            "PAN-OS 11.1.13-h2",
            "PAN-OS 11.1.13-h1",
            "PAN-OS 11.1.13",
            "PAN-OS 11.1.12",
            "PAN-OS 11.1.11",
            "PAN-OS 11.1.10-h28",
            "PAN-OS 11.1.10-h27",
            "PAN-OS 11.1.10-h26",
            "PAN-OS 11.1.10-h25",
            "PAN-OS 11.1.10-h21",
            "PAN-OS 11.1.10-h12",
            "PAN-OS 11.1.10-h10",
            "PAN-OS 11.1.10-h9",
            "PAN-OS 11.1.10-h7",
            "PAN-OS 11.1.10-h5",
            "PAN-OS 11.1.10-h4",
            "PAN-OS 11.1.10-h1",
            "PAN-OS 11.1.10",
            "PAN-OS 11.1.9",
            "PAN-OS 11.1.8",
            "PAN-OS 11.1.6-h34",
            "PAN-OS 11.1.6-h33",
            "PAN-OS 11.1.6-h32",
            "PAN-OS 11.1.6-h29",
            "PAN-OS 11.1.6-h25",
            "PAN-OS 11.1.6-h23",
            "PAN-OS 11.1.6-h22",
            "PAN-OS 11.1.6-h21",
            "PAN-OS 11.1.6-h20",
            "PAN-OS 11.1.6-h19",
            "PAN-OS 11.1.6-h18",
            "PAN-OS 11.1.6-h17",
            "PAN-OS 11.1.6-h14",
            "PAN-OS 11.1.6-h10",
            "PAN-OS 11.1.6-h7",
            "PAN-OS 11.1.6-h6",
            "PAN-OS 11.1.6-h4",
            "PAN-OS 11.1.6-h3",
            "PAN-OS 11.1.6-h2",
            "PAN-OS 11.1.6-h1",
            "PAN-OS 11.1.6",
            "PAN-OS 11.1.5-h1",
            "PAN-OS 11.1.5",
            "PAN-OS 11.1.4-h34",
            "PAN-OS 11.1.4-h33",
            "PAN-OS 11.1.4-h32",
            "PAN-OS 11.1.4-h27",
            "PAN-OS 11.1.4-h25",
            "PAN-OS 11.1.4-h18",
            "PAN-OS 11.1.4-h17",
            "PAN-OS 11.1.4-h15",
            "PAN-OS 11.1.4-h13",
            "PAN-OS 11.1.4-h12",
            "PAN-OS 11.1.4-h11",
            "PAN-OS 11.1.4-h10",
            "PAN-OS 11.1.4-h9",
            "PAN-OS 11.1.4-h8",
            "PAN-OS 11.1.4-h7",
            "PAN-OS 11.1.4-h6",
            "PAN-OS 11.1.4-h5",
            "PAN-OS 11.1.4-h4",
            "PAN-OS 11.1.4-h3",
            "PAN-OS 11.1.4-h2",
            "PAN-OS 11.1.4-h1",
            "PAN-OS 11.1.4",
            "PAN-OS 11.1.3-h13",
            "PAN-OS 11.1.3-h12",
            "PAN-OS 11.1.3-h11",
            "PAN-OS 11.1.3-h10",
            "PAN-OS 11.1.3-h9",
            "PAN-OS 11.1.3-h8",
            "PAN-OS 11.1.3-h7",
            "PAN-OS 11.1.3-h6",
            "PAN-OS 11.1.3-h5",
            "PAN-OS 11.1.3-h4",
            "PAN-OS 11.1.3-h3",
            "PAN-OS 11.1.3-h2",
            "PAN-OS 11.1.3-h1",
            "PAN-OS 11.1.3",
            "PAN-OS 11.1.2-h18",
            "PAN-OS 11.1.2-h17",
            "PAN-OS 11.1.2-h16",
            "PAN-OS 11.1.2-h15",
            "PAN-OS 11.1.2-h14",
            "PAN-OS 11.1.2-h13",
            "PAN-OS 11.1.2-h12",
            "PAN-OS 11.1.2-h11",
            "PAN-OS 11.1.2-h10",
            "PAN-OS 11.1.2-h9",
            "PAN-OS 11.1.2-h8",
            "PAN-OS 11.1.2-h7",
            "PAN-OS 11.1.2-h6",
            "PAN-OS 11.1.2-h5",
            "PAN-OS 11.1.2-h4",
            "PAN-OS 11.1.2-h3",
            "PAN-OS 11.1.2-h2",
            "PAN-OS 11.1.2-h1",
            "PAN-OS 11.1.2",
            "PAN-OS 11.1.1-h2",
            "PAN-OS 11.1.1-h1",
            "PAN-OS 11.1.1",
            "PAN-OS 11.1.0-h4",
            "PAN-OS 11.1.0-h3",
            "PAN-OS 11.1.0-h2",
            "PAN-OS 11.1.0-h1",
            "PAN-OS 11.1.0",
            "PAN-OS 10.2.18-h7",
            "PAN-OS 10.2.18-h6",
            "PAN-OS 10.2.18-h5",
            "PAN-OS 10.2.18-h1",
            "PAN-OS 10.2.18",
            "PAN-OS 10.2.17",
            "PAN-OS 10.2.16-h8",
            "PAN-OS 10.2.16-h7",
            "PAN-OS 10.2.16-h6",
            "PAN-OS 10.2.16-h4",
            "PAN-OS 10.2.16-h1",
            "PAN-OS 10.2.16",
            "PAN-OS 10.2.15",
            "PAN-OS 10.2.14-h1",
            "PAN-OS 10.2.14",
            "PAN-OS 10.2.13-h22",
            "PAN-OS 10.2.13-h21",
            "PAN-OS 10.2.13-h18",
            "PAN-OS 10.2.13-h16",
            "PAN-OS 10.2.13-h15",
            "PAN-OS 10.2.13-h10",
            "PAN-OS 10.2.13-h7",
            "PAN-OS 10.2.13-h5",
            "PAN-OS 10.2.13-h4",
            "PAN-OS 10.2.13-h3",
            "PAN-OS 10.2.13-h2",
            "PAN-OS 10.2.13-h1",
            "PAN-OS 10.2.13",
            "PAN-OS 10.2.12-h6",
            "PAN-OS 10.2.12-h5",
            "PAN-OS 10.2.12-h4",
            "PAN-OS 10.2.12-h3",
            "PAN-OS 10.2.12-h2",
            "PAN-OS 10.2.12-h1",
            "PAN-OS 10.2.12",
            "PAN-OS 10.2.11-h13",
            "PAN-OS 10.2.11-h12",
            "PAN-OS 10.2.11-h11",
            "PAN-OS 10.2.11-h10",
            "PAN-OS 10.2.11-h9",
            "PAN-OS 10.2.11-h8",
            "PAN-OS 10.2.11-h7",
            "PAN-OS 10.2.11-h6",
            "PAN-OS 10.2.11-h5",
            "PAN-OS 10.2.11-h4",
            "PAN-OS 10.2.11-h3",
            "PAN-OS 10.2.11-h2",
            "PAN-OS 10.2.11-h1",
            "PAN-OS 10.2.11",
            "PAN-OS 10.2.10-h37",
            "PAN-OS 10.2.10-h36",
            "PAN-OS 10.2.10-h31",
            "PAN-OS 10.2.10-h30",
            "PAN-OS 10.2.10-h27",
            "PAN-OS 10.2.10-h26",
            "PAN-OS 10.2.10-h23",
            "PAN-OS 10.2.10-h21",
            "PAN-OS 10.2.10-h18",
            "PAN-OS 10.2.10-h17",
            "PAN-OS 10.2.10-h14",
            "PAN-OS 10.2.10-h13",
            "PAN-OS 10.2.10-h12",
            "PAN-OS 10.2.10-h11",
            "PAN-OS 10.2.10-h10",
            "PAN-OS 10.2.10-h9",
            "PAN-OS 10.2.10-h8",
            "PAN-OS 10.2.10-h7",
            "PAN-OS 10.2.10-h6",
            "PAN-OS 10.2.10-h5",
            "PAN-OS 10.2.10-h4",
            "PAN-OS 10.2.10-h3",
            "PAN-OS 10.2.10-h2",
            "PAN-OS 10.2.10-h1",
            "PAN-OS 10.2.10",
            "PAN-OS 10.2.9-h21",
            "PAN-OS 10.2.9-h20",
            "PAN-OS 10.2.9-h19",
            "PAN-OS 10.2.9-h18",
            "PAN-OS 10.2.9-h17",
            "PAN-OS 10.2.9-h16",
            "PAN-OS 10.2.9-h15",
            "PAN-OS 10.2.9-h14",
            "PAN-OS 10.2.9-h13",
            "PAN-OS 10.2.9-h12",
            "PAN-OS 10.2.9-h11",
            "PAN-OS 10.2.9-h10",
            "PAN-OS 10.2.9-h9",
            "PAN-OS 10.2.9-h8",
            "PAN-OS 10.2.9-h7",
            "PAN-OS 10.2.9-h6",
            "PAN-OS 10.2.9-h5",
            "PAN-OS 10.2.9-h4",
            "PAN-OS 10.2.9-h3",
            "PAN-OS 10.2.9-h2",
            "PAN-OS 10.2.9-h1",
            "PAN-OS 10.2.9",
            "PAN-OS 10.2.8-h21",
            "PAN-OS 10.2.8-h20",
            "PAN-OS 10.2.8-h19",
            "PAN-OS 10.2.8-h18",
            "PAN-OS 10.2.8-h17",
            "PAN-OS 10.2.8-h16",
            "PAN-OS 10.2.8-h15",
            "PAN-OS 10.2.8-h14",
            "PAN-OS 10.2.8-h13",
            "PAN-OS 10.2.8-h12",
            "PAN-OS 10.2.8-h11",
            "PAN-OS 10.2.8-h10",
            "PAN-OS 10.2.8-h9",
            "PAN-OS 10.2.8-h8",
            "PAN-OS 10.2.8-h7",
            "PAN-OS 10.2.8-h6",
            "PAN-OS 10.2.8-h5",
            "PAN-OS 10.2.8-h4",
            "PAN-OS 10.2.8-h3",
            "PAN-OS 10.2.8-h2",
            "PAN-OS 10.2.8-h1",
            "PAN-OS 10.2.8",
            "PAN-OS 10.2.7-h35",
            "PAN-OS 10.2.7-h34",
            "PAN-OS 10.2.7-h32",
            "PAN-OS 10.2.7-h24",
            "PAN-OS 10.2.7-h23",
            "PAN-OS 10.2.7-h22",
            "PAN-OS 10.2.7-h21",
            "PAN-OS 10.2.7-h20",
            "PAN-OS 10.2.7-h19",
            "PAN-OS 10.2.7-h18",
            "PAN-OS 10.2.7-h17",
            "PAN-OS 10.2.7-h16",
            "PAN-OS 10.2.7-h15",
            "PAN-OS 10.2.7-h14",
            "PAN-OS 10.2.7-h13",
            "PAN-OS 10.2.7-h12",
            "PAN-OS 10.2.7-h11",
            "PAN-OS 10.2.7-h10",
            "PAN-OS 10.2.7-h9",
            "PAN-OS 10.2.7-h8",
            "PAN-OS 10.2.7-h7",
            "PAN-OS 10.2.7-h6",
            "PAN-OS 10.2.7-h5",
            "PAN-OS 10.2.7-h4",
            "PAN-OS 10.2.7-h3",
            "PAN-OS 10.2.7-h2",
            "PAN-OS 10.2.7-h1",
            "PAN-OS 10.2.7",
            "PAN-OS 10.2.6-h6",
            "PAN-OS 10.2.6-h5",
            "PAN-OS 10.2.6-h4",
            "PAN-OS 10.2.6-h3",
            "PAN-OS 10.2.6-h2",
            "PAN-OS 10.2.6-h1",
            "PAN-OS 10.2.6",
            "PAN-OS 10.2.5-h9",
            "PAN-OS 10.2.5-h8",
            "PAN-OS 10.2.5-h7",
            "PAN-OS 10.2.5-h6",
            "PAN-OS 10.2.5-h5",
            "PAN-OS 10.2.5-h4",
            "PAN-OS 10.2.5-h3",
            "PAN-OS 10.2.5-h2",
            "PAN-OS 10.2.5-h1",
            "PAN-OS 10.2.5",
            "PAN-OS 10.2.4-h32",
            "PAN-OS 10.2.4-h31",
            "PAN-OS 10.2.4-h30",
            "PAN-OS 10.2.4-h29",
            "PAN-OS 10.2.4-h28",
            "PAN-OS 10.2.4-h27",
            "PAN-OS 10.2.4-h26",
            "PAN-OS 10.2.4-h25",
            "PAN-OS 10.2.4-h24",
            "PAN-OS 10.2.4-h23",
            "PAN-OS 10.2.4-h22",
            "PAN-OS 10.2.4-h21",
            "PAN-OS 10.2.4-h20",
            "PAN-OS 10.2.4-h19",
            "PAN-OS 10.2.4-h18",
            "PAN-OS 10.2.4-h17",
            "PAN-OS 10.2.4-h16",
            "PAN-OS 10.2.4-h15",
            "PAN-OS 10.2.4-h14",
            "PAN-OS 10.2.4-h13",
            "PAN-OS 10.2.4-h12",
            "PAN-OS 10.2.4-h11",
            "PAN-OS 10.2.4-h10",
            "PAN-OS 10.2.4-h9",
            "PAN-OS 10.2.4-h8",
            "PAN-OS 10.2.4-h7",
            "PAN-OS 10.2.4-h6",
            "PAN-OS 10.2.4-h5",
            "PAN-OS 10.2.4-h4",
            "PAN-OS 10.2.4-h3",
            "PAN-OS 10.2.4-h2",
            "PAN-OS 10.2.4-h1",
            "PAN-OS 10.2.4",
            "PAN-OS 10.2.3-h14",
            "PAN-OS 10.2.3-h13",
            "PAN-OS 10.2.3-h12",
            "PAN-OS 10.2.3-h11",
            "PAN-OS 10.2.3-h10",
            "PAN-OS 10.2.3-h9",
            "PAN-OS 10.2.3-h8",
            "PAN-OS 10.2.3-h7",
            "PAN-OS 10.2.3-h6",
            "PAN-OS 10.2.3-h5",
            "PAN-OS 10.2.3-h4",
            "PAN-OS 10.2.3-h3",
            "PAN-OS 10.2.3-h2",
            "PAN-OS 10.2.3-h1",
            "PAN-OS 10.2.3",
            "PAN-OS 10.2.2-h6",
            "PAN-OS 10.2.2-h5",
            "PAN-OS 10.2.2-h4",
            "PAN-OS 10.2.2-h3",
            "PAN-OS 10.2.2-h2",
            "PAN-OS 10.2.2-h1",
            "PAN-OS 10.2.2",
            "PAN-OS 10.2.1-h3",
            "PAN-OS 10.2.1-h2",
            "PAN-OS 10.2.1-h1",
            "PAN-OS 10.2.1",
            "PAN-OS 10.2.0-h4",
            "PAN-OS 10.2.0-h3",
            "PAN-OS 10.2.0-h2",
            "PAN-OS 10.2.0-h1",
            "PAN-OS 10.2.0"
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "assignerShortName": "palo_alto",
        "cveId": "CVE-2026-0283",
        "datePublished": "2026-07-09T19:01:34.210Z",
        "dateReserved": "2025-11-03T20:44:41.929Z",
        "dateUpdated": "2026-07-09T19:25:07.889Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0284 (GCVE-0-2026-0284)

    Vulnerability from cvelistv5 – Published: 2026-07-09 18:59 – Updated: 2026-07-09 19:25
    VLAI
    Title
    PAN-OS: XML Injection Vulnerability in Large Scale VPN (LSVPN)
    Summary
    An XML injection vulnerability in the Large Scale VPN (LSVPN) functionality of Palo Alto Networks PAN-OS® software enables an unauthenticated attacker with network access to inject malicious XML content, potentially leading to information disclosure or corruption of internal LSVPN satellite data. Panorama, Cloud NGFW, and Prisma® Access are not impacted by this vulnerability.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Palo Alto Networks Cloud NGFW Unaffected: All (custom)
    Create a notification for this product.
    Palo Alto Networks PAN-OS Affected: 12.1.0 , < 12.1.4-h8 (custom)
    Affected: 11.2.0 , < 11.2.4-h20 (custom)
    Affected: 11.1.0 , < 11.1.4-h35 (custom)
    Affected: 10.2.0 , < 10.2.7-h36 (custom)
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.12:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h13:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.15:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.14:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h26:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h25:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h32:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h29:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h25:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h23:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h22:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h20:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h19:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h33:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h32:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h27:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h25:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h13:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h16:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h36:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h31:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h30:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h27:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h26:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h23:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h13:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h34:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h32:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h24:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h23:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h22:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h20:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h19:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h16:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h13:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Palo Alto Networks Prisma Access Unaffected: All (custom)
    Create a notification for this product.
    Date Public
    2026-07-08 16:00
    Credits
    our internal security research teams
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0284",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T19:25:21.473868Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T19:25:27.319Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Cloud NGFW",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h13:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h26:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h25:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h32:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h29:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h25:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h23:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h22:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h20:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h19:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h33:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h32:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h27:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h25:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h13:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h16:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h36:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h31:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h30:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h27:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h26:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h23:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h13:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h34:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h32:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h24:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h23:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h22:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h20:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h19:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h16:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h13:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "PAN-OS",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "12.1.4-h8",
                      "status": "unaffected"
                    },
                    {
                      "at": "12.1.7-h2",
                      "status": "unaffected"
                    },
                    {
                      "at": "12.1.8",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "12.1.4-h8",
                  "status": "affected",
                  "version": "12.1.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "11.2.4-h20",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.2.7-h18",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.2.10-h12",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.2.13",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "11.2.4-h20",
                  "status": "affected",
                  "version": "11.2.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "11.1.4-h35",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.6-h35",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.7-h8",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.10-h30",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.13-h9",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.16",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "11.1.4-h35",
                  "status": "affected",
                  "version": "11.1.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "10.2.7-h36",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.10-h39",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.13-h23",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.16-h9",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.18-h8",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "10.2.7-h36",
                  "status": "affected",
                  "version": "10.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Prisma Access",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "configurations": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "This issue is applicable only to firewalls using Large Scale VPN (LSVPN) with configured satellites.\u003cbr\u003e\u003cbr\u003eTo check if your firewall has LSVPN satellites configured, run the following from the PAN-OS CLI:\u003cbr\u003e\u003ccode\u003eshow config running | match satellite\u003c/code\u003e\u003cbr\u003e\u003cbr\u003eIf output is returned, LSVPN is in use.\u003cbr\u003e\u003cp\u003eYou can also verify in the web interface by navigating to \u003cb\u003eNetwork \u0026gt; GlobalProtect \u0026gt; Portals\u003c/b\u003e, selecting each portal, and checking whether the \u003cb\u003eSatellite\u003c/b\u003e tab contains any \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/ngfw/administration/large-scale-vpn-lsvpn/configure-the-globalprotect-portal-for-lsvpn/define-the-satellite-configurations\"\u003econfigured satellites\u003c/a\u003e.\u003c/p\u003e"
                }
              ],
              "value": "This issue is applicable only to firewalls using Large Scale VPN (LSVPN) with configured satellites.\n\nTo check if your firewall has LSVPN satellites configured, run the following from the PAN-OS CLI:\nshow config running | match satellite\n\nIf output is returned, LSVPN is in use.\n\n\nYou can also verify in the web interface by navigating to Network \u003e GlobalProtect \u003e Portals, selecting each portal, and checking whether the Satellite tab contains any  configured satellites https://docs.paloaltonetworks.com/ngfw/administration/large-scale-vpn-lsvpn/configure-the-globalprotect-portal-for-lsvpn/define-the-satellite-configurations ."
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "12.1.4-h8",
                      "versionStartIncluding": "12.1.4",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "12.1.7-h2",
                      "versionStartIncluding": "12.1.7",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "12.1.8",
                      "versionStartIncluding": "12.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.2.4-h20",
                      "versionStartIncluding": "11.2.4",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.2.7-h18",
                      "versionStartIncluding": "11.2.7",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.2.10-h12",
                      "versionStartIncluding": "11.2.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.2.13",
                      "versionStartIncluding": "11.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.4-h35",
                      "versionStartIncluding": "11.1.4",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.6-h35",
                      "versionStartIncluding": "11.1.6",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.7-h8",
                      "versionStartIncluding": "11.1.7",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.10-h30",
                      "versionStartIncluding": "11.1.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.13-h9",
                      "versionStartIncluding": "11.1.13",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.16",
                      "versionStartIncluding": "11.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.7-h36",
                      "versionStartIncluding": "10.2.7",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.10-h39",
                      "versionStartIncluding": "10.2.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.13-h23",
                      "versionStartIncluding": "10.2.13",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.16-h9",
                      "versionStartIncluding": "10.2.16",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.18-h8",
                      "versionStartIncluding": "10.2.18",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "our internal security research teams"
            }
          ],
          "datePublic": "2026-07-08T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An XML injection vulnerability in the Large Scale VPN (LSVPN) functionality of Palo Alto Networks PAN-OS\u00ae software enables an unauthenticated attacker with network access to inject malicious XML content, potentially leading to information disclosure or corruption of internal LSVPN satellite data.\u003cbr\u003e\u003cbr\u003ePanorama, Cloud NGFW, and Prisma\u00ae Access are not impacted by this vulnerability."
                }
              ],
              "value": "An XML injection vulnerability in the Large Scale VPN (LSVPN) functionality of Palo Alto Networks PAN-OS\u00ae software enables an unauthenticated attacker with network access to inject malicious XML content, potentially leading to information disclosure or corruption of internal LSVPN satellite data.\n\nPanorama, Cloud NGFW, and Prisma\u00ae Access are not impacted by this vulnerability."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
                }
              ],
              "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-250",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-250 XML Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NO",
                "Recovery": "AUTOMATIC",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "UNREPORTED",
                "privilegesRequired": "NONE",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "LOW",
                "userInteraction": "NONE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:H/SI:L/SA:L/E:U/AU:N/R:A/V:D/RE:M/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T18:59:57.586Z",
            "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
            "shortName": "palo_alto"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.paloaltonetworks.com/CVE-2026-0284"
            }
          ],
          "solutions": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003ctable\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eVersion\u003c/th\u003e\u003cth\u003eMinor Version Range\u003c/th\u003e\u003cth\u003eSuggested Solution\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eCloud NGFW\u003c/td\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 12.1\u003c/td\u003e\u003ctd\u003e12.1.5 through 12.1.7-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 12.1.7-h2 or 12.1.8 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e12.1.2 through 12.1.4-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 12.1.4-h8 or 12.1.8 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 11.2\u003c/td\u003e\u003ctd\u003e11.2.11 through 11.2.12\u003c/td\u003e\u003ctd\u003eUpgrade to 11.2.13 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.2.8 through 11.2.10-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.2.10-h12 or 11.2.13 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.2.5 through 11.2.7-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.2.7-h18 or 11.2.13 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.2.0 through 11.2.4-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.2.4-h20 or 11.2.13 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 11.1\u003c/td\u003e\u003ctd\u003e11.1.14 through 11.1.15\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.16 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.1.11 through 11.1.13-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.13-h9 or 11.1.16 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.1.8 through 11.1.10-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.10-h30 or 11.1.16 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.1.7 through 11.1.7-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.7-h8 or 11.1.16 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.1.5 through 11.1.6-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.6-h35 or 11.1.16 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.1.0 through 11.1.4-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.4-h35 or 11.1.16 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 10.2\u003c/td\u003e\u003ctd\u003e10.2.17 through 10.2.18-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 10.2.18-h8 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e10.2.14 through 10.2.16-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 10.2.16-h9 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e10.2.11 through 10.2.13-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 10.2.13-h23 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e10.2.8 through 10.2.10-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 10.2.10-h39 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e10.2.0 through 10.2.7-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 10.2.7-h36 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eAll other older\u003cbr\u003eunsupported\u003cbr\u003ePAN-OS versions\u003c/td\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003eUpgrade to a supported fixed version.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePrisma Access\u003c/td\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e"
                }
              ],
              "value": "VersionMinor Version RangeSuggested SolutionCloud NGFW\nNo action needed.PAN-OS 12.112.1.5 through 12.1.7-h*Upgrade to 12.1.7-h2 or 12.1.8 or later.\n12.1.2 through 12.1.4-h*Upgrade to 12.1.4-h8 or 12.1.8 or later.PAN-OS 11.211.2.11 through 11.2.12Upgrade to 11.2.13 or later.\n11.2.8 through 11.2.10-h*Upgrade to 11.2.10-h12 or 11.2.13 or later.\n11.2.5 through 11.2.7-h*Upgrade to 11.2.7-h18 or 11.2.13 or later.\n11.2.0 through 11.2.4-h*Upgrade to 11.2.4-h20 or 11.2.13 or later.PAN-OS 11.111.1.14 through 11.1.15Upgrade to 11.1.16 or later.\n11.1.11 through 11.1.13-h*Upgrade to 11.1.13-h9 or 11.1.16 or later.\n11.1.8 through 11.1.10-h*Upgrade to 11.1.10-h30 or 11.1.16 or later.\n11.1.7 through 11.1.7-h*Upgrade to 11.1.7-h8 or 11.1.16 or later.\n11.1.5 through 11.1.6-h*Upgrade to 11.1.6-h35 or 11.1.16 or later.\n11.1.0 through 11.1.4-h*Upgrade to 11.1.4-h35 or 11.1.16 or later.PAN-OS 10.210.2.17 through 10.2.18-h*Upgrade to 10.2.18-h8 or later.\n10.2.14 through 10.2.16-h*Upgrade to 10.2.16-h9 or later.\n10.2.11 through 10.2.13-h*Upgrade to 10.2.13-h23 or later.\n10.2.8 through 10.2.10-h*Upgrade to 10.2.10-h39 or later.\n10.2.0 through 10.2.7-h*Upgrade to 10.2.7-h36 or later.All other older\nunsupported\nPAN-OS versions\nUpgrade to a supported fixed version.Prisma Access\nNo action needed."
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-08T16:00:00.000Z",
              "value": "Initial publication"
            }
          ],
          "title": "PAN-OS: XML Injection Vulnerability in Large Scale VPN (LSVPN)",
          "workarounds": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "No known workarounds exist for this issue.\u003cbr\u003e\u003cbr\u003eCustomers with a Threat Prevention subscription are provided with limited coverage against this vulnerability by enabling Threat ID 510031 (from Applications and Threats content version\u0026nbsp;9122-10145 and later).\u003cbr\u003e\u003cp\u003eTo ensure the Threat ID provides effective protection against this vulnerability, ensure that \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/globalprotect-articles/applying-vulnerability-protection-to-globalprotect-interfaces/ta-p/340184\"\u003evulnerability protection security profile is applied to your GlobalProtect interface\u003c/a\u003e.\u003c/p\u003e"
                }
              ],
              "value": "No known workarounds exist for this issue.\n\nCustomers with a Threat Prevention subscription are provided with limited coverage against this vulnerability by enabling Threat ID 510031 (from Applications and Threats content version\u00a09122-10145 and later).\n\n\nTo ensure the Threat ID provides effective protection against this vulnerability, ensure that  vulnerability protection security profile is applied to your GlobalProtect interface https://live.paloaltonetworks.com/t5/globalprotect-articles/applying-vulnerability-protection-to-globalprotect-interfaces/ta-p/340184 ."
            }
          ],
          "x_affectedList": [
            "PAN-OS 12.1.7",
            "PAN-OS 12.1.6",
            "PAN-OS 12.1.5",
            "PAN-OS 12.1.4-h6",
            "PAN-OS 12.1.4-h5",
            "PAN-OS 12.1.4-h3",
            "PAN-OS 12.1.4-h2",
            "PAN-OS 12.1.4",
            "PAN-OS 12.1.3-h3",
            "PAN-OS 12.1.3-h1",
            "PAN-OS 12.1.3",
            "PAN-OS 12.1.2",
            "PAN-OS 11.2.12",
            "PAN-OS 11.2.11",
            "PAN-OS 11.2.10-h8",
            "PAN-OS 11.2.10-h7",
            "PAN-OS 11.2.10-h6",
            "PAN-OS 11.2.10-h5",
            "PAN-OS 11.2.10-h4",
            "PAN-OS 11.2.10-h3",
            "PAN-OS 11.2.10-h2",
            "PAN-OS 11.2.10-h1",
            "PAN-OS 11.2.10",
            "PAN-OS 11.2.9",
            "PAN-OS 11.2.8",
            "PAN-OS 11.2.7-h15",
            "PAN-OS 11.2.7-h14",
            "PAN-OS 11.2.7-h13",
            "PAN-OS 11.2.7-h12",
            "PAN-OS 11.2.7-h11",
            "PAN-OS 11.2.7-h10",
            "PAN-OS 11.2.7-h8",
            "PAN-OS 11.2.7-h7",
            "PAN-OS 11.2.7-h4",
            "PAN-OS 11.2.7-h3",
            "PAN-OS 11.2.7-h2",
            "PAN-OS 11.2.7-h1",
            "PAN-OS 11.2.7",
            "PAN-OS 11.2.6",
            "PAN-OS 11.2.5",
            "PAN-OS 11.2.4-h17",
            "PAN-OS 11.2.4-h15",
            "PAN-OS 11.2.4-h14",
            "PAN-OS 11.2.4-h12",
            "PAN-OS 11.2.4-h11",
            "PAN-OS 11.2.4-h10",
            "PAN-OS 11.2.4-h9",
            "PAN-OS 11.2.4-h8",
            "PAN-OS 11.2.4-h7",
            "PAN-OS 11.2.4-h6",
            "PAN-OS 11.2.4-h5",
            "PAN-OS 11.2.4-h4",
            "PAN-OS 11.2.4-h3",
            "PAN-OS 11.2.4-h2",
            "PAN-OS 11.2.4-h1",
            "PAN-OS 11.2.4",
            "PAN-OS 11.2.3-h5",
            "PAN-OS 11.2.3-h4",
            "PAN-OS 11.2.3-h3",
            "PAN-OS 11.2.3-h2",
            "PAN-OS 11.2.3-h1",
            "PAN-OS 11.2.3",
            "PAN-OS 11.2.2-h2",
            "PAN-OS 11.2.2-h1",
            "PAN-OS 11.2.1-h1",
            "PAN-OS 11.2.1",
            "PAN-OS 11.2.0-h1",
            "PAN-OS 11.2.0",
            "PAN-OS 11.1.15",
            "PAN-OS 11.1.14",
            "PAN-OS 11.1.13-h6",
            "PAN-OS 11.1.13-h5",
            "PAN-OS 11.1.13-h3",
            "PAN-OS 11.1.13-h2",
            "PAN-OS 11.1.13-h1",
            "PAN-OS 11.1.13",
            "PAN-OS 11.1.12",
            "PAN-OS 11.1.11",
            "PAN-OS 11.1.10-h26",
            "PAN-OS 11.1.10-h25",
            "PAN-OS 11.1.10-h21",
            "PAN-OS 11.1.10-h12",
            "PAN-OS 11.1.10-h10",
            "PAN-OS 11.1.10-h9",
            "PAN-OS 11.1.10-h7",
            "PAN-OS 11.1.10-h5",
            "PAN-OS 11.1.10-h4",
            "PAN-OS 11.1.10-h1",
            "PAN-OS 11.1.10",
            "PAN-OS 11.1.9",
            "PAN-OS 11.1.8",
            "PAN-OS 11.1.6-h32",
            "PAN-OS 11.1.6-h29",
            "PAN-OS 11.1.6-h25",
            "PAN-OS 11.1.6-h23",
            "PAN-OS 11.1.6-h22",
            "PAN-OS 11.1.6-h21",
            "PAN-OS 11.1.6-h20",
            "PAN-OS 11.1.6-h19",
            "PAN-OS 11.1.6-h18",
            "PAN-OS 11.1.6-h17",
            "PAN-OS 11.1.6-h14",
            "PAN-OS 11.1.6-h10",
            "PAN-OS 11.1.6-h7",
            "PAN-OS 11.1.6-h6",
            "PAN-OS 11.1.6-h4",
            "PAN-OS 11.1.6-h3",
            "PAN-OS 11.1.6-h2",
            "PAN-OS 11.1.6-h1",
            "PAN-OS 11.1.6",
            "PAN-OS 11.1.5-h1",
            "PAN-OS 11.1.5",
            "PAN-OS 11.1.4-h33",
            "PAN-OS 11.1.4-h32",
            "PAN-OS 11.1.4-h27",
            "PAN-OS 11.1.4-h25",
            "PAN-OS 11.1.4-h18",
            "PAN-OS 11.1.4-h17",
            "PAN-OS 11.1.4-h15",
            "PAN-OS 11.1.4-h13",
            "PAN-OS 11.1.4-h12",
            "PAN-OS 11.1.4-h11",
            "PAN-OS 11.1.4-h10",
            "PAN-OS 11.1.4-h9",
            "PAN-OS 11.1.4-h8",
            "PAN-OS 11.1.4-h7",
            "PAN-OS 11.1.4-h6",
            "PAN-OS 11.1.4-h5",
            "PAN-OS 11.1.4-h4",
            "PAN-OS 11.1.4-h3",
            "PAN-OS 11.1.4-h2",
            "PAN-OS 11.1.4-h1",
            "PAN-OS 11.1.4",
            "PAN-OS 11.1.3-h13",
            "PAN-OS 11.1.3-h12",
            "PAN-OS 11.1.3-h11",
            "PAN-OS 11.1.3-h10",
            "PAN-OS 11.1.3-h9",
            "PAN-OS 11.1.3-h8",
            "PAN-OS 11.1.3-h7",
            "PAN-OS 11.1.3-h6",
            "PAN-OS 11.1.3-h5",
            "PAN-OS 11.1.3-h4",
            "PAN-OS 11.1.3-h3",
            "PAN-OS 11.1.3-h2",
            "PAN-OS 11.1.3-h1",
            "PAN-OS 11.1.3",
            "PAN-OS 11.1.2-h18",
            "PAN-OS 11.1.2-h17",
            "PAN-OS 11.1.2-h16",
            "PAN-OS 11.1.2-h15",
            "PAN-OS 11.1.2-h14",
            "PAN-OS 11.1.2-h13",
            "PAN-OS 11.1.2-h12",
            "PAN-OS 11.1.2-h11",
            "PAN-OS 11.1.2-h10",
            "PAN-OS 11.1.2-h9",
            "PAN-OS 11.1.2-h8",
            "PAN-OS 11.1.2-h7",
            "PAN-OS 11.1.2-h6",
            "PAN-OS 11.1.2-h5",
            "PAN-OS 11.1.2-h4",
            "PAN-OS 11.1.2-h3",
            "PAN-OS 11.1.2-h2",
            "PAN-OS 11.1.2-h1",
            "PAN-OS 11.1.2",
            "PAN-OS 11.1.1-h2",
            "PAN-OS 11.1.1-h1",
            "PAN-OS 11.1.1",
            "PAN-OS 11.1.0-h4",
            "PAN-OS 11.1.0-h3",
            "PAN-OS 11.1.0-h2",
            "PAN-OS 11.1.0-h1",
            "PAN-OS 11.1.0",
            "PAN-OS 10.2.18-h6",
            "PAN-OS 10.2.18-h5",
            "PAN-OS 10.2.18-h1",
            "PAN-OS 10.2.18",
            "PAN-OS 10.2.17",
            "PAN-OS 10.2.16-h7",
            "PAN-OS 10.2.16-h6",
            "PAN-OS 10.2.16-h4",
            "PAN-OS 10.2.16-h1",
            "PAN-OS 10.2.16",
            "PAN-OS 10.2.15",
            "PAN-OS 10.2.14-h1",
            "PAN-OS 10.2.14",
            "PAN-OS 10.2.13-h21",
            "PAN-OS 10.2.13-h18",
            "PAN-OS 10.2.13-h16",
            "PAN-OS 10.2.13-h15",
            "PAN-OS 10.2.13-h10",
            "PAN-OS 10.2.13-h7",
            "PAN-OS 10.2.13-h5",
            "PAN-OS 10.2.13-h4",
            "PAN-OS 10.2.13-h3",
            "PAN-OS 10.2.13-h2",
            "PAN-OS 10.2.13-h1",
            "PAN-OS 10.2.13",
            "PAN-OS 10.2.12-h6",
            "PAN-OS 10.2.12-h5",
            "PAN-OS 10.2.12-h4",
            "PAN-OS 10.2.12-h3",
            "PAN-OS 10.2.12-h2",
            "PAN-OS 10.2.12-h1",
            "PAN-OS 10.2.12",
            "PAN-OS 10.2.11-h13",
            "PAN-OS 10.2.11-h12",
            "PAN-OS 10.2.11-h11",
            "PAN-OS 10.2.11-h10",
            "PAN-OS 10.2.11-h9",
            "PAN-OS 10.2.11-h8",
            "PAN-OS 10.2.11-h7",
            "PAN-OS 10.2.11-h6",
            "PAN-OS 10.2.11-h5",
            "PAN-OS 10.2.11-h4",
            "PAN-OS 10.2.11-h3",
            "PAN-OS 10.2.11-h2",
            "PAN-OS 10.2.11-h1",
            "PAN-OS 10.2.11",
            "PAN-OS 10.2.10-h36",
            "PAN-OS 10.2.10-h31",
            "PAN-OS 10.2.10-h30",
            "PAN-OS 10.2.10-h27",
            "PAN-OS 10.2.10-h26",
            "PAN-OS 10.2.10-h23",
            "PAN-OS 10.2.10-h21",
            "PAN-OS 10.2.10-h18",
            "PAN-OS 10.2.10-h17",
            "PAN-OS 10.2.10-h14",
            "PAN-OS 10.2.10-h13",
            "PAN-OS 10.2.10-h12",
            "PAN-OS 10.2.10-h11",
            "PAN-OS 10.2.10-h10",
            "PAN-OS 10.2.10-h9",
            "PAN-OS 10.2.10-h8",
            "PAN-OS 10.2.10-h7",
            "PAN-OS 10.2.10-h6",
            "PAN-OS 10.2.10-h5",
            "PAN-OS 10.2.10-h4",
            "PAN-OS 10.2.10-h3",
            "PAN-OS 10.2.10-h2",
            "PAN-OS 10.2.10-h1",
            "PAN-OS 10.2.10",
            "PAN-OS 10.2.9-h21",
            "PAN-OS 10.2.9-h20",
            "PAN-OS 10.2.9-h19",
            "PAN-OS 10.2.9-h18",
            "PAN-OS 10.2.9-h17",
            "PAN-OS 10.2.9-h16",
            "PAN-OS 10.2.9-h15",
            "PAN-OS 10.2.9-h14",
            "PAN-OS 10.2.9-h13",
            "PAN-OS 10.2.9-h12",
            "PAN-OS 10.2.9-h11",
            "PAN-OS 10.2.9-h10",
            "PAN-OS 10.2.9-h9",
            "PAN-OS 10.2.9-h8",
            "PAN-OS 10.2.9-h7",
            "PAN-OS 10.2.9-h6",
            "PAN-OS 10.2.9-h5",
            "PAN-OS 10.2.9-h4",
            "PAN-OS 10.2.9-h3",
            "PAN-OS 10.2.9-h2",
            "PAN-OS 10.2.9-h1",
            "PAN-OS 10.2.9",
            "PAN-OS 10.2.8-h21",
            "PAN-OS 10.2.8-h20",
            "PAN-OS 10.2.8-h19",
            "PAN-OS 10.2.8-h18",
            "PAN-OS 10.2.8-h17",
            "PAN-OS 10.2.8-h16",
            "PAN-OS 10.2.8-h15",
            "PAN-OS 10.2.8-h14",
            "PAN-OS 10.2.8-h13",
            "PAN-OS 10.2.8-h12",
            "PAN-OS 10.2.8-h11",
            "PAN-OS 10.2.8-h10",
            "PAN-OS 10.2.8-h9",
            "PAN-OS 10.2.8-h8",
            "PAN-OS 10.2.8-h7",
            "PAN-OS 10.2.8-h6",
            "PAN-OS 10.2.8-h5",
            "PAN-OS 10.2.8-h4",
            "PAN-OS 10.2.8-h3",
            "PAN-OS 10.2.8-h2",
            "PAN-OS 10.2.8-h1",
            "PAN-OS 10.2.8",
            "PAN-OS 10.2.7-h34",
            "PAN-OS 10.2.7-h32",
            "PAN-OS 10.2.7-h24",
            "PAN-OS 10.2.7-h23",
            "PAN-OS 10.2.7-h22",
            "PAN-OS 10.2.7-h21",
            "PAN-OS 10.2.7-h20",
            "PAN-OS 10.2.7-h19",
            "PAN-OS 10.2.7-h18",
            "PAN-OS 10.2.7-h17",
            "PAN-OS 10.2.7-h16",
            "PAN-OS 10.2.7-h15",
            "PAN-OS 10.2.7-h14",
            "PAN-OS 10.2.7-h13",
            "PAN-OS 10.2.7-h12",
            "PAN-OS 10.2.7-h11",
            "PAN-OS 10.2.7-h10",
            "PAN-OS 10.2.7-h9",
            "PAN-OS 10.2.7-h8",
            "PAN-OS 10.2.7-h7",
            "PAN-OS 10.2.7-h6",
            "PAN-OS 10.2.7-h5",
            "PAN-OS 10.2.7-h4",
            "PAN-OS 10.2.7-h3",
            "PAN-OS 10.2.7-h2",
            "PAN-OS 10.2.7-h1",
            "PAN-OS 10.2.7",
            "PAN-OS 10.2.6-h6",
            "PAN-OS 10.2.6-h5",
            "PAN-OS 10.2.6-h4",
            "PAN-OS 10.2.6-h3",
            "PAN-OS 10.2.6-h2",
            "PAN-OS 10.2.6-h1",
            "PAN-OS 10.2.6",
            "PAN-OS 10.2.5-h9",
            "PAN-OS 10.2.5-h8",
            "PAN-OS 10.2.5-h7",
            "PAN-OS 10.2.5-h6",
            "PAN-OS 10.2.5-h5",
            "PAN-OS 10.2.5-h4",
            "PAN-OS 10.2.5-h3",
            "PAN-OS 10.2.5-h2",
            "PAN-OS 10.2.5-h1",
            "PAN-OS 10.2.5",
            "PAN-OS 10.2.4-h32",
            "PAN-OS 10.2.4-h31",
            "PAN-OS 10.2.4-h30",
            "PAN-OS 10.2.4-h29",
            "PAN-OS 10.2.4-h28",
            "PAN-OS 10.2.4-h27",
            "PAN-OS 10.2.4-h26",
            "PAN-OS 10.2.4-h25",
            "PAN-OS 10.2.4-h24",
            "PAN-OS 10.2.4-h23",
            "PAN-OS 10.2.4-h22",
            "PAN-OS 10.2.4-h21",
            "PAN-OS 10.2.4-h20",
            "PAN-OS 10.2.4-h19",
            "PAN-OS 10.2.4-h18",
            "PAN-OS 10.2.4-h17",
            "PAN-OS 10.2.4-h16",
            "PAN-OS 10.2.4-h15",
            "PAN-OS 10.2.4-h14",
            "PAN-OS 10.2.4-h13",
            "PAN-OS 10.2.4-h12",
            "PAN-OS 10.2.4-h11",
            "PAN-OS 10.2.4-h10",
            "PAN-OS 10.2.4-h9",
            "PAN-OS 10.2.4-h8",
            "PAN-OS 10.2.4-h7",
            "PAN-OS 10.2.4-h6",
            "PAN-OS 10.2.4-h5",
            "PAN-OS 10.2.4-h4",
            "PAN-OS 10.2.4-h3",
            "PAN-OS 10.2.4-h2",
            "PAN-OS 10.2.4-h1",
            "PAN-OS 10.2.4",
            "PAN-OS 10.2.3-h14",
            "PAN-OS 10.2.3-h13",
            "PAN-OS 10.2.3-h12",
            "PAN-OS 10.2.3-h11",
            "PAN-OS 10.2.3-h10",
            "PAN-OS 10.2.3-h9",
            "PAN-OS 10.2.3-h8",
            "PAN-OS 10.2.3-h7",
            "PAN-OS 10.2.3-h6",
            "PAN-OS 10.2.3-h5",
            "PAN-OS 10.2.3-h4",
            "PAN-OS 10.2.3-h3",
            "PAN-OS 10.2.3-h2",
            "PAN-OS 10.2.3-h1",
            "PAN-OS 10.2.3",
            "PAN-OS 10.2.2-h6",
            "PAN-OS 10.2.2-h5",
            "PAN-OS 10.2.2-h4",
            "PAN-OS 10.2.2-h3",
            "PAN-OS 10.2.2-h2",
            "PAN-OS 10.2.2-h1",
            "PAN-OS 10.2.2",
            "PAN-OS 10.2.1-h3",
            "PAN-OS 10.2.1-h2",
            "PAN-OS 10.2.1-h1",
            "PAN-OS 10.2.1",
            "PAN-OS 10.2.0-h4",
            "PAN-OS 10.2.0-h3",
            "PAN-OS 10.2.0-h2",
            "PAN-OS 10.2.0-h1",
            "PAN-OS 10.2.0"
          ],
          "x_faq": [
            {
              "answer": "Limited coverage in Threat Prevention means that while known attack patterns can be identified using the current Threat ID, variations may exist that cannot currently be detected. If this CVE and Required Configuration for Exposure impact your environment, we recommend upgrading to an unaffected version.",
              "question": "Why do Threat Prevention signatures provide limited coverage?"
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "assignerShortName": "palo_alto",
        "cveId": "CVE-2026-0284",
        "datePublished": "2026-07-09T18:59:57.586Z",
        "dateReserved": "2025-11-03T20:44:42.748Z",
        "dateUpdated": "2026-07-09T19:25:27.319Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0285 (GCVE-0-2026-0285)

    Vulnerability from cvelistv5 – Published: 2026-07-09 18:58 – Updated: 2026-07-09 19:25
    VLAI
    Title
    PAN-OS: Server-Side Request Forgery Vulnerability in Management Web Interface
    Summary
    A server-side request forgery (SSRF) vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator with network access to the management web interface to make unauthorized requests from the firewall to internal services. The security risk posed by this issue is minimized when the management interface is restricted to only trusted internal IP addresses according to our recommended  best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .  Panorama, Cloud NGFW, and Prisma® Access are not impacted by this vulnerability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-918 - Server-Side Request Forgery (SSRF)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Palo Alto Networks Cloud NGFW Unaffected: All (custom)
    Create a notification for this product.
    Palo Alto Networks PAN-OS Affected: 12.1.0 , < 12.1.8 (custom)
    Affected: 11.2.0 , < 11.2.13 (custom)
    Affected: 11.1.0 , < 11.1.16 (custom)
    Affected: 10.2.0 , < 10.2.18-h8 (custom)
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.12:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h13:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.15:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.14:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h26:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h25:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h32:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h29:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h25:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h23:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h22:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h20:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h19:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h33:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h32:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h27:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h25:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h13:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h16:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h36:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h31:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h30:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h27:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h26:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h23:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h13:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h34:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h32:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h24:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h23:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h22:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h20:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h19:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h16:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h13:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Palo Alto Networks Prisma Access Unaffected: All (custom)
    Create a notification for this product.
    Date Public
    2026-07-08 16:00
    Credits
    our internal security research teams
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0285",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T19:25:38.612302Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T19:25:44.255Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Cloud NGFW",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h13:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h26:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h25:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h32:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h29:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h25:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h23:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h22:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h20:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h19:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h33:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h32:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h27:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h25:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h13:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h16:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h36:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h31:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h30:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h27:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h26:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h23:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h13:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h34:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h32:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h24:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h23:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h22:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h20:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h19:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h16:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h13:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "PAN-OS",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "12.1.8",
                      "status": "unaffected"
                    },
                    {
                      "at": "12.1.7-h2",
                      "status": "unaffected"
                    },
                    {
                      "at": "12.1.4-h8",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "12.1.8",
                  "status": "affected",
                  "version": "12.1.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "11.2.13",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.2.10-h11",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.2.7-h18",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.2.4-h20",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "11.2.13",
                  "status": "affected",
                  "version": "11.2.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "11.1.16",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.13-h9",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.10-h30",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.7-h8",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.6-h35",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.4-h35",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "11.1.16",
                  "status": "affected",
                  "version": "11.1.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "10.2.18-h8",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.16-h9",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.13-h23",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.10-h39",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.7-h36",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "10.2.18-h8",
                  "status": "affected",
                  "version": "10.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Prisma Access",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "configurations": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003e\u003c/p\u003e\u003cp\u003eThe risk is greatest if you enabled access to the management interface from the internet or any untrusted network either:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003col\u003e\u003cli\u003eDirectly; or\u003c/li\u003e\u003cli\u003eThrough a dataplane interface that includes a management interface profile.\u003c/li\u003e\u003c/ol\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eYou reduce the risk if you ensure that you allow only trusted internal IP addresses to access the management interface.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e"
                }
              ],
              "value": "The risk is greatest if you enabled access to the management interface from the internet or any untrusted network either:\n\n\n\n\n\n  *  Directly; or\n  *  Through a dataplane interface that includes a management interface profile.\n\n\n\n\n\n\nYou reduce the risk if you ensure that you allow only trusted internal IP addresses to access the management interface."
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "12.1.4-h8",
                      "versionStartIncluding": "12.1.4",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "12.1.7-h2",
                      "versionStartIncluding": "12.1.7",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "12.1.8",
                      "versionStartIncluding": "12.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.2.4-h20",
                      "versionStartIncluding": "11.2.4",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.2.7-h18",
                      "versionStartIncluding": "11.2.7",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.2.10-h11",
                      "versionStartIncluding": "11.2.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.2.13",
                      "versionStartIncluding": "11.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.4-h35",
                      "versionStartIncluding": "11.1.4",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.6-h35",
                      "versionStartIncluding": "11.1.6",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.7-h8",
                      "versionStartIncluding": "11.1.7",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.10-h30",
                      "versionStartIncluding": "11.1.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.13-h9",
                      "versionStartIncluding": "11.1.13",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.16",
                      "versionStartIncluding": "11.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.7-h36",
                      "versionStartIncluding": "10.2.7",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.10-h39",
                      "versionStartIncluding": "10.2.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.13-h23",
                      "versionStartIncluding": "10.2.13",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.16-h9",
                      "versionStartIncluding": "10.2.16",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.18-h8",
                      "versionStartIncluding": "10.2.18",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "our internal security research teams"
            }
          ],
          "datePublic": "2026-07-08T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003e\u003cspan\u003eA server-side request forgery (SSRF) vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator with network access to the management web interface to make unauthorized requests from the firewall to internal services.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan\u003eThe security risk posed by this issue is minimized when the management interface is restricted to only trusted internal IP addresses according to our recommended\u0026nbsp;\u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"\u003e\u003cspan\u003ebest practice deployment guidelines\u003c/span\u003e\u003c/a\u003e\u003cspan\u003e.\u0026nbsp;\u003cbr\u003e\u003c/span\u003e\u003cspan\u003e\u003cbr\u003ePanorama, Cloud NGFW, and Prisma\u00ae Access are not impacted by this vulnerability.\u003c/span\u003e\u003c/p\u003e"
                }
              ],
              "value": "A server-side request forgery (SSRF) vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator with network access to the management web interface to make unauthorized requests from the firewall to internal services.\n\n\n\nThe security risk posed by this issue is minimized when the management interface is restricted to only trusted internal IP addresses according to our recommended\u00a0 best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .\u00a0\n\nPanorama, Cloud NGFW, and Prisma\u00ae Access are not impacted by this vulnerability."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
                }
              ],
              "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-664",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-664 Server-Side Request Forgery"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NO",
                "Recovery": "USER",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "UNREPORTED",
                "privilegesRequired": "HIGH",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "The risk is highest when you allow access to the management interface from external IP addresses on the internet."
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NO",
                "Recovery": "USER",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "ADJACENT",
                "baseScore": 4.4,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "UNREPORTED",
                "privilegesRequired": "HIGH",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "You can reduce the risk of exploitation by restricting access to a jump box that is the only system allowed to access the management interface."
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "CWE-918 Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T18:58:14.563Z",
            "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
            "shortName": "palo_alto"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.paloaltonetworks.com/CVE-2026-0285"
            }
          ],
          "solutions": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003ctable class=\"tbl\"\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eVersion\u003cbr\u003e\u003c/th\u003e\u003cth\u003eMinor Version\u003cbr\u003e\u003c/th\u003e\u003cth\u003eSuggested Solution\u003cbr\u003e\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eCloud NGFW\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003ePAN-OS 12.1\u003cbr\u003e\u003c/td\u003e\n                                \u003ctd\u003e12.1.5 through 12.1.7\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 12.1.7-h2 or 12.1.8 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e12.1.2 through 12.1.4\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 12.1.4-h8 or 12.1.8 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003ePAN-OS 11.2\u003cbr\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.2.11 through 11.2.12\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.2.13 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.2.8 through 11.2.10\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.2.10-h11 or 11.2.13 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.2.5 through 11.2.7\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.2.7-h18 or 11.2.13 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.2.0 through 11.2.4\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.2.4-h20 or 11.2.13 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003ePAN-OS 11.1\u003cbr\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.1.14 through 11.1.15\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.1.16 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.1.11 through 11.1.13\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.1.13-h9 or 11.1.16 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.1.8 through 11.1.10\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.1.10-h30 or 11.1.16 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.1.7 through 11.1.7\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.1.7-h8 or 11.1.16 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.1.5 through 11.1.6\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.1.6-h35 or 11.1.16 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.1.0 through 11.1.4\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.1.4-h35 or 11.1.16 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003ePAN-OS 10.2\u003cbr\u003e\u003c/td\u003e\n                                \u003ctd\u003e10.2.17 through 10.2.18\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 10.2.18-h8 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e10.2.14 through 10.2.16\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 10.2.16-h9 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e10.2.11 through 10.2.13\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 10.2.13-h23 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e10.2.8 through 10.2.10\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 10.2.10-h39 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e10.2.0 through 10.2.7\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 10.2.7-h36 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eAll older\u003cbr\u003eunsupported\u003cbr\u003ePAN-OS versions\u003c/td\u003e\u003ctd\u003e\u0026nbsp;\u003c/td\u003e\u003ctd\u003eUpgrade to a supported fixed version.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePrisma Access\u0026nbsp;\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e"
                }
              ],
              "value": "Version\nMinor Version\nSuggested Solution\nCloud NGFW\nNo action needed.\n                                PAN-OS 12.1\n\n                                12.1.5 through 12.1.7-h*\n                                Upgrade to 12.1.7-h2 or 12.1.8 or later.\n                            \n                                \n                                12.1.2 through 12.1.4-h*\n                                Upgrade to 12.1.4-h8 or 12.1.8 or later.\n                            \n                                PAN-OS 11.2\n\n                                11.2.11 through 11.2.12\n                                Upgrade to 11.2.13 or later.\n                            \n                                \n                                11.2.8 through 11.2.10-h*\n                                Upgrade to 11.2.10-h11 or 11.2.13 or later.\n                            \n                                \n                                11.2.5 through 11.2.7-h*\n                                Upgrade to 11.2.7-h18 or 11.2.13 or later.\n                            \n                                \n                                11.2.0 through 11.2.4-h*\n                                Upgrade to 11.2.4-h20 or 11.2.13 or later.\n                            \n                                PAN-OS 11.1\n\n                                11.1.14 through 11.1.15\n                                Upgrade to 11.1.16 or later.\n                            \n                                \n                                11.1.11 through 11.1.13-h*\n                                Upgrade to 11.1.13-h9 or 11.1.16 or later.\n                            \n                                \n                                11.1.8 through 11.1.10-h*\n                                Upgrade to 11.1.10-h30 or 11.1.16 or later.\n                            \n                                \n                                11.1.7 through 11.1.7-h*\n                                Upgrade to 11.1.7-h8 or 11.1.16 or later.\n                            \n                                \n                                11.1.5 through 11.1.6-h*\n                                Upgrade to 11.1.6-h35 or 11.1.16 or later.\n                            \n                                \n                                11.1.0 through 11.1.4-h*\n                                Upgrade to 11.1.4-h35 or 11.1.16 or later.\n                            \n                                PAN-OS 10.2\n\n                                10.2.17 through 10.2.18-h*\n                                Upgrade to 10.2.18-h8 or later.\n                            \n                                \n                                10.2.14 through 10.2.16-h*\n                                Upgrade to 10.2.16-h9 or later.\n                            \n                                \n                                10.2.11 through 10.2.13-h*\n                                Upgrade to 10.2.13-h23 or later.\n                            \n                                \n                                10.2.8 through 10.2.10-h*\n                                Upgrade to 10.2.10-h39 or later.\n                            \n                                \n                                10.2.0 through 10.2.7-h*\n                                Upgrade to 10.2.7-h36 or later.\n                            All older\nunsupported\nPAN-OS versions\u00a0Upgrade to a supported fixed version.Prisma Access\u00a0\nNo action needed."
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-08T16:00:00.000Z",
              "value": "Initial publication"
            }
          ],
          "title": "PAN-OS: Server-Side Request Forgery Vulnerability in Management Web Interface",
          "workarounds": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003e\u003c/p\u003e\u003cp\u003eThe vast majority of firewalls already follow Palo Alto Networks\u0027 and industry best practices. However, if you have not already, we strongly recommend that you secure access to your management interface according to our \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"\u003ebest practice deployment guidelines\u003c/a\u003e. Specifically, you should restrict management interface access to only trusted internal IP addresses.\u003c/p\u003e\u003cp\u003eReview information about how to secure management access to your Palo Alto Networks firewalls:\u003c/p\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"\u003e\u003c/a\u003e\u003cul\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"\u003e\u003c/a\u003e\u003cli\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"\u003e\u003c/a\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"\u003ePalo Alto Networks LIVEcommunity article\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices\"\u003ePalo Alto Networks official and detailed technical documentation\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eCustomers with a Threat Prevention subscription can block attacks for this vulnerability by enabling Threat ID 510030 (from Applications and Threats content version 9122-10145 and later). For these Threat IDs to protect against attacks for this vulnerability:\u003c/p\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#id59206398-3dab-4b2f-9b4b-7ea500d036ba\"\u003e\u003c/a\u003e\u003cul\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#id59206398-3dab-4b2f-9b4b-7ea500d036ba\"\u003e\u003c/a\u003e\u003cli\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#id59206398-3dab-4b2f-9b4b-7ea500d036ba\"\u003e\u003c/a\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#id59206398-3dab-4b2f-9b4b-7ea500d036ba\"\u003eRoute incoming traffic for the MGT port through a DP port\u003c/a\u003e\u0026nbsp;e.g., enabling management profile on a DP interface for management access\u003c/li\u003e\u003cli\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#id112f7714-8995-4496-bbf9-781e63dec71c\"\u003eReplace the Certificate for Inbound Traffic Management\u003c/a\u003e.\u003c/li\u003e\u003cli\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#idbbd82587-17a2-42b4-9245-d3714e1e13a2\"\u003eDecrypt inbound traffic to the management interface\u003c/a\u003e\u0026nbsp;so the firewall can inspect it.\u003c/li\u003e\u003cli\u003eEnable threat prevention on the inbound traffic to management services.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003ePlease note that this Threat ID requires SSL Decryption.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e"
                }
              ],
              "value": "The vast majority of firewalls already follow Palo Alto Networks\u0027 and industry best practices. However, if you have not already, we strongly recommend that you secure access to your management interface according to our  best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . Specifically, you should restrict management interface access to only trusted internal IP addresses.\n\n\n\nReview information about how to secure management access to your Palo Alto Networks firewalls:\n\n  https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431   https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431   *    https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431  Palo Alto Networks LIVEcommunity article https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 \n  *   Palo Alto Networks official and detailed technical documentation https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices \n\n\n\n\nCustomers with a Threat Prevention subscription can block attacks for this vulnerability by enabling Threat ID 510030 (from Applications and Threats content version 9122-10145 and later). For these Threat IDs to protect against attacks for this vulnerability:\n\n  https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#id59206398-3dab-4b2f-9b4b-7ea500d036ba   https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#id59206398-3dab-4b2f-9b4b-7ea500d036ba   *    https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#id59206398-3dab-4b2f-9b4b-7ea500d036ba  Route incoming traffic for the MGT port through a DP port https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#id59206398-3dab-4b2f-9b4b-7ea500d036ba \u00a0e.g., enabling management profile on a DP interface for management access\n  *   Replace the Certificate for Inbound Traffic Management https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#id112f7714-8995-4496-bbf9-781e63dec71c .\n  *   Decrypt inbound traffic to the management interface https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#idbbd82587-17a2-42b4-9245-d3714e1e13a2 \u00a0so the firewall can inspect it.\n  *  Enable threat prevention on the inbound traffic to management services.\n\n\n\n\nPlease note that this Threat ID requires SSL Decryption."
            }
          ],
          "x_affectedList": [
            "PAN-OS 12.1.7",
            "PAN-OS 12.1.6",
            "PAN-OS 12.1.5",
            "PAN-OS 12.1.4-h6",
            "PAN-OS 12.1.4-h5",
            "PAN-OS 12.1.4-h3",
            "PAN-OS 12.1.4-h2",
            "PAN-OS 12.1.4",
            "PAN-OS 12.1.3-h3",
            "PAN-OS 12.1.3-h1",
            "PAN-OS 12.1.3",
            "PAN-OS 12.1.2",
            "PAN-OS 11.2.12",
            "PAN-OS 11.2.11",
            "PAN-OS 11.2.10-h8",
            "PAN-OS 11.2.10-h7",
            "PAN-OS 11.2.10-h6",
            "PAN-OS 11.2.10-h5",
            "PAN-OS 11.2.10-h4",
            "PAN-OS 11.2.10-h3",
            "PAN-OS 11.2.10-h2",
            "PAN-OS 11.2.10-h1",
            "PAN-OS 11.2.10",
            "PAN-OS 11.2.9",
            "PAN-OS 11.2.8",
            "PAN-OS 11.2.7-h15",
            "PAN-OS 11.2.7-h14",
            "PAN-OS 11.2.7-h13",
            "PAN-OS 11.2.7-h12",
            "PAN-OS 11.2.7-h11",
            "PAN-OS 11.2.7-h10",
            "PAN-OS 11.2.7-h8",
            "PAN-OS 11.2.7-h7",
            "PAN-OS 11.2.7-h4",
            "PAN-OS 11.2.7-h3",
            "PAN-OS 11.2.7-h2",
            "PAN-OS 11.2.7-h1",
            "PAN-OS 11.2.7",
            "PAN-OS 11.2.6",
            "PAN-OS 11.2.5",
            "PAN-OS 11.2.4-h17",
            "PAN-OS 11.2.4-h15",
            "PAN-OS 11.2.4-h14",
            "PAN-OS 11.2.4-h12",
            "PAN-OS 11.2.4-h11",
            "PAN-OS 11.2.4-h10",
            "PAN-OS 11.2.4-h9",
            "PAN-OS 11.2.4-h8",
            "PAN-OS 11.2.4-h7",
            "PAN-OS 11.2.4-h6",
            "PAN-OS 11.2.4-h5",
            "PAN-OS 11.2.4-h4",
            "PAN-OS 11.2.4-h3",
            "PAN-OS 11.2.4-h2",
            "PAN-OS 11.2.4-h1",
            "PAN-OS 11.2.4",
            "PAN-OS 11.2.3-h5",
            "PAN-OS 11.2.3-h4",
            "PAN-OS 11.2.3-h3",
            "PAN-OS 11.2.3-h2",
            "PAN-OS 11.2.3-h1",
            "PAN-OS 11.2.3",
            "PAN-OS 11.2.2-h2",
            "PAN-OS 11.2.2-h1",
            "PAN-OS 11.2.1-h1",
            "PAN-OS 11.2.1",
            "PAN-OS 11.2.0-h1",
            "PAN-OS 11.2.0",
            "PAN-OS 11.1.15",
            "PAN-OS 11.1.14",
            "PAN-OS 11.1.13-h6",
            "PAN-OS 11.1.13-h5",
            "PAN-OS 11.1.13-h3",
            "PAN-OS 11.1.13-h2",
            "PAN-OS 11.1.13-h1",
            "PAN-OS 11.1.13",
            "PAN-OS 11.1.12",
            "PAN-OS 11.1.11",
            "PAN-OS 11.1.10-h26",
            "PAN-OS 11.1.10-h25",
            "PAN-OS 11.1.10-h21",
            "PAN-OS 11.1.10-h12",
            "PAN-OS 11.1.10-h10",
            "PAN-OS 11.1.10-h9",
            "PAN-OS 11.1.10-h7",
            "PAN-OS 11.1.10-h5",
            "PAN-OS 11.1.10-h4",
            "PAN-OS 11.1.10-h1",
            "PAN-OS 11.1.10",
            "PAN-OS 11.1.9",
            "PAN-OS 11.1.8",
            "PAN-OS 11.1.6-h32",
            "PAN-OS 11.1.6-h29",
            "PAN-OS 11.1.6-h25",
            "PAN-OS 11.1.6-h23",
            "PAN-OS 11.1.6-h22",
            "PAN-OS 11.1.6-h21",
            "PAN-OS 11.1.6-h20",
            "PAN-OS 11.1.6-h19",
            "PAN-OS 11.1.6-h18",
            "PAN-OS 11.1.6-h17",
            "PAN-OS 11.1.6-h14",
            "PAN-OS 11.1.6-h10",
            "PAN-OS 11.1.6-h7",
            "PAN-OS 11.1.6-h6",
            "PAN-OS 11.1.6-h4",
            "PAN-OS 11.1.6-h3",
            "PAN-OS 11.1.6-h2",
            "PAN-OS 11.1.6-h1",
            "PAN-OS 11.1.6",
            "PAN-OS 11.1.5-h1",
            "PAN-OS 11.1.5",
            "PAN-OS 11.1.4-h33",
            "PAN-OS 11.1.4-h32",
            "PAN-OS 11.1.4-h27",
            "PAN-OS 11.1.4-h25",
            "PAN-OS 11.1.4-h18",
            "PAN-OS 11.1.4-h17",
            "PAN-OS 11.1.4-h15",
            "PAN-OS 11.1.4-h13",
            "PAN-OS 11.1.4-h12",
            "PAN-OS 11.1.4-h11",
            "PAN-OS 11.1.4-h10",
            "PAN-OS 11.1.4-h9",
            "PAN-OS 11.1.4-h8",
            "PAN-OS 11.1.4-h7",
            "PAN-OS 11.1.4-h6",
            "PAN-OS 11.1.4-h5",
            "PAN-OS 11.1.4-h4",
            "PAN-OS 11.1.4-h3",
            "PAN-OS 11.1.4-h2",
            "PAN-OS 11.1.4-h1",
            "PAN-OS 11.1.4",
            "PAN-OS 11.1.3-h13",
            "PAN-OS 11.1.3-h12",
            "PAN-OS 11.1.3-h11",
            "PAN-OS 11.1.3-h10",
            "PAN-OS 11.1.3-h9",
            "PAN-OS 11.1.3-h8",
            "PAN-OS 11.1.3-h7",
            "PAN-OS 11.1.3-h6",
            "PAN-OS 11.1.3-h5",
            "PAN-OS 11.1.3-h4",
            "PAN-OS 11.1.3-h3",
            "PAN-OS 11.1.3-h2",
            "PAN-OS 11.1.3-h1",
            "PAN-OS 11.1.3",
            "PAN-OS 11.1.2-h18",
            "PAN-OS 11.1.2-h17",
            "PAN-OS 11.1.2-h16",
            "PAN-OS 11.1.2-h15",
            "PAN-OS 11.1.2-h14",
            "PAN-OS 11.1.2-h13",
            "PAN-OS 11.1.2-h12",
            "PAN-OS 11.1.2-h11",
            "PAN-OS 11.1.2-h10",
            "PAN-OS 11.1.2-h9",
            "PAN-OS 11.1.2-h8",
            "PAN-OS 11.1.2-h7",
            "PAN-OS 11.1.2-h6",
            "PAN-OS 11.1.2-h5",
            "PAN-OS 11.1.2-h4",
            "PAN-OS 11.1.2-h3",
            "PAN-OS 11.1.2-h2",
            "PAN-OS 11.1.2-h1",
            "PAN-OS 11.1.2",
            "PAN-OS 11.1.1-h2",
            "PAN-OS 11.1.1-h1",
            "PAN-OS 11.1.1",
            "PAN-OS 11.1.0-h4",
            "PAN-OS 11.1.0-h3",
            "PAN-OS 11.1.0-h2",
            "PAN-OS 11.1.0-h1",
            "PAN-OS 11.1.0",
            "PAN-OS 10.2.18-h6",
            "PAN-OS 10.2.18-h5",
            "PAN-OS 10.2.18-h1",
            "PAN-OS 10.2.18",
            "PAN-OS 10.2.17",
            "PAN-OS 10.2.16-h7",
            "PAN-OS 10.2.16-h6",
            "PAN-OS 10.2.16-h4",
            "PAN-OS 10.2.16-h1",
            "PAN-OS 10.2.16",
            "PAN-OS 10.2.15",
            "PAN-OS 10.2.14-h1",
            "PAN-OS 10.2.14",
            "PAN-OS 10.2.13-h21",
            "PAN-OS 10.2.13-h18",
            "PAN-OS 10.2.13-h16",
            "PAN-OS 10.2.13-h15",
            "PAN-OS 10.2.13-h10",
            "PAN-OS 10.2.13-h7",
            "PAN-OS 10.2.13-h5",
            "PAN-OS 10.2.13-h4",
            "PAN-OS 10.2.13-h3",
            "PAN-OS 10.2.13-h2",
            "PAN-OS 10.2.13-h1",
            "PAN-OS 10.2.13",
            "PAN-OS 10.2.12-h6",
            "PAN-OS 10.2.12-h5",
            "PAN-OS 10.2.12-h4",
            "PAN-OS 10.2.12-h3",
            "PAN-OS 10.2.12-h2",
            "PAN-OS 10.2.12-h1",
            "PAN-OS 10.2.12",
            "PAN-OS 10.2.11-h13",
            "PAN-OS 10.2.11-h12",
            "PAN-OS 10.2.11-h11",
            "PAN-OS 10.2.11-h10",
            "PAN-OS 10.2.11-h9",
            "PAN-OS 10.2.11-h8",
            "PAN-OS 10.2.11-h7",
            "PAN-OS 10.2.11-h6",
            "PAN-OS 10.2.11-h5",
            "PAN-OS 10.2.11-h4",
            "PAN-OS 10.2.11-h3",
            "PAN-OS 10.2.11-h2",
            "PAN-OS 10.2.11-h1",
            "PAN-OS 10.2.11",
            "PAN-OS 10.2.10-h36",
            "PAN-OS 10.2.10-h31",
            "PAN-OS 10.2.10-h30",
            "PAN-OS 10.2.10-h27",
            "PAN-OS 10.2.10-h26",
            "PAN-OS 10.2.10-h23",
            "PAN-OS 10.2.10-h21",
            "PAN-OS 10.2.10-h18",
            "PAN-OS 10.2.10-h17",
            "PAN-OS 10.2.10-h14",
            "PAN-OS 10.2.10-h13",
            "PAN-OS 10.2.10-h12",
            "PAN-OS 10.2.10-h11",
            "PAN-OS 10.2.10-h10",
            "PAN-OS 10.2.10-h9",
            "PAN-OS 10.2.10-h8",
            "PAN-OS 10.2.10-h7",
            "PAN-OS 10.2.10-h6",
            "PAN-OS 10.2.10-h5",
            "PAN-OS 10.2.10-h4",
            "PAN-OS 10.2.10-h3",
            "PAN-OS 10.2.10-h2",
            "PAN-OS 10.2.10-h1",
            "PAN-OS 10.2.10",
            "PAN-OS 10.2.9-h21",
            "PAN-OS 10.2.9-h20",
            "PAN-OS 10.2.9-h19",
            "PAN-OS 10.2.9-h18",
            "PAN-OS 10.2.9-h17",
            "PAN-OS 10.2.9-h16",
            "PAN-OS 10.2.9-h15",
            "PAN-OS 10.2.9-h14",
            "PAN-OS 10.2.9-h13",
            "PAN-OS 10.2.9-h12",
            "PAN-OS 10.2.9-h11",
            "PAN-OS 10.2.9-h10",
            "PAN-OS 10.2.9-h9",
            "PAN-OS 10.2.9-h8",
            "PAN-OS 10.2.9-h7",
            "PAN-OS 10.2.9-h6",
            "PAN-OS 10.2.9-h5",
            "PAN-OS 10.2.9-h4",
            "PAN-OS 10.2.9-h3",
            "PAN-OS 10.2.9-h2",
            "PAN-OS 10.2.9-h1",
            "PAN-OS 10.2.9",
            "PAN-OS 10.2.8-h21",
            "PAN-OS 10.2.8-h20",
            "PAN-OS 10.2.8-h19",
            "PAN-OS 10.2.8-h18",
            "PAN-OS 10.2.8-h17",
            "PAN-OS 10.2.8-h16",
            "PAN-OS 10.2.8-h15",
            "PAN-OS 10.2.8-h14",
            "PAN-OS 10.2.8-h13",
            "PAN-OS 10.2.8-h12",
            "PAN-OS 10.2.8-h11",
            "PAN-OS 10.2.8-h10",
            "PAN-OS 10.2.8-h9",
            "PAN-OS 10.2.8-h8",
            "PAN-OS 10.2.8-h7",
            "PAN-OS 10.2.8-h6",
            "PAN-OS 10.2.8-h5",
            "PAN-OS 10.2.8-h4",
            "PAN-OS 10.2.8-h3",
            "PAN-OS 10.2.8-h2",
            "PAN-OS 10.2.8-h1",
            "PAN-OS 10.2.8",
            "PAN-OS 10.2.7-h34",
            "PAN-OS 10.2.7-h32",
            "PAN-OS 10.2.7-h24",
            "PAN-OS 10.2.7-h23",
            "PAN-OS 10.2.7-h22",
            "PAN-OS 10.2.7-h21",
            "PAN-OS 10.2.7-h20",
            "PAN-OS 10.2.7-h19",
            "PAN-OS 10.2.7-h18",
            "PAN-OS 10.2.7-h17",
            "PAN-OS 10.2.7-h16",
            "PAN-OS 10.2.7-h15",
            "PAN-OS 10.2.7-h14",
            "PAN-OS 10.2.7-h13",
            "PAN-OS 10.2.7-h12",
            "PAN-OS 10.2.7-h11",
            "PAN-OS 10.2.7-h10",
            "PAN-OS 10.2.7-h9",
            "PAN-OS 10.2.7-h8",
            "PAN-OS 10.2.7-h7",
            "PAN-OS 10.2.7-h6",
            "PAN-OS 10.2.7-h5",
            "PAN-OS 10.2.7-h4",
            "PAN-OS 10.2.7-h3",
            "PAN-OS 10.2.7-h2",
            "PAN-OS 10.2.7-h1",
            "PAN-OS 10.2.7",
            "PAN-OS 10.2.6-h6",
            "PAN-OS 10.2.6-h5",
            "PAN-OS 10.2.6-h4",
            "PAN-OS 10.2.6-h3",
            "PAN-OS 10.2.6-h2",
            "PAN-OS 10.2.6-h1",
            "PAN-OS 10.2.6",
            "PAN-OS 10.2.5-h9",
            "PAN-OS 10.2.5-h8",
            "PAN-OS 10.2.5-h7",
            "PAN-OS 10.2.5-h6",
            "PAN-OS 10.2.5-h5",
            "PAN-OS 10.2.5-h4",
            "PAN-OS 10.2.5-h3",
            "PAN-OS 10.2.5-h2",
            "PAN-OS 10.2.5-h1",
            "PAN-OS 10.2.5",
            "PAN-OS 10.2.4-h32",
            "PAN-OS 10.2.4-h31",
            "PAN-OS 10.2.4-h30",
            "PAN-OS 10.2.4-h29",
            "PAN-OS 10.2.4-h28",
            "PAN-OS 10.2.4-h27",
            "PAN-OS 10.2.4-h26",
            "PAN-OS 10.2.4-h25",
            "PAN-OS 10.2.4-h24",
            "PAN-OS 10.2.4-h23",
            "PAN-OS 10.2.4-h22",
            "PAN-OS 10.2.4-h21",
            "PAN-OS 10.2.4-h20",
            "PAN-OS 10.2.4-h19",
            "PAN-OS 10.2.4-h18",
            "PAN-OS 10.2.4-h17",
            "PAN-OS 10.2.4-h16",
            "PAN-OS 10.2.4-h15",
            "PAN-OS 10.2.4-h14",
            "PAN-OS 10.2.4-h13",
            "PAN-OS 10.2.4-h12",
            "PAN-OS 10.2.4-h11",
            "PAN-OS 10.2.4-h10",
            "PAN-OS 10.2.4-h9",
            "PAN-OS 10.2.4-h8",
            "PAN-OS 10.2.4-h7",
            "PAN-OS 10.2.4-h6",
            "PAN-OS 10.2.4-h5",
            "PAN-OS 10.2.4-h4",
            "PAN-OS 10.2.4-h3",
            "PAN-OS 10.2.4-h2",
            "PAN-OS 10.2.4-h1",
            "PAN-OS 10.2.4",
            "PAN-OS 10.2.3-h14",
            "PAN-OS 10.2.3-h13",
            "PAN-OS 10.2.3-h12",
            "PAN-OS 10.2.3-h11",
            "PAN-OS 10.2.3-h10",
            "PAN-OS 10.2.3-h9",
            "PAN-OS 10.2.3-h8",
            "PAN-OS 10.2.3-h7",
            "PAN-OS 10.2.3-h6",
            "PAN-OS 10.2.3-h5",
            "PAN-OS 10.2.3-h4",
            "PAN-OS 10.2.3-h3",
            "PAN-OS 10.2.3-h2",
            "PAN-OS 10.2.3-h1",
            "PAN-OS 10.2.3",
            "PAN-OS 10.2.2-h6",
            "PAN-OS 10.2.2-h5",
            "PAN-OS 10.2.2-h4",
            "PAN-OS 10.2.2-h3",
            "PAN-OS 10.2.2-h2",
            "PAN-OS 10.2.2-h1",
            "PAN-OS 10.2.2",
            "PAN-OS 10.2.1-h3",
            "PAN-OS 10.2.1-h2",
            "PAN-OS 10.2.1-h1",
            "PAN-OS 10.2.1",
            "PAN-OS 10.2.0-h4",
            "PAN-OS 10.2.0-h3",
            "PAN-OS 10.2.0-h2",
            "PAN-OS 10.2.0-h1",
            "PAN-OS 10.2.0"
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "assignerShortName": "palo_alto",
        "cveId": "CVE-2026-0285",
        "datePublished": "2026-07-09T18:58:14.563Z",
        "dateReserved": "2025-11-03T20:44:43.620Z",
        "dateUpdated": "2026-07-09T19:25:44.255Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0286 (GCVE-0-2026-0286)

    Vulnerability from cvelistv5 – Published: 2026-07-09 18:56 – Updated: 2026-07-09 19:26
    VLAI
    Title
    PAN-OS: Authenticated Command Injection in CLI
    Summary
    A command injection vulnerability in the management plane of Palo Alto Networks PAN-OS® software enables an authenticated administrator to execute arbitrary OS commands as root. The security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators. This issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series). Cloud NGFW and Prisma Access® are not impacted by this vulnerability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Palo Alto Networks Cloud NGFW Unaffected: All (custom)
    Create a notification for this product.
    Palo Alto Networks PAN-OS Affected: 12.1.0 , < 12.1.8 (custom)
    Affected: 11.2.0 , < 11.2.13 (custom)
    Affected: 11.1.0 , < 11.1.16 (custom)
    Affected: 10.2.0 , < 10.2.18-h8 (custom)
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.12:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h13:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.15:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.14:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h26:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h25:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h32:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h29:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h25:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h23:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h22:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h20:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h19:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h33:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h32:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h27:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h25:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h13:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h16:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h36:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h31:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h30:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h27:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h26:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h23:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h13:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h34:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h32:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h24:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h23:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h22:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h20:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h19:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h16:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h13:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Palo Alto Networks Prisma Access Unaffected: All (custom)
    Create a notification for this product.
    Date Public
    2026-07-08 16:00
    Credits
    Curious of TRAPA Security our internal security research teams
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0286",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T19:25:55.330135Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T19:26:01.748Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Cloud NGFW",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h13:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h26:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h25:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h32:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h29:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h25:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h23:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h22:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h20:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h19:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h33:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h32:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h27:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h25:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h13:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h16:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h36:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h31:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h30:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h27:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h26:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h23:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h13:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h34:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h32:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h24:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h23:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h22:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h20:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h19:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h16:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h13:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "PAN-OS",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "12.1.8",
                      "status": "unaffected"
                    },
                    {
                      "at": "12.1.7-h2",
                      "status": "unaffected"
                    },
                    {
                      "at": "12.1.4-h8",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "12.1.8",
                  "status": "affected",
                  "version": "12.1.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "11.2.13",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.2.10-h11",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.2.7-h18",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.2.4-h20",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "11.2.13",
                  "status": "affected",
                  "version": "11.2.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "11.1.16",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.13-h9",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.10-h30",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.7-h8",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.6-h35",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.4-h35",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "11.1.16",
                  "status": "affected",
                  "version": "11.1.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "10.2.18-h8",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.16-h9",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.13-h23",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.10-h39",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.7-h36",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "10.2.18-h8",
                  "status": "affected",
                  "version": "10.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Prisma Access",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "configurations": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "No special configuration is required to be affected by this issue."
                }
              ],
              "value": "No special configuration is required to be affected by this issue."
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "12.1.8",
                      "versionStartIncluding": "12.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "12.1.7-h2",
                      "versionStartIncluding": "12.1.7",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "12.1.4-h8",
                      "versionStartIncluding": "12.1.4",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.2.13",
                      "versionStartIncluding": "11.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.2.10-h11",
                      "versionStartIncluding": "11.2.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.2.7-h18",
                      "versionStartIncluding": "11.2.7",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.2.4-h20",
                      "versionStartIncluding": "11.2.4",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.16",
                      "versionStartIncluding": "11.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.13-h9",
                      "versionStartIncluding": "11.1.13",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.10-h30",
                      "versionStartIncluding": "11.1.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.7-h8",
                      "versionStartIncluding": "11.1.7",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.6-h35",
                      "versionStartIncluding": "11.1.6",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.4-h35",
                      "versionStartIncluding": "11.1.4",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.18-h8",
                      "versionStartIncluding": "10.2.18",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.16-h9",
                      "versionStartIncluding": "10.2.16",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.13-h23",
                      "versionStartIncluding": "10.2.13",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.10-h39",
                      "versionStartIncluding": "10.2.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.7-h36",
                      "versionStartIncluding": "10.2.7",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Curious of TRAPA Security"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "our internal security research teams"
            }
          ],
          "datePublic": "2026-07-08T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eA command injection vulnerability in the management plane of Palo Alto Networks PAN-OS\u00ae software enables an authenticated administrator to execute arbitrary OS commands as root.\u003c/p\u003e\u003cp\u003eThe security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators.\u003c/p\u003e\u003cp\u003eThis issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series).\u003c/p\u003e\u003cp\u003eCloud NGFW and Prisma Access\u00ae  are not impacted by this vulnerability.\u003c/p\u003e"
                }
              ],
              "value": "A command injection vulnerability in the management plane of Palo Alto Networks PAN-OS\u00ae software enables an authenticated administrator to execute arbitrary OS commands as root.\n\n\n\nThe security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators.\n\n\n\nThis issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series).\n\n\n\nCloud NGFW and Prisma Access\u00ae  are not impacted by this vulnerability."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
                }
              ],
              "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-88",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-88 OS Command Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NO",
                "Recovery": "USER",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "UNREPORTED",
                "privilegesRequired": "HIGH",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T18:56:29.289Z",
            "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
            "shortName": "palo_alto"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.paloaltonetworks.com/CVE-2026-0286"
            }
          ],
          "solutions": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003ctable class=\"tbl\"\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eVersion\u003cbr\u003e\u003c/th\u003e\u003cth\u003eMinor Version\u003cbr\u003e\u003c/th\u003e\u003cth\u003eSuggested Solution\u003cbr\u003e\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eCloud NGFW All\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003ePAN-OS 12.1\u003cbr\u003e\u003c/td\u003e\n                                \u003ctd\u003e12.1.5 through 12.1.7\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 12.1.7-h2 or 12.1.8 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e12.1.2 through 12.1.4\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 12.1.4-h8 or 12.1.8 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003ePAN-OS 11.2\u003cbr\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.2.11 through 11.2.12\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.2.13 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.2.8 through 11.2.10\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.2.10-h11 or 11.2.13 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.2.5 through 11.2.7\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.2.7-h18 or 11.2.13 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.2.0 through 11.2.4\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.2.4-h20 or 11.2.13 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003ePAN-OS 11.1\u003cbr\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.1.14 through 11.1.15\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.1.16 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.1.11 through 11.1.13\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.1.13-h9 or 11.1.16 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.1.8 through 11.1.10\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.1.10-h30 or 11.1.16 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.1.7 through 11.1.7\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.1.7-h8 or 11.1.16 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.1.5 through 11.1.6\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.1.6-h35 or 11.1.16 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.1.0 through 11.1.4\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.1.4-h35 or 11.1.16 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003ePAN-OS 10.2\u003cbr\u003e\u003c/td\u003e\n                                \u003ctd\u003e10.2.17 through 10.2.18\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 10.2.18-h8 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e10.2.14 through 10.2.16\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 10.2.16-h9 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e10.2.11 through 10.2.13\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 10.2.13-h23 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e10.2.8 through 10.2.10\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 10.2.10-h39 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e10.2.0 through 10.2.7\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 10.2.7-h36 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eAll older\u003cbr\u003eunsupported\u003cbr\u003ePAN-OS versions\u003c/td\u003e\u003ctd\u003e\u0026nbsp;\u003c/td\u003e\u003ctd\u003eUpgrade to a supported fixed version.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePrisma Access\u0026nbsp;\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e"
                }
              ],
              "value": "Version\nMinor Version\nSuggested Solution\nCloud NGFW All\nNo action needed.\n                                PAN-OS 12.1\n\n                                12.1.5 through 12.1.7-h*\n                                Upgrade to 12.1.7-h2 or 12.1.8 or later.\n                            \n                                \n                                12.1.2 through 12.1.4-h*\n                                Upgrade to 12.1.4-h8 or 12.1.8 or later.\n                            \n                                PAN-OS 11.2\n\n                                11.2.11 through 11.2.12\n                                Upgrade to 11.2.13 or later.\n                            \n                                \n                                11.2.8 through 11.2.10-h*\n                                Upgrade to 11.2.10-h11 or 11.2.13 or later.\n                            \n                                \n                                11.2.5 through 11.2.7-h*\n                                Upgrade to 11.2.7-h18 or 11.2.13 or later.\n                            \n                                \n                                11.2.0 through 11.2.4-h*\n                                Upgrade to 11.2.4-h20 or 11.2.13 or later.\n                            \n                                PAN-OS 11.1\n\n                                11.1.14 through 11.1.15\n                                Upgrade to 11.1.16 or later.\n                            \n                                \n                                11.1.11 through 11.1.13-h*\n                                Upgrade to 11.1.13-h9 or 11.1.16 or later.\n                            \n                                \n                                11.1.8 through 11.1.10-h*\n                                Upgrade to 11.1.10-h30 or 11.1.16 or later.\n                            \n                                \n                                11.1.7 through 11.1.7-h*\n                                Upgrade to 11.1.7-h8 or 11.1.16 or later.\n                            \n                                \n                                11.1.5 through 11.1.6-h*\n                                Upgrade to 11.1.6-h35 or 11.1.16 or later.\n                            \n                                \n                                11.1.0 through 11.1.4-h*\n                                Upgrade to 11.1.4-h35 or 11.1.16 or later.\n                            \n                                PAN-OS 10.2\n\n                                10.2.17 through 10.2.18-h*\n                                Upgrade to 10.2.18-h8 or later.\n                            \n                                \n                                10.2.14 through 10.2.16-h*\n                                Upgrade to 10.2.16-h9 or later.\n                            \n                                \n                                10.2.11 through 10.2.13-h*\n                                Upgrade to 10.2.13-h23 or later.\n                            \n                                \n                                10.2.8 through 10.2.10-h*\n                                Upgrade to 10.2.10-h39 or later.\n                            \n                                \n                                10.2.0 through 10.2.7-h*\n                                Upgrade to 10.2.7-h36 or later.\n                            All older\nunsupported\nPAN-OS versions\u00a0Upgrade to a supported fixed version.Prisma Access\u00a0\n\nNo action needed."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-08T16:00:00.000Z",
              "value": "Initial Publication"
            }
          ],
          "title": "PAN-OS: Authenticated Command Injection in CLI",
          "workarounds": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003e\u003c/p\u003e\u003cp\u003eCustomers with a Threat Prevention subscription are provided with limited coverage against this vulnerability by enabling Threat ID 510036 (from Applications and Threats content version 9122-10145 and later). For these Threat IDs to protect against attacks for this vulnerability:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#id59206398-3dab-4b2f-9b4b-7ea500d036ba\"\u003eRoute incoming traffic for the MGT port through a DP port\u003c/a\u003e, e.g., enabling management profile on a DP interface for management access.\u003c/li\u003e\u003cli\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#id112f7714-8995-4496-bbf9-781e63dec71c\"\u003eReplace the Certificate for Inbound Traffic Management\u003c/a\u003e.\u0026nbsp;\u003c/li\u003e\u003cli\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#idbbd82587-17a2-42b4-9245-d3714e1e13a2\"\u003eDecrypt inbound traffic to the management\u0026nbsp;interface\u0026nbsp;so the firewall can inspect it.\u003c/a\u003e\u003c/li\u003e\u003cli\u003eEnable threat prevention on the inbound traffic to management services.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003ePlease note that this Threat ID requires SSL Decryption.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e"
                }
              ],
              "value": "Customers with a Threat Prevention subscription are provided with limited coverage against this vulnerability by enabling Threat ID 510036 (from Applications and Threats content version 9122-10145 and later). For these Threat IDs to protect against attacks for this vulnerability:\n\n\n\n\n\n  *   Route incoming traffic for the MGT port through a DP port https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#id59206398-3dab-4b2f-9b4b-7ea500d036ba , e.g., enabling management profile on a DP interface for management access.\n  *   Replace the Certificate for Inbound Traffic Management https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#id112f7714-8995-4496-bbf9-781e63dec71c .\u00a0\n  *   Decrypt inbound traffic to the management\u00a0interface\u00a0so the firewall can inspect it. https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#idbbd82587-17a2-42b4-9245-d3714e1e13a2 \n  *  Enable threat prevention on the inbound traffic to management services.\n\n\n\n\n\n\n\n\nPlease note that this Threat ID requires SSL Decryption."
            }
          ],
          "x_affectedList": [
            "PAN-OS 12.1.7",
            "PAN-OS 12.1.6",
            "PAN-OS 12.1.5",
            "PAN-OS 12.1.4-h6",
            "PAN-OS 12.1.4-h5",
            "PAN-OS 12.1.4-h3",
            "PAN-OS 12.1.4-h2",
            "PAN-OS 12.1.4",
            "PAN-OS 12.1.3-h3",
            "PAN-OS 12.1.3-h1",
            "PAN-OS 12.1.3",
            "PAN-OS 12.1.2",
            "PAN-OS 11.2.12",
            "PAN-OS 11.2.11",
            "PAN-OS 11.2.10-h8",
            "PAN-OS 11.2.10-h7",
            "PAN-OS 11.2.10-h6",
            "PAN-OS 11.2.10-h5",
            "PAN-OS 11.2.10-h4",
            "PAN-OS 11.2.10-h3",
            "PAN-OS 11.2.10-h2",
            "PAN-OS 11.2.10-h1",
            "PAN-OS 11.2.10",
            "PAN-OS 11.2.9",
            "PAN-OS 11.2.8",
            "PAN-OS 11.2.7-h15",
            "PAN-OS 11.2.7-h14",
            "PAN-OS 11.2.7-h13",
            "PAN-OS 11.2.7-h12",
            "PAN-OS 11.2.7-h11",
            "PAN-OS 11.2.7-h10",
            "PAN-OS 11.2.7-h8",
            "PAN-OS 11.2.7-h7",
            "PAN-OS 11.2.7-h4",
            "PAN-OS 11.2.7-h3",
            "PAN-OS 11.2.7-h2",
            "PAN-OS 11.2.7-h1",
            "PAN-OS 11.2.7",
            "PAN-OS 11.2.6",
            "PAN-OS 11.2.5",
            "PAN-OS 11.2.4-h17",
            "PAN-OS 11.2.4-h15",
            "PAN-OS 11.2.4-h14",
            "PAN-OS 11.2.4-h12",
            "PAN-OS 11.2.4-h11",
            "PAN-OS 11.2.4-h10",
            "PAN-OS 11.2.4-h9",
            "PAN-OS 11.2.4-h8",
            "PAN-OS 11.2.4-h7",
            "PAN-OS 11.2.4-h6",
            "PAN-OS 11.2.4-h5",
            "PAN-OS 11.2.4-h4",
            "PAN-OS 11.2.4-h3",
            "PAN-OS 11.2.4-h2",
            "PAN-OS 11.2.4-h1",
            "PAN-OS 11.2.4",
            "PAN-OS 11.2.3-h5",
            "PAN-OS 11.2.3-h4",
            "PAN-OS 11.2.3-h3",
            "PAN-OS 11.2.3-h2",
            "PAN-OS 11.2.3-h1",
            "PAN-OS 11.2.3",
            "PAN-OS 11.2.2-h2",
            "PAN-OS 11.2.2-h1",
            "PAN-OS 11.2.1-h1",
            "PAN-OS 11.2.1",
            "PAN-OS 11.2.0-h1",
            "PAN-OS 11.2.0",
            "PAN-OS 11.1.15",
            "PAN-OS 11.1.14",
            "PAN-OS 11.1.13-h6",
            "PAN-OS 11.1.13-h5",
            "PAN-OS 11.1.13-h3",
            "PAN-OS 11.1.13-h2",
            "PAN-OS 11.1.13-h1",
            "PAN-OS 11.1.13",
            "PAN-OS 11.1.12",
            "PAN-OS 11.1.11",
            "PAN-OS 11.1.10-h26",
            "PAN-OS 11.1.10-h25",
            "PAN-OS 11.1.10-h21",
            "PAN-OS 11.1.10-h12",
            "PAN-OS 11.1.10-h10",
            "PAN-OS 11.1.10-h9",
            "PAN-OS 11.1.10-h7",
            "PAN-OS 11.1.10-h5",
            "PAN-OS 11.1.10-h4",
            "PAN-OS 11.1.10-h1",
            "PAN-OS 11.1.10",
            "PAN-OS 11.1.9",
            "PAN-OS 11.1.8",
            "PAN-OS 11.1.6-h32",
            "PAN-OS 11.1.6-h29",
            "PAN-OS 11.1.6-h25",
            "PAN-OS 11.1.6-h23",
            "PAN-OS 11.1.6-h22",
            "PAN-OS 11.1.6-h21",
            "PAN-OS 11.1.6-h20",
            "PAN-OS 11.1.6-h19",
            "PAN-OS 11.1.6-h18",
            "PAN-OS 11.1.6-h17",
            "PAN-OS 11.1.6-h14",
            "PAN-OS 11.1.6-h10",
            "PAN-OS 11.1.6-h7",
            "PAN-OS 11.1.6-h6",
            "PAN-OS 11.1.6-h4",
            "PAN-OS 11.1.6-h3",
            "PAN-OS 11.1.6-h2",
            "PAN-OS 11.1.6-h1",
            "PAN-OS 11.1.6",
            "PAN-OS 11.1.5-h1",
            "PAN-OS 11.1.5",
            "PAN-OS 11.1.4-h33",
            "PAN-OS 11.1.4-h32",
            "PAN-OS 11.1.4-h27",
            "PAN-OS 11.1.4-h25",
            "PAN-OS 11.1.4-h18",
            "PAN-OS 11.1.4-h17",
            "PAN-OS 11.1.4-h15",
            "PAN-OS 11.1.4-h13",
            "PAN-OS 11.1.4-h12",
            "PAN-OS 11.1.4-h11",
            "PAN-OS 11.1.4-h10",
            "PAN-OS 11.1.4-h9",
            "PAN-OS 11.1.4-h8",
            "PAN-OS 11.1.4-h7",
            "PAN-OS 11.1.4-h6",
            "PAN-OS 11.1.4-h5",
            "PAN-OS 11.1.4-h4",
            "PAN-OS 11.1.4-h3",
            "PAN-OS 11.1.4-h2",
            "PAN-OS 11.1.4-h1",
            "PAN-OS 11.1.4",
            "PAN-OS 11.1.3-h13",
            "PAN-OS 11.1.3-h12",
            "PAN-OS 11.1.3-h11",
            "PAN-OS 11.1.3-h10",
            "PAN-OS 11.1.3-h9",
            "PAN-OS 11.1.3-h8",
            "PAN-OS 11.1.3-h7",
            "PAN-OS 11.1.3-h6",
            "PAN-OS 11.1.3-h5",
            "PAN-OS 11.1.3-h4",
            "PAN-OS 11.1.3-h3",
            "PAN-OS 11.1.3-h2",
            "PAN-OS 11.1.3-h1",
            "PAN-OS 11.1.3",
            "PAN-OS 11.1.2-h18",
            "PAN-OS 11.1.2-h17",
            "PAN-OS 11.1.2-h16",
            "PAN-OS 11.1.2-h15",
            "PAN-OS 11.1.2-h14",
            "PAN-OS 11.1.2-h13",
            "PAN-OS 11.1.2-h12",
            "PAN-OS 11.1.2-h11",
            "PAN-OS 11.1.2-h10",
            "PAN-OS 11.1.2-h9",
            "PAN-OS 11.1.2-h8",
            "PAN-OS 11.1.2-h7",
            "PAN-OS 11.1.2-h6",
            "PAN-OS 11.1.2-h5",
            "PAN-OS 11.1.2-h4",
            "PAN-OS 11.1.2-h3",
            "PAN-OS 11.1.2-h2",
            "PAN-OS 11.1.2-h1",
            "PAN-OS 11.1.2",
            "PAN-OS 11.1.1-h2",
            "PAN-OS 11.1.1-h1",
            "PAN-OS 11.1.1",
            "PAN-OS 11.1.0-h4",
            "PAN-OS 11.1.0-h3",
            "PAN-OS 11.1.0-h2",
            "PAN-OS 11.1.0-h1",
            "PAN-OS 11.1.0",
            "PAN-OS 10.2.18-h6",
            "PAN-OS 10.2.18-h5",
            "PAN-OS 10.2.18-h1",
            "PAN-OS 10.2.18",
            "PAN-OS 10.2.17",
            "PAN-OS 10.2.16-h7",
            "PAN-OS 10.2.16-h6",
            "PAN-OS 10.2.16-h4",
            "PAN-OS 10.2.16-h1",
            "PAN-OS 10.2.16",
            "PAN-OS 10.2.15",
            "PAN-OS 10.2.14-h1",
            "PAN-OS 10.2.14",
            "PAN-OS 10.2.13-h21",
            "PAN-OS 10.2.13-h18",
            "PAN-OS 10.2.13-h16",
            "PAN-OS 10.2.13-h15",
            "PAN-OS 10.2.13-h10",
            "PAN-OS 10.2.13-h7",
            "PAN-OS 10.2.13-h5",
            "PAN-OS 10.2.13-h4",
            "PAN-OS 10.2.13-h3",
            "PAN-OS 10.2.13-h2",
            "PAN-OS 10.2.13-h1",
            "PAN-OS 10.2.13",
            "PAN-OS 10.2.12-h6",
            "PAN-OS 10.2.12-h5",
            "PAN-OS 10.2.12-h4",
            "PAN-OS 10.2.12-h3",
            "PAN-OS 10.2.12-h2",
            "PAN-OS 10.2.12-h1",
            "PAN-OS 10.2.12",
            "PAN-OS 10.2.11-h13",
            "PAN-OS 10.2.11-h12",
            "PAN-OS 10.2.11-h11",
            "PAN-OS 10.2.11-h10",
            "PAN-OS 10.2.11-h9",
            "PAN-OS 10.2.11-h8",
            "PAN-OS 10.2.11-h7",
            "PAN-OS 10.2.11-h6",
            "PAN-OS 10.2.11-h5",
            "PAN-OS 10.2.11-h4",
            "PAN-OS 10.2.11-h3",
            "PAN-OS 10.2.11-h2",
            "PAN-OS 10.2.11-h1",
            "PAN-OS 10.2.11",
            "PAN-OS 10.2.10-h36",
            "PAN-OS 10.2.10-h31",
            "PAN-OS 10.2.10-h30",
            "PAN-OS 10.2.10-h27",
            "PAN-OS 10.2.10-h26",
            "PAN-OS 10.2.10-h23",
            "PAN-OS 10.2.10-h21",
            "PAN-OS 10.2.10-h18",
            "PAN-OS 10.2.10-h17",
            "PAN-OS 10.2.10-h14",
            "PAN-OS 10.2.10-h13",
            "PAN-OS 10.2.10-h12",
            "PAN-OS 10.2.10-h11",
            "PAN-OS 10.2.10-h10",
            "PAN-OS 10.2.10-h9",
            "PAN-OS 10.2.10-h8",
            "PAN-OS 10.2.10-h7",
            "PAN-OS 10.2.10-h6",
            "PAN-OS 10.2.10-h5",
            "PAN-OS 10.2.10-h4",
            "PAN-OS 10.2.10-h3",
            "PAN-OS 10.2.10-h2",
            "PAN-OS 10.2.10-h1",
            "PAN-OS 10.2.10",
            "PAN-OS 10.2.9-h21",
            "PAN-OS 10.2.9-h20",
            "PAN-OS 10.2.9-h19",
            "PAN-OS 10.2.9-h18",
            "PAN-OS 10.2.9-h17",
            "PAN-OS 10.2.9-h16",
            "PAN-OS 10.2.9-h15",
            "PAN-OS 10.2.9-h14",
            "PAN-OS 10.2.9-h13",
            "PAN-OS 10.2.9-h12",
            "PAN-OS 10.2.9-h11",
            "PAN-OS 10.2.9-h10",
            "PAN-OS 10.2.9-h9",
            "PAN-OS 10.2.9-h8",
            "PAN-OS 10.2.9-h7",
            "PAN-OS 10.2.9-h6",
            "PAN-OS 10.2.9-h5",
            "PAN-OS 10.2.9-h4",
            "PAN-OS 10.2.9-h3",
            "PAN-OS 10.2.9-h2",
            "PAN-OS 10.2.9-h1",
            "PAN-OS 10.2.9",
            "PAN-OS 10.2.8-h21",
            "PAN-OS 10.2.8-h20",
            "PAN-OS 10.2.8-h19",
            "PAN-OS 10.2.8-h18",
            "PAN-OS 10.2.8-h17",
            "PAN-OS 10.2.8-h16",
            "PAN-OS 10.2.8-h15",
            "PAN-OS 10.2.8-h14",
            "PAN-OS 10.2.8-h13",
            "PAN-OS 10.2.8-h12",
            "PAN-OS 10.2.8-h11",
            "PAN-OS 10.2.8-h10",
            "PAN-OS 10.2.8-h9",
            "PAN-OS 10.2.8-h8",
            "PAN-OS 10.2.8-h7",
            "PAN-OS 10.2.8-h6",
            "PAN-OS 10.2.8-h5",
            "PAN-OS 10.2.8-h4",
            "PAN-OS 10.2.8-h3",
            "PAN-OS 10.2.8-h2",
            "PAN-OS 10.2.8-h1",
            "PAN-OS 10.2.8",
            "PAN-OS 10.2.7-h34",
            "PAN-OS 10.2.7-h32",
            "PAN-OS 10.2.7-h24",
            "PAN-OS 10.2.7-h23",
            "PAN-OS 10.2.7-h22",
            "PAN-OS 10.2.7-h21",
            "PAN-OS 10.2.7-h20",
            "PAN-OS 10.2.7-h19",
            "PAN-OS 10.2.7-h18",
            "PAN-OS 10.2.7-h17",
            "PAN-OS 10.2.7-h16",
            "PAN-OS 10.2.7-h15",
            "PAN-OS 10.2.7-h14",
            "PAN-OS 10.2.7-h13",
            "PAN-OS 10.2.7-h12",
            "PAN-OS 10.2.7-h11",
            "PAN-OS 10.2.7-h10",
            "PAN-OS 10.2.7-h9",
            "PAN-OS 10.2.7-h8",
            "PAN-OS 10.2.7-h7",
            "PAN-OS 10.2.7-h6",
            "PAN-OS 10.2.7-h5",
            "PAN-OS 10.2.7-h4",
            "PAN-OS 10.2.7-h3",
            "PAN-OS 10.2.7-h2",
            "PAN-OS 10.2.7-h1",
            "PAN-OS 10.2.7",
            "PAN-OS 10.2.6-h6",
            "PAN-OS 10.2.6-h5",
            "PAN-OS 10.2.6-h4",
            "PAN-OS 10.2.6-h3",
            "PAN-OS 10.2.6-h2",
            "PAN-OS 10.2.6-h1",
            "PAN-OS 10.2.6",
            "PAN-OS 10.2.5-h9",
            "PAN-OS 10.2.5-h8",
            "PAN-OS 10.2.5-h7",
            "PAN-OS 10.2.5-h6",
            "PAN-OS 10.2.5-h5",
            "PAN-OS 10.2.5-h4",
            "PAN-OS 10.2.5-h3",
            "PAN-OS 10.2.5-h2",
            "PAN-OS 10.2.5-h1",
            "PAN-OS 10.2.5",
            "PAN-OS 10.2.4-h32",
            "PAN-OS 10.2.4-h31",
            "PAN-OS 10.2.4-h30",
            "PAN-OS 10.2.4-h29",
            "PAN-OS 10.2.4-h28",
            "PAN-OS 10.2.4-h27",
            "PAN-OS 10.2.4-h26",
            "PAN-OS 10.2.4-h25",
            "PAN-OS 10.2.4-h24",
            "PAN-OS 10.2.4-h23",
            "PAN-OS 10.2.4-h22",
            "PAN-OS 10.2.4-h21",
            "PAN-OS 10.2.4-h20",
            "PAN-OS 10.2.4-h19",
            "PAN-OS 10.2.4-h18",
            "PAN-OS 10.2.4-h17",
            "PAN-OS 10.2.4-h16",
            "PAN-OS 10.2.4-h15",
            "PAN-OS 10.2.4-h14",
            "PAN-OS 10.2.4-h13",
            "PAN-OS 10.2.4-h12",
            "PAN-OS 10.2.4-h11",
            "PAN-OS 10.2.4-h10",
            "PAN-OS 10.2.4-h9",
            "PAN-OS 10.2.4-h8",
            "PAN-OS 10.2.4-h7",
            "PAN-OS 10.2.4-h6",
            "PAN-OS 10.2.4-h5",
            "PAN-OS 10.2.4-h4",
            "PAN-OS 10.2.4-h3",
            "PAN-OS 10.2.4-h2",
            "PAN-OS 10.2.4-h1",
            "PAN-OS 10.2.4",
            "PAN-OS 10.2.3-h14",
            "PAN-OS 10.2.3-h13",
            "PAN-OS 10.2.3-h12",
            "PAN-OS 10.2.3-h11",
            "PAN-OS 10.2.3-h10",
            "PAN-OS 10.2.3-h9",
            "PAN-OS 10.2.3-h8",
            "PAN-OS 10.2.3-h7",
            "PAN-OS 10.2.3-h6",
            "PAN-OS 10.2.3-h5",
            "PAN-OS 10.2.3-h4",
            "PAN-OS 10.2.3-h3",
            "PAN-OS 10.2.3-h2",
            "PAN-OS 10.2.3-h1",
            "PAN-OS 10.2.3",
            "PAN-OS 10.2.2-h6",
            "PAN-OS 10.2.2-h5",
            "PAN-OS 10.2.2-h4",
            "PAN-OS 10.2.2-h3",
            "PAN-OS 10.2.2-h2",
            "PAN-OS 10.2.2-h1",
            "PAN-OS 10.2.2",
            "PAN-OS 10.2.1-h3",
            "PAN-OS 10.2.1-h2",
            "PAN-OS 10.2.1-h1",
            "PAN-OS 10.2.1",
            "PAN-OS 10.2.0-h4",
            "PAN-OS 10.2.0-h3",
            "PAN-OS 10.2.0-h2",
            "PAN-OS 10.2.0-h1",
            "PAN-OS 10.2.0"
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "assignerShortName": "palo_alto",
        "cveId": "CVE-2026-0286",
        "datePublished": "2026-07-09T18:56:29.289Z",
        "dateReserved": "2025-11-03T20:44:44.429Z",
        "dateUpdated": "2026-07-09T19:26:01.748Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0287 (GCVE-0-2026-0287)

    Vulnerability from cvelistv5 – Published: 2026-07-09 18:51 – Updated: 2026-07-09 19:26
    VLAI
    Title
    PAN-OS: Denial of Service Vulnerabilities in Network Traffic Processing
    Summary
    Multiple denial of service vulnerabilities in Palo Alto Networks PAN-OS® software allow an unauthenticated attacker with network access to cause a denial of service (DoS) condition by sending specially crafted network traffic to or through a dataplane interface. Repeated attempts to trigger this condition result in the firewall entering maintenance mode. Panorama is not impacted by these vulnerabilities.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-754 - Improper Check for Unusual or Exceptional Conditions
    Assigner
    References
    Impacted products
    Vendor Product Version
    Palo Alto Networks Cloud NGFW Affected: All (custom)
    Create a notification for this product.
    Palo Alto Networks PAN-OS Affected: 12.1.0 , < 12.1.4-h8 (custom)
    Affected: 11.2.0 , < 11.2.4-h20 (custom)
    Affected: 11.1.0 , < 11.1.4-h35 (custom)
    Affected: 10.2.0 , < 10.2.7-h36 (custom)
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.12:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h16:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h13:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.15:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.14:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h28:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h27:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h26:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h25:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h34:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h33:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h32:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h29:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h25:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h23:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h22:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h20:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h19:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h34:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h33:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h32:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h27:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h25:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h13:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h22:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h16:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h37:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h36:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h31:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h30:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h27:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h26:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h23:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h13:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h35:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h34:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h32:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h24:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h23:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h22:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h20:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h19:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h16:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h13:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Palo Alto Networks Prisma Access Affected: 11.2.0 , < 11.2.7-h18 (custom)
    Affected: 10.2.0 , < 10.2.10-h39 (custom)
    Create a notification for this product.
    Date Public
    2026-07-08 16:00
    Credits
    our internal security research teams
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0287",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T19:26:14.381516Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T19:26:20.257Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "platforms": [
                "AWS",
                "Azure"
              ],
              "product": "Cloud NGFW",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "status": "affected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h16:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h13:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h28:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h27:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h26:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h25:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h34:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h33:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h32:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h29:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h25:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h23:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h22:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h20:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h19:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h34:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h33:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h32:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h27:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h25:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h13:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h22:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h16:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h37:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h36:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h31:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h30:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h27:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h26:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h23:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h13:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h35:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h34:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h32:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h24:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h23:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h22:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h20:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h19:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h16:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h13:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "PAN-OS",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "12.1.4-h8",
                      "status": "unaffected"
                    },
                    {
                      "at": "12.1.7-h2",
                      "status": "unaffected"
                    },
                    {
                      "at": "12.1.8",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "12.1.4-h8",
                  "status": "affected",
                  "version": "12.1.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "11.2.4-h20",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.2.7-h18",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.2.10-h12",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.2.13",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "11.2.4-h20",
                  "status": "affected",
                  "version": "11.2.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "11.1.4-h35",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.6-h35",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.7-h8",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.10-h30",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.13-h9",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.16",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "11.1.4-h35",
                  "status": "affected",
                  "version": "11.1.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "10.2.7-h36",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.10-h39",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.13-h23",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.16-h9",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.18-h8",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "10.2.7-h36",
                  "status": "affected",
                  "version": "10.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Prisma Access",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "11.2.7-h18",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "11.2.7-h18",
                  "status": "affected",
                  "version": "11.2.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "10.2.10-h39",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "10.2.10-h39",
                  "status": "affected",
                  "version": "10.2.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "configurations": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "No special configuration is required to be affected by this issue."
                }
              ],
              "value": "No special configuration is required to be affected by this issue."
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:cloud_ngfw:*:*:*:*:*:AWS:*:*",
                      "versionStartIncluding": "all",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:cloud_ngfw:*:*:*:*:*:Azure:*:*",
                      "versionStartIncluding": "all",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "12.1.4-h8",
                      "versionStartIncluding": "12.1.4",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "12.1.7-h2",
                      "versionStartIncluding": "12.1.7",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "12.1.8",
                      "versionStartIncluding": "12.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.2.4-h20",
                      "versionStartIncluding": "11.2.4",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.2.7-h18",
                      "versionStartIncluding": "11.2.7",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.2.10-h12",
                      "versionStartIncluding": "11.2.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.2.13",
                      "versionStartIncluding": "11.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.4-h35",
                      "versionStartIncluding": "11.1.4",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.6-h35",
                      "versionStartIncluding": "11.1.6",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.7-h8",
                      "versionStartIncluding": "11.1.7",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.10-h30",
                      "versionStartIncluding": "11.1.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.13-h9",
                      "versionStartIncluding": "11.1.13",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.16",
                      "versionStartIncluding": "11.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.7-h36",
                      "versionStartIncluding": "10.2.7",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.10-h39",
                      "versionStartIncluding": "10.2.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.13-h23",
                      "versionStartIncluding": "10.2.13",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.16-h9",
                      "versionStartIncluding": "10.2.16",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.18-h8",
                      "versionStartIncluding": "10.2.18",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:prisma_access:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.2.7-h18",
                      "versionStartIncluding": "11.2.7",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:prisma_access:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.10-h39",
                      "versionStartIncluding": "10.2.10",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "our internal security research teams"
            }
          ],
          "datePublic": "2026-07-08T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Multiple denial of service vulnerabilities in Palo Alto Networks PAN-OS\u00ae software allow an unauthenticated attacker with network access to cause a denial of service (DoS) condition by sending specially crafted network traffic to or through a dataplane interface. Repeated attempts to trigger this condition result in the firewall entering maintenance mode.\u003cbr\u003e\u003cbr\u003ePanorama is not impacted by these vulnerabilities."
                }
              ],
              "value": "Multiple denial of service vulnerabilities in Palo Alto Networks PAN-OS\u00ae software allow an unauthenticated attacker with network access to cause a denial of service (DoS) condition by sending specially crafted network traffic to or through a dataplane interface. Repeated attempts to trigger this condition result in the firewall entering maintenance mode.\n\nPanorama is not impacted by these vulnerabilities."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
                }
              ],
              "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-153",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-153 Input Data Manipulation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NO",
                "Recovery": "USER",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.6,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "UNREPORTED",
                "privilegesRequired": "NONE",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "CONCENTRATED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:C/RE:M/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NO",
                "Recovery": "USER",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "ADJACENT",
                "baseScore": 4.6,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "UNREPORTED",
                "privilegesRequired": "LOW",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "CONCENTRATED",
                "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:C/RE:M/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "The risk of exploitation is lower for Prisma Access as it requires an authenticated user and the external network access to the dataplane interface is restricted."
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-754",
                  "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T18:51:42.539Z",
            "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
            "shortName": "palo_alto"
          },
          "references": [
            {
              "name": "https://security.paloaltonetworks.com/CVE-2026-PAN-323400",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.paloaltonetworks.com/CVE-2026-0287"
            }
          ],
          "solutions": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003ctable\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eVersion\u003c/th\u003e\u003cth\u003eMinor Version Range\u003c/th\u003e\u003cth\u003eSuggested Solution\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eCloud NGFW\u003c/td\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003eCustomers who prefer to upgrade can work with Palo Alto Networks support to schedule an on-demand software upgrade.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 12.1\u003c/td\u003e\u003ctd\u003e12.1.5 through 12.1.7-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 12.1.7-h2 or 12.1.8 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e12.1.2 through 12.1.4-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 12.1.4-h8 or 12.1.8 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 11.2\u003c/td\u003e\u003ctd\u003e11.2.11 through 11.2.12\u003c/td\u003e\u003ctd\u003eUpgrade to 11.2.13 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.2.8 through 11.2.10-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.2.10-h12 or 11.2.13 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.2.5 through 11.2.7-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.2.7-h18 or 11.2.13 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.2.0 through 11.2.4-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.2.4-h20 or 11.2.13 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 11.1\u003c/td\u003e\u003ctd\u003e11.1.14 through 11.1.15\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.16 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.1.11 through 11.1.13-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.13-h9 or 11.1.16 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.1.8 through 11.1.10-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.10-h30 or 11.1.16 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.1.7 through 11.1.7-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.7-h8 or 11.1.16 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.1.5 through 11.1.6-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.6-h35 or 11.1.16 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.1.0 through 11.1.4-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.4-h35 or 11.1.16 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 10.2\u003c/td\u003e\u003ctd\u003e10.2.17 through 10.2.18-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 10.2.18-h8 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e10.2.14 through 10.2.16-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 10.2.16-h9 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e10.2.11 through 10.2.13-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 10.2.13-h23 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e10.2.8 through 10.2.10-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 10.2.10-h39 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e10.2.0 through 10.2.7-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 10.2.7-h36 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eAll other older\u003cbr\u003eunsupported\u003cbr\u003ePAN-OS versions\u003c/td\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003eUpgrade to a supported fixed version.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePrisma Access 11.2\u003c/td\u003e\u003ctd\u003e11.2.0 through 11.2.7\u003c/td\u003e\u003ctd\u003eUpgrade to 11.2.7-h18 or later.*\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePrisma Access 10.2\u003c/td\u003e\u003ctd\u003e10.2.0 through 10.2.10\u003c/td\u003e\u003ctd\u003eUpgrade to 10.2.10-h39 or later.*\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cbr\u003e* See the note under Product Status for information regarding Cloud NGFW and Prisma Access upgrades."
                }
              ],
              "value": "VersionMinor Version RangeSuggested SolutionCloud NGFW\nCustomers who prefer to upgrade can work with Palo Alto Networks support to schedule an on-demand software upgrade.PAN-OS 12.112.1.5 through 12.1.7-h*Upgrade to 12.1.7-h2 or 12.1.8 or later.\n12.1.2 through 12.1.4-h*Upgrade to 12.1.4-h8 or 12.1.8 or later.PAN-OS 11.211.2.11 through 11.2.12Upgrade to 11.2.13 or later.\n11.2.8 through 11.2.10-h*Upgrade to 11.2.10-h12 or 11.2.13 or later.\n11.2.5 through 11.2.7-h*Upgrade to 11.2.7-h18 or 11.2.13 or later.\n11.2.0 through 11.2.4-h*Upgrade to 11.2.4-h20 or 11.2.13 or later.PAN-OS 11.111.1.14 through 11.1.15Upgrade to 11.1.16 or later.\n11.1.11 through 11.1.13-h*Upgrade to 11.1.13-h9 or 11.1.16 or later.\n11.1.8 through 11.1.10-h*Upgrade to 11.1.10-h30 or 11.1.16 or later.\n11.1.7 through 11.1.7-h*Upgrade to 11.1.7-h8 or 11.1.16 or later.\n11.1.5 through 11.1.6-h*Upgrade to 11.1.6-h35 or 11.1.16 or later.\n11.1.0 through 11.1.4-h*Upgrade to 11.1.4-h35 or 11.1.16 or later.PAN-OS 10.210.2.17 through 10.2.18-h*Upgrade to 10.2.18-h8 or later.\n10.2.14 through 10.2.16-h*Upgrade to 10.2.16-h9 or later.\n10.2.11 through 10.2.13-h*Upgrade to 10.2.13-h23 or later.\n10.2.8 through 10.2.10-h*Upgrade to 10.2.10-h39 or later.\n10.2.0 through 10.2.7-h*Upgrade to 10.2.7-h36 or later.All other older\nunsupported\nPAN-OS versions\nUpgrade to a supported fixed version.Prisma Access 11.211.2.0 through 11.2.7Upgrade to 11.2.7-h18 or later.*Prisma Access 10.210.2.0 through 10.2.10Upgrade to 10.2.10-h39 or later.*\n* See the note under Product Status for information regarding Cloud NGFW and Prisma Access upgrades."
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-08T16:00:00.000Z",
              "value": "Initial publication"
            }
          ],
          "title": "PAN-OS: Denial of Service Vulnerabilities in Network Traffic Processing",
          "workarounds": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "No known workarounds exist for this issue."
                }
              ],
              "value": "No known workarounds exist for this issue."
            }
          ],
          "x_affectedList": [
            "PAN-OS 12.1.7-h1",
            "PAN-OS 12.1.7",
            "PAN-OS 12.1.6",
            "PAN-OS 12.1.5",
            "PAN-OS 12.1.4-h7",
            "PAN-OS 12.1.4-h6",
            "PAN-OS 12.1.4-h5",
            "PAN-OS 12.1.4-h3",
            "PAN-OS 12.1.4-h2",
            "PAN-OS 12.1.4",
            "PAN-OS 12.1.3-h3",
            "PAN-OS 12.1.3-h1",
            "PAN-OS 12.1.3",
            "PAN-OS 12.1.2",
            "PAN-OS 11.2.12",
            "PAN-OS 11.2.11",
            "PAN-OS 11.2.10-h10",
            "PAN-OS 11.2.10-h9",
            "PAN-OS 11.2.10-h8",
            "PAN-OS 11.2.10-h7",
            "PAN-OS 11.2.10-h6",
            "PAN-OS 11.2.10-h5",
            "PAN-OS 11.2.10-h4",
            "PAN-OS 11.2.10-h3",
            "PAN-OS 11.2.10-h2",
            "PAN-OS 11.2.10-h1",
            "PAN-OS 11.2.10",
            "PAN-OS 11.2.9",
            "PAN-OS 11.2.8",
            "PAN-OS 11.2.7-h17",
            "PAN-OS 11.2.7-h16",
            "PAN-OS 11.2.7-h15",
            "PAN-OS 11.2.7-h14",
            "PAN-OS 11.2.7-h13",
            "PAN-OS 11.2.7-h12",
            "PAN-OS 11.2.7-h11",
            "PAN-OS 11.2.7-h10",
            "PAN-OS 11.2.7-h8",
            "PAN-OS 11.2.7-h7",
            "PAN-OS 11.2.7-h4",
            "PAN-OS 11.2.7-h3",
            "PAN-OS 11.2.7-h2",
            "PAN-OS 11.2.7-h1",
            "PAN-OS 11.2.7",
            "PAN-OS 11.2.6",
            "PAN-OS 11.2.5",
            "PAN-OS 11.2.4-h18",
            "PAN-OS 11.2.4-h17",
            "PAN-OS 11.2.4-h15",
            "PAN-OS 11.2.4-h14",
            "PAN-OS 11.2.4-h12",
            "PAN-OS 11.2.4-h11",
            "PAN-OS 11.2.4-h10",
            "PAN-OS 11.2.4-h9",
            "PAN-OS 11.2.4-h8",
            "PAN-OS 11.2.4-h7",
            "PAN-OS 11.2.4-h6",
            "PAN-OS 11.2.4-h5",
            "PAN-OS 11.2.4-h4",
            "PAN-OS 11.2.4-h3",
            "PAN-OS 11.2.4-h2",
            "PAN-OS 11.2.4-h1",
            "PAN-OS 11.2.4",
            "PAN-OS 11.2.3-h5",
            "PAN-OS 11.2.3-h4",
            "PAN-OS 11.2.3-h3",
            "PAN-OS 11.2.3-h2",
            "PAN-OS 11.2.3-h1",
            "PAN-OS 11.2.3",
            "PAN-OS 11.2.2-h2",
            "PAN-OS 11.2.2-h1",
            "PAN-OS 11.2.1-h1",
            "PAN-OS 11.2.1",
            "PAN-OS 11.2.0-h1",
            "PAN-OS 11.2.0",
            "PAN-OS 11.1.15",
            "PAN-OS 11.1.14",
            "PAN-OS 11.1.13-h8",
            "PAN-OS 11.1.13-h7",
            "PAN-OS 11.1.13-h6",
            "PAN-OS 11.1.13-h5",
            "PAN-OS 11.1.13-h3",
            "PAN-OS 11.1.13-h2",
            "PAN-OS 11.1.13-h1",
            "PAN-OS 11.1.13",
            "PAN-OS 11.1.12",
            "PAN-OS 11.1.11",
            "PAN-OS 11.1.10-h28",
            "PAN-OS 11.1.10-h27",
            "PAN-OS 11.1.10-h26",
            "PAN-OS 11.1.10-h25",
            "PAN-OS 11.1.10-h21",
            "PAN-OS 11.1.10-h12",
            "PAN-OS 11.1.10-h10",
            "PAN-OS 11.1.10-h9",
            "PAN-OS 11.1.10-h7",
            "PAN-OS 11.1.10-h5",
            "PAN-OS 11.1.10-h4",
            "PAN-OS 11.1.10-h1",
            "PAN-OS 11.1.10",
            "PAN-OS 11.1.9",
            "PAN-OS 11.1.8",
            "PAN-OS 11.1.6-h34",
            "PAN-OS 11.1.6-h33",
            "PAN-OS 11.1.6-h32",
            "PAN-OS 11.1.6-h29",
            "PAN-OS 11.1.6-h25",
            "PAN-OS 11.1.6-h23",
            "PAN-OS 11.1.6-h22",
            "PAN-OS 11.1.6-h21",
            "PAN-OS 11.1.6-h20",
            "PAN-OS 11.1.6-h19",
            "PAN-OS 11.1.6-h18",
            "PAN-OS 11.1.6-h17",
            "PAN-OS 11.1.6-h14",
            "PAN-OS 11.1.6-h10",
            "PAN-OS 11.1.6-h7",
            "PAN-OS 11.1.6-h6",
            "PAN-OS 11.1.6-h4",
            "PAN-OS 11.1.6-h3",
            "PAN-OS 11.1.6-h2",
            "PAN-OS 11.1.6-h1",
            "PAN-OS 11.1.6",
            "PAN-OS 11.1.5-h1",
            "PAN-OS 11.1.5",
            "PAN-OS 11.1.4-h34",
            "PAN-OS 11.1.4-h33",
            "PAN-OS 11.1.4-h32",
            "PAN-OS 11.1.4-h27",
            "PAN-OS 11.1.4-h25",
            "PAN-OS 11.1.4-h18",
            "PAN-OS 11.1.4-h17",
            "PAN-OS 11.1.4-h15",
            "PAN-OS 11.1.4-h13",
            "PAN-OS 11.1.4-h12",
            "PAN-OS 11.1.4-h11",
            "PAN-OS 11.1.4-h10",
            "PAN-OS 11.1.4-h9",
            "PAN-OS 11.1.4-h8",
            "PAN-OS 11.1.4-h7",
            "PAN-OS 11.1.4-h6",
            "PAN-OS 11.1.4-h5",
            "PAN-OS 11.1.4-h4",
            "PAN-OS 11.1.4-h3",
            "PAN-OS 11.1.4-h2",
            "PAN-OS 11.1.4-h1",
            "PAN-OS 11.1.4",
            "PAN-OS 11.1.3-h13",
            "PAN-OS 11.1.3-h12",
            "PAN-OS 11.1.3-h11",
            "PAN-OS 11.1.3-h10",
            "PAN-OS 11.1.3-h9",
            "PAN-OS 11.1.3-h8",
            "PAN-OS 11.1.3-h7",
            "PAN-OS 11.1.3-h6",
            "PAN-OS 11.1.3-h5",
            "PAN-OS 11.1.3-h4",
            "PAN-OS 11.1.3-h3",
            "PAN-OS 11.1.3-h2",
            "PAN-OS 11.1.3-h1",
            "PAN-OS 11.1.3",
            "PAN-OS 11.1.2-h18",
            "PAN-OS 11.1.2-h17",
            "PAN-OS 11.1.2-h16",
            "PAN-OS 11.1.2-h15",
            "PAN-OS 11.1.2-h14",
            "PAN-OS 11.1.2-h13",
            "PAN-OS 11.1.2-h12",
            "PAN-OS 11.1.2-h11",
            "PAN-OS 11.1.2-h10",
            "PAN-OS 11.1.2-h9",
            "PAN-OS 11.1.2-h8",
            "PAN-OS 11.1.2-h7",
            "PAN-OS 11.1.2-h6",
            "PAN-OS 11.1.2-h5",
            "PAN-OS 11.1.2-h4",
            "PAN-OS 11.1.2-h3",
            "PAN-OS 11.1.2-h2",
            "PAN-OS 11.1.2-h1",
            "PAN-OS 11.1.2",
            "PAN-OS 11.1.1-h2",
            "PAN-OS 11.1.1-h1",
            "PAN-OS 11.1.1",
            "PAN-OS 11.1.0-h4",
            "PAN-OS 11.1.0-h3",
            "PAN-OS 11.1.0-h2",
            "PAN-OS 11.1.0-h1",
            "PAN-OS 11.1.0",
            "PAN-OS 10.2.18-h7",
            "PAN-OS 10.2.18-h6",
            "PAN-OS 10.2.18-h5",
            "PAN-OS 10.2.18-h1",
            "PAN-OS 10.2.18",
            "PAN-OS 10.2.17",
            "PAN-OS 10.2.16-h8",
            "PAN-OS 10.2.16-h7",
            "PAN-OS 10.2.16-h6",
            "PAN-OS 10.2.16-h4",
            "PAN-OS 10.2.16-h1",
            "PAN-OS 10.2.16",
            "PAN-OS 10.2.15",
            "PAN-OS 10.2.14-h1",
            "PAN-OS 10.2.14",
            "PAN-OS 10.2.13-h22",
            "PAN-OS 10.2.13-h21",
            "PAN-OS 10.2.13-h18",
            "PAN-OS 10.2.13-h16",
            "PAN-OS 10.2.13-h15",
            "PAN-OS 10.2.13-h10",
            "PAN-OS 10.2.13-h7",
            "PAN-OS 10.2.13-h5",
            "PAN-OS 10.2.13-h4",
            "PAN-OS 10.2.13-h3",
            "PAN-OS 10.2.13-h2",
            "PAN-OS 10.2.13-h1",
            "PAN-OS 10.2.13",
            "PAN-OS 10.2.12-h6",
            "PAN-OS 10.2.12-h5",
            "PAN-OS 10.2.12-h4",
            "PAN-OS 10.2.12-h3",
            "PAN-OS 10.2.12-h2",
            "PAN-OS 10.2.12-h1",
            "PAN-OS 10.2.12",
            "PAN-OS 10.2.11-h13",
            "PAN-OS 10.2.11-h12",
            "PAN-OS 10.2.11-h11",
            "PAN-OS 10.2.11-h10",
            "PAN-OS 10.2.11-h9",
            "PAN-OS 10.2.11-h8",
            "PAN-OS 10.2.11-h7",
            "PAN-OS 10.2.11-h6",
            "PAN-OS 10.2.11-h5",
            "PAN-OS 10.2.11-h4",
            "PAN-OS 10.2.11-h3",
            "PAN-OS 10.2.11-h2",
            "PAN-OS 10.2.11-h1",
            "PAN-OS 10.2.11",
            "PAN-OS 10.2.10-h37",
            "PAN-OS 10.2.10-h36",
            "PAN-OS 10.2.10-h31",
            "PAN-OS 10.2.10-h30",
            "PAN-OS 10.2.10-h27",
            "PAN-OS 10.2.10-h26",
            "PAN-OS 10.2.10-h23",
            "PAN-OS 10.2.10-h21",
            "PAN-OS 10.2.10-h18",
            "PAN-OS 10.2.10-h17",
            "PAN-OS 10.2.10-h14",
            "PAN-OS 10.2.10-h13",
            "PAN-OS 10.2.10-h12",
            "PAN-OS 10.2.10-h11",
            "PAN-OS 10.2.10-h10",
            "PAN-OS 10.2.10-h9",
            "PAN-OS 10.2.10-h8",
            "PAN-OS 10.2.10-h7",
            "PAN-OS 10.2.10-h6",
            "PAN-OS 10.2.10-h5",
            "PAN-OS 10.2.10-h4",
            "PAN-OS 10.2.10-h3",
            "PAN-OS 10.2.10-h2",
            "PAN-OS 10.2.10-h1",
            "PAN-OS 10.2.10",
            "PAN-OS 10.2.9-h21",
            "PAN-OS 10.2.9-h20",
            "PAN-OS 10.2.9-h19",
            "PAN-OS 10.2.9-h18",
            "PAN-OS 10.2.9-h17",
            "PAN-OS 10.2.9-h16",
            "PAN-OS 10.2.9-h15",
            "PAN-OS 10.2.9-h14",
            "PAN-OS 10.2.9-h13",
            "PAN-OS 10.2.9-h12",
            "PAN-OS 10.2.9-h11",
            "PAN-OS 10.2.9-h10",
            "PAN-OS 10.2.9-h9",
            "PAN-OS 10.2.9-h8",
            "PAN-OS 10.2.9-h7",
            "PAN-OS 10.2.9-h6",
            "PAN-OS 10.2.9-h5",
            "PAN-OS 10.2.9-h4",
            "PAN-OS 10.2.9-h3",
            "PAN-OS 10.2.9-h2",
            "PAN-OS 10.2.9-h1",
            "PAN-OS 10.2.9",
            "PAN-OS 10.2.8-h21",
            "PAN-OS 10.2.8-h20",
            "PAN-OS 10.2.8-h19",
            "PAN-OS 10.2.8-h18",
            "PAN-OS 10.2.8-h17",
            "PAN-OS 10.2.8-h16",
            "PAN-OS 10.2.8-h15",
            "PAN-OS 10.2.8-h14",
            "PAN-OS 10.2.8-h13",
            "PAN-OS 10.2.8-h12",
            "PAN-OS 10.2.8-h11",
            "PAN-OS 10.2.8-h10",
            "PAN-OS 10.2.8-h9",
            "PAN-OS 10.2.8-h8",
            "PAN-OS 10.2.8-h7",
            "PAN-OS 10.2.8-h6",
            "PAN-OS 10.2.8-h5",
            "PAN-OS 10.2.8-h4",
            "PAN-OS 10.2.8-h3",
            "PAN-OS 10.2.8-h2",
            "PAN-OS 10.2.8-h1",
            "PAN-OS 10.2.8",
            "PAN-OS 10.2.7-h35",
            "PAN-OS 10.2.7-h34",
            "PAN-OS 10.2.7-h32",
            "PAN-OS 10.2.7-h24",
            "PAN-OS 10.2.7-h23",
            "PAN-OS 10.2.7-h22",
            "PAN-OS 10.2.7-h21",
            "PAN-OS 10.2.7-h20",
            "PAN-OS 10.2.7-h19",
            "PAN-OS 10.2.7-h18",
            "PAN-OS 10.2.7-h17",
            "PAN-OS 10.2.7-h16",
            "PAN-OS 10.2.7-h15",
            "PAN-OS 10.2.7-h14",
            "PAN-OS 10.2.7-h13",
            "PAN-OS 10.2.7-h12",
            "PAN-OS 10.2.7-h11",
            "PAN-OS 10.2.7-h10",
            "PAN-OS 10.2.7-h9",
            "PAN-OS 10.2.7-h8",
            "PAN-OS 10.2.7-h7",
            "PAN-OS 10.2.7-h6",
            "PAN-OS 10.2.7-h5",
            "PAN-OS 10.2.7-h4",
            "PAN-OS 10.2.7-h3",
            "PAN-OS 10.2.7-h2",
            "PAN-OS 10.2.7-h1",
            "PAN-OS 10.2.7",
            "PAN-OS 10.2.6-h6",
            "PAN-OS 10.2.6-h5",
            "PAN-OS 10.2.6-h4",
            "PAN-OS 10.2.6-h3",
            "PAN-OS 10.2.6-h2",
            "PAN-OS 10.2.6-h1",
            "PAN-OS 10.2.6",
            "PAN-OS 10.2.5-h9",
            "PAN-OS 10.2.5-h8",
            "PAN-OS 10.2.5-h7",
            "PAN-OS 10.2.5-h6",
            "PAN-OS 10.2.5-h5",
            "PAN-OS 10.2.5-h4",
            "PAN-OS 10.2.5-h3",
            "PAN-OS 10.2.5-h2",
            "PAN-OS 10.2.5-h1",
            "PAN-OS 10.2.5",
            "PAN-OS 10.2.4-h32",
            "PAN-OS 10.2.4-h31",
            "PAN-OS 10.2.4-h30",
            "PAN-OS 10.2.4-h29",
            "PAN-OS 10.2.4-h28",
            "PAN-OS 10.2.4-h27",
            "PAN-OS 10.2.4-h26",
            "PAN-OS 10.2.4-h25",
            "PAN-OS 10.2.4-h24",
            "PAN-OS 10.2.4-h23",
            "PAN-OS 10.2.4-h22",
            "PAN-OS 10.2.4-h21",
            "PAN-OS 10.2.4-h20",
            "PAN-OS 10.2.4-h19",
            "PAN-OS 10.2.4-h18",
            "PAN-OS 10.2.4-h17",
            "PAN-OS 10.2.4-h16",
            "PAN-OS 10.2.4-h15",
            "PAN-OS 10.2.4-h14",
            "PAN-OS 10.2.4-h13",
            "PAN-OS 10.2.4-h12",
            "PAN-OS 10.2.4-h11",
            "PAN-OS 10.2.4-h10",
            "PAN-OS 10.2.4-h9",
            "PAN-OS 10.2.4-h8",
            "PAN-OS 10.2.4-h7",
            "PAN-OS 10.2.4-h6",
            "PAN-OS 10.2.4-h5",
            "PAN-OS 10.2.4-h4",
            "PAN-OS 10.2.4-h3",
            "PAN-OS 10.2.4-h2",
            "PAN-OS 10.2.4-h1",
            "PAN-OS 10.2.4",
            "PAN-OS 10.2.3-h14",
            "PAN-OS 10.2.3-h13",
            "PAN-OS 10.2.3-h12",
            "PAN-OS 10.2.3-h11",
            "PAN-OS 10.2.3-h10",
            "PAN-OS 10.2.3-h9",
            "PAN-OS 10.2.3-h8",
            "PAN-OS 10.2.3-h7",
            "PAN-OS 10.2.3-h6",
            "PAN-OS 10.2.3-h5",
            "PAN-OS 10.2.3-h4",
            "PAN-OS 10.2.3-h3",
            "PAN-OS 10.2.3-h2",
            "PAN-OS 10.2.3-h1",
            "PAN-OS 10.2.3",
            "PAN-OS 10.2.2-h6",
            "PAN-OS 10.2.2-h5",
            "PAN-OS 10.2.2-h4",
            "PAN-OS 10.2.2-h3",
            "PAN-OS 10.2.2-h2",
            "PAN-OS 10.2.2-h1",
            "PAN-OS 10.2.2",
            "PAN-OS 10.2.1-h3",
            "PAN-OS 10.2.1-h2",
            "PAN-OS 10.2.1-h1",
            "PAN-OS 10.2.1",
            "PAN-OS 10.2.0-h4",
            "PAN-OS 10.2.0-h3",
            "PAN-OS 10.2.0-h2",
            "PAN-OS 10.2.0-h1",
            "PAN-OS 10.2.0"
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "assignerShortName": "palo_alto",
        "cveId": "CVE-2026-0287",
        "datePublished": "2026-07-09T18:51:42.539Z",
        "dateReserved": "2025-11-03T20:44:45.634Z",
        "dateUpdated": "2026-07-09T19:26:20.257Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0288 (GCVE-0-2026-0288)

    Vulnerability from cvelistv5 – Published: 2026-07-08 20:14 – Updated: 2026-07-09 18:48
    VLAI
    Title
    PAN-OS: Buffer Overflow Vulnerabilities in User-ID Terminal Server Agent
    Summary
    Multiple buffer overflow vulnerabilities in the User-ID Terminal Server Agent (TSA) component of Palo Alto Networks PAN-OS software allow an unauthenticated attacker with network access to cause a denial of service (DoS) condition or potentially execute arbitrary code by sending specially crafted network traffic. The security risk posed by this issue is minimized when the User-ID Terminal Server Agent connectivity is restricted to only trusted internal IP addresses according to our recommended best practice deployment guidelines https://docs.paloaltonetworks.com/ngfw/help/10-2/user-identification/device-user-identification-terminal-services-agents#:~:text=To%20minimize%20security%20risk%2C%20restrict%20TS%20Agent%20connectivity%20to%20trusted%20internal%20IP%20addresses%20only. . Panorama is not impacted by this vulnerability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Palo Alto Networks Cloud NGFW Unaffected: All (custom)
    Create a notification for this product.
    Palo Alto Networks PAN-OS Affected: 12.1.0 , < 12.1.8 (custom)
    Affected: 11.2.0 , < 11.2.13 (custom)
    Affected: 11.1.0 , < 11.1.16 (custom)
    Affected: 10.2.0 , < 10.2.7-h36 (custom)
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.12:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h16:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h13:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.15:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.14:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h28:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h27:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h26:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h25:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h34:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h33:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h32:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h29:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h25:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h23:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h22:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h20:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h19:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h34:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h33:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h32:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h27:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h25:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h13:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h22:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h16:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h37:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h36:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h31:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h30:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h27:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h26:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h23:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h13:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h35:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h34:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h32:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h24:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h23:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h22:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h21:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h20:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h19:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h18:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h17:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h16:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h15:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h14:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h13:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h12:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h11:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h10:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h9:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h8:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h7:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h6:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h5:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h4:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h3:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h2:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h1:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:-:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Palo Alto Networks Prisma Access Affected: 11.2.0 , < 11.2.7-h18 (custom)
    Affected: 10.2.0 , < 10.2.10-h39 (custom)
    Create a notification for this product.
    Date Public
    2026-07-08 16:00
    Credits
    Liang Zhu
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0288",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T03:55:51.922548Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T13:54:42.864Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "platforms": [
                "AWS",
                "Azure"
              ],
              "product": "Cloud NGFW",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h16:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h13:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h28:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h27:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h26:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h25:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h34:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h33:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h32:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h29:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h25:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h23:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h22:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h20:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h19:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h34:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h33:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h32:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h27:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h25:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h13:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h22:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h16:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h37:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h36:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h31:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h30:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h27:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h26:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h23:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h13:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h35:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h34:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h32:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h24:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h23:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h22:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h21:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h20:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h19:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h18:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h17:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h16:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h15:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h14:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h13:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h12:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h11:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h10:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h9:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h8:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h7:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h6:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h5:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h4:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h3:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h2:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h1:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:-:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "PAN-OS",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "12.1.8",
                      "status": "unaffected"
                    },
                    {
                      "at": "12.1.7-h2",
                      "status": "unaffected"
                    },
                    {
                      "at": "12.1.4-h8",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "12.1.8",
                  "status": "affected",
                  "version": "12.1.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "11.2.13",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.2.10-h12",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.2.7-h18",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.2.4-h20",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "11.2.13",
                  "status": "affected",
                  "version": "11.2.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "11.1.16",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.13-h9",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.10-h30",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.7-h8",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.6-h35",
                      "status": "unaffected"
                    },
                    {
                      "at": "11.1.4-h35",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "11.1.16",
                  "status": "affected",
                  "version": "11.1.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "10.2.18-h8",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.16-h9",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.13-h23",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.10-h39",
                      "status": "unaffected"
                    },
                    {
                      "at": "10.2.7-h36",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "10.2.7-h36",
                  "status": "affected",
                  "version": "10.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Prisma Access",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "11.2.7-h18",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "11.2.7-h18",
                  "status": "affected",
                  "version": "11.2.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "10.2.10-h39",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "10.2.10-h39",
                  "status": "affected",
                  "version": "10.2.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "configurations": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003e\u003cspan\u003eThis issue only affects PAN-OS devices with at least one Terminal Server Agent (TSA) entry configured\u003c/span\u003e\u003cb\u003e\u003cspan\u003e\u003cbr\u003e\u003c/span\u003e\u003cspan\u003e\u003cbr\u003e\u003c/span\u003e\u003c/b\u003e\u003cspan\u003eTo check if a PAN-OS device has a Terminal Server Agent configured, navigate to:\u003c/span\u003e\u003cb\u003e\u003cspan\u003e\u003cbr\u003e\u003c/span\u003e\u003cspan\u003e\u003cbr\u003e\u003c/span\u003e\u003c/b\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/ngfw/help/12-1/user-identification/device-user-identification-terminal-services-agents\"\u003e\u003cspan\u003eDevice \u0026gt; User Identification \u0026gt; Terminal Server Agents\u003c/span\u003e\u003c/a\u003e\u003cbr\u003e\u003c/p\u003e"
                }
              ],
              "value": "This issue only affects PAN-OS devices with at least one Terminal Server Agent (TSA) entry configured\n\nTo check if a PAN-OS device has a Terminal Server Agent configured, navigate to:\n\n Device \u003e User Identification \u003e Terminal Server Agents https://docs.paloaltonetworks.com/ngfw/help/12-1/user-identification/device-user-identification-terminal-services-agents"
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "12.1.8",
                      "versionStartIncluding": "12.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "12.1.7-h2",
                      "versionStartIncluding": "12.1.7",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "12.1.4-h8",
                      "versionStartIncluding": "12.1.4",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.2.13",
                      "versionStartIncluding": "11.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.2.10-h12",
                      "versionStartIncluding": "11.2.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.2.7-h18",
                      "versionStartIncluding": "11.2.7",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.2.4-h20",
                      "versionStartIncluding": "11.2.4",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.16",
                      "versionStartIncluding": "11.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.13-h9",
                      "versionStartIncluding": "11.1.13",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.10-h30",
                      "versionStartIncluding": "11.1.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.7-h8",
                      "versionStartIncluding": "11.1.7",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.6-h35",
                      "versionStartIncluding": "11.1.6",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.1.4-h35",
                      "versionStartIncluding": "11.1.4",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.18-h8",
                      "versionStartIncluding": "10.2.18",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.16-h9",
                      "versionStartIncluding": "10.2.16",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.13-h23",
                      "versionStartIncluding": "10.2.13",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.10-h39",
                      "versionStartIncluding": "10.2.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.7-h36",
                      "versionStartIncluding": "10.2.7",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:prisma_access:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.2.7-h18",
                      "versionStartIncluding": "11.2.7",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:palo_alto_networks:prisma_access:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.2.10-h39",
                      "versionStartIncluding": "10.2.10",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Liang Zhu"
            }
          ],
          "datePublic": "2026-07-08T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eMultiple buffer overflow vulnerabilities in the User-ID Terminal Server Agent (TSA) component of Palo Alto Networks PAN-OS software allow an unauthenticated attacker with network access to cause a denial of service (DoS) condition or potentially execute arbitrary code by sending specially crafted network traffic.\u003cb\u003e\u003cbr\u003e\u003cbr\u003e\u003c/b\u003eThe security risk posed by this issue is minimized when the User-ID Terminal Server Agent connectivity is restricted to only trusted internal IP addresses according to our recommended\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/ngfw/help/10-2/user-identification/device-user-identification-terminal-services-agents#:~:text=To%20minimize%20security%20risk%2C%20restrict%20TS%20Agent%20connectivity%20to%20trusted%20internal%20IP%20addresses%20only.\"\u003e best practice deployment guidelines\u003c/a\u003e.\u003cb\u003e\u003cbr\u003e\u003cbr\u003e\u003c/b\u003e\u003cspan\u003ePanorama is not impacted by this vulnerability.\u003c/span\u003e\u003cbr\u003e\u003c/p\u003e"
                }
              ],
              "value": "Multiple buffer overflow vulnerabilities in the User-ID Terminal Server Agent (TSA) component of Palo Alto Networks PAN-OS software allow an unauthenticated attacker with network access to cause a denial of service (DoS) condition or potentially execute arbitrary code by sending specially crafted network traffic.\n\nThe security risk posed by this issue is minimized when the User-ID Terminal Server Agent connectivity is restricted to only trusted internal IP addresses according to our recommended  best practice deployment guidelines https://docs.paloaltonetworks.com/ngfw/help/10-2/user-identification/device-user-identification-terminal-services-agents#:~:text=To%20minimize%20security%20risk%2C%20restrict%20TS%20Agent%20connectivity%20to%20trusted%20internal%20IP%20addresses%20only. .\n\nPanorama is not impacted by this vulnerability."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Palo Alto Networks is not aware of any malicious exploitation of these issues."
                }
              ],
              "value": "Palo Alto Networks is not aware of any malicious exploitation of these issues."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100 Overflow Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NO",
                "Recovery": "USER",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "exploitMaturity": "UNREPORTED",
                "privilegesRequired": "NONE",
                "providerUrgency": "RED",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "LOW",
                "userInteraction": "NONE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:U/AU:N/R:U/V:D/RE:M/U:Red",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "The risk is highest when you configure the User-ID Terminal Server Agent (TSA) IP and port access from the Internet or any untrusted network."
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NO",
                "Recovery": "USER",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "ADJACENT",
                "baseScore": 5.2,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "UNREPORTED",
                "privilegesRequired": "NONE",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "LOW",
                "userInteraction": "NONE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:U/AU:N/R:U/V:D/RE:M/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "You can reduce the risk of exploitation by restricting User-ID Terminal Server Agent (TSA) IP and port access to only trusted internal IP addresses and preventing its exposure to the internet."
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NO",
                "Recovery": "USER",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "ADJACENT",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "UNREPORTED",
                "privilegesRequired": "LOW",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "LOW",
                "userInteraction": "NONE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:U/AU:N/R:U/V:D/RE:M/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "The risk of exploitation is lower for Prisma Access as it requires an authenticated user and the external network access to the User-ID Terminal Server Agent (TSA) IP and port is restricted."
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T18:48:32.880Z",
            "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
            "shortName": "palo_alto"
          },
          "references": [
            {
              "name": "https://security.paloaltonetworks.com/CVE-2026-PAN-323400",
              "url": "https://security.paloaltonetworks.com/"
            }
          ],
          "solutions": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003ctable\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eVersion\u003cbr\u003e\u003c/th\u003e\u003cth\u003eMinor Version\u003cbr\u003e\u003c/th\u003e\u003cth\u003eSuggested Solution\u003cbr\u003e\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eCloud NGFW\u003c/td\u003e\u003ctd\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003ePAN-OS 12.1\u003cbr\u003e\u003c/td\u003e\n                                \u003ctd\u003e12.1.5 through 12.1.7-h*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 12.1.7-h2 or 12.1.8 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e12.1.2 through 12.1.4-h*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 12.1.4-h8 or 12.1.8 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003ePAN-OS 11.2\u003cbr\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.2.0 through 11.2.12\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.2.13 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.2.0 through 11.2.10-h*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.2.10-h12 or 11.2.13 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.2.0 through 11.2.7-h*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.2.7-h18 or 11.2.13 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.2.0 through 11.2.4-h*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.2.4-h20 or 11.2.13 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003ePAN-OS 11.1\u003cbr\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.1.0 through 11.1.15\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.1.16 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.1.0 through 11.1.13-h*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.1.13-h9 or 11.1.16 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.1.0 through 11.1.10-h*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.1.10-h30 or 11.1.16 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.1.0 through 11.1.7-h*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.1.7-h8 or 11.1.16 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.1.0 through 11.1.6-h*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.1.6-h35 or 11.1.16 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.1.0 through 11.1.4-h*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.1.4-h35 or 11.1.16 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003ePAN-OS 10.2\u003cbr\u003e\u003c/td\u003e\n                                \u003ctd\u003e10.2.0 through 10.2.18-h*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 10.2.18-h8 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u0026nbsp;\u003c/td\u003e\u003ctd\u003e10.2.0 through 10.2.16-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 10.2.16-h9 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e10.2.0 through 10.2.13-h*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 10.2.13-h23 or later.\u003cbr\u003e\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e10.2.0 through 10.2.10-h*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 10.2.10-h39 or later.\u003cbr\u003e\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003e\u003c/td\u003e\n                                \u003ctd\u003e10.2.0 through 10.2.7-h*\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 10.2.7-h36 or later.\u003cbr\u003e\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eAll older\u003cbr\u003eunsupported\u003cbr\u003ePAN-OS versions\u003c/td\u003e\u003ctd\u003e\u0026nbsp;\u003c/td\u003e\u003ctd\u003eUpgrade to a supported fixed version.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003ePrisma Access 11.2\u003cbr\u003e\u003c/td\u003e\n                                \u003ctd\u003e11.2.0 through 11.2.7\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 11.2.7-h18 or later.*\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003ePrisma Access 10.2\u003cbr\u003e\u003c/td\u003e\n                                \u003ctd\u003e10.2.0 through 10.2.10\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 10.2.10-h39 or later.*\u003cbr\u003e\u003c/td\u003e\n                            \u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cbr\u003e* See the note under Product Status for information regarding Prisma Access upgrades."
                }
              ],
              "value": "Version\nMinor Version\nSuggested Solution\nCloud NGFWNo action needed.\n                                PAN-OS 12.1\n\n                                12.1.5 through 12.1.7-h*\n                                Upgrade to 12.1.7-h2 or 12.1.8 or later.\n                            \n                                \n                                12.1.2 through 12.1.4-h*\n                                Upgrade to 12.1.4-h8 or 12.1.8 or later.\n                            \n                                PAN-OS 11.2\n\n                                11.2.0 through 11.2.12\n                                Upgrade to 11.2.13 or later.\n                            \n                                \n                                11.2.0 through 11.2.10-h*\n                                Upgrade to 11.2.10-h12 or 11.2.13 or later.\n                            \n                                \n                                11.2.0 through 11.2.7-h*\n                                Upgrade to 11.2.7-h18 or 11.2.13 or later.\n                            \n                                \n                                11.2.0 through 11.2.4-h*\n                                Upgrade to 11.2.4-h20 or 11.2.13 or later.\n                            \n                                PAN-OS 11.1\n\n                                11.1.0 through 11.1.15\n                                Upgrade to 11.1.16 or later.\n                            \n                                \n                                11.1.0 through 11.1.13-h*\n                                Upgrade to 11.1.13-h9 or 11.1.16 or later.\n                            \n                                \n                                11.1.0 through 11.1.10-h*\n                                Upgrade to 11.1.10-h30 or 11.1.16 or later.\n                            \n                                \n                                11.1.0 through 11.1.7-h*\n                                Upgrade to 11.1.7-h8 or 11.1.16 or later.\n                            \n                                \n                                11.1.0 through 11.1.6-h*\n                                Upgrade to 11.1.6-h35 or 11.1.16 or later.\n                            \n                                \n                                11.1.0 through 11.1.4-h*\n                                Upgrade to 11.1.4-h35 or 11.1.16 or later.\n                            \n                                PAN-OS 10.2\n\n                                10.2.0 through 10.2.18-h*\n                                Upgrade to 10.2.18-h8 or later.\n                            \u00a010.2.0 through 10.2.16-h*Upgrade to 10.2.16-h9 or later.\n                                \n                                10.2.0 through 10.2.13-h*\n                                Upgrade to 10.2.13-h23 or later.\n\n                            \n                                \n                                10.2.0 through 10.2.10-h*\n                                Upgrade to 10.2.10-h39 or later.\n\n                            \n                                \n                                10.2.0 through 10.2.7-h*\n                                Upgrade to 10.2.7-h36 or later.\n\n                            All older\nunsupported\nPAN-OS versions\u00a0Upgrade to a supported fixed version.\n                                Prisma Access 11.2\n\n                                11.2.0 through 11.2.7\n                                Upgrade to 11.2.7-h18 or later.*\n                            \n                                Prisma Access 10.2\n\n                                10.2.0 through 10.2.10\n                                Upgrade to 10.2.10-h39 or later.*\n\n                            \n* See the note under Product Status for information regarding Prisma Access upgrades."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-08T16:00:00.000Z",
              "value": "Initial publication"
            }
          ],
          "title": "PAN-OS: Buffer Overflow Vulnerabilities in User-ID Terminal Server Agent",
          "workarounds": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eThe vast majority of firewalls already follow Palo Alto Networks\u0027 and industry best practices. However, if you have not already, we strongly recommend that you restrict your User-ID Terminal Server Agent connectivity to only trusted internal IP addresses according to our\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/ngfw/help/10-2/user-identification/device-user-identification-terminal-services-agents#:~:text=To%20minimize%20security%20risk%2C%20restrict%20TS%20Agent%20connectivity%20to%20trusted%20internal%20IP%20addresses%20only.\"\u003ebest practice deployment guidelines\u003c/a\u003e\u003cbr\u003e\u003c/p\u003e"
                }
              ],
              "value": "The vast majority of firewalls already follow Palo Alto Networks\u0027 and industry best practices. However, if you have not already, we strongly recommend that you restrict your User-ID Terminal Server Agent connectivity to only trusted internal IP addresses according to our\u00a0 best practice deployment guidelines https://docs.paloaltonetworks.com/ngfw/help/10-2/user-identification/device-user-identification-terminal-services-agents#:~:text=To%20minimize%20security%20risk%2C%20restrict%20TS%20Agent%20connectivity%20to%20trusted%20internal%20IP%20addresses%20only."
            }
          ],
          "x_affectedList": [
            "PAN-OS 12.1.7",
            "PAN-OS 12.1.6",
            "PAN-OS 12.1.5",
            "PAN-OS 12.1.4-h6",
            "PAN-OS 12.1.4-h5",
            "PAN-OS 12.1.4-h3",
            "PAN-OS 12.1.4-h2",
            "PAN-OS 12.1.4",
            "PAN-OS 12.1.3-h3",
            "PAN-OS 12.1.3-h1",
            "PAN-OS 12.1.3",
            "PAN-OS 12.1.2",
            "PAN-OS 11.2.12",
            "PAN-OS 11.2.11",
            "PAN-OS 11.2.10-h8",
            "PAN-OS 11.2.10-h7",
            "PAN-OS 11.2.10-h6",
            "PAN-OS 11.2.10-h5",
            "PAN-OS 11.2.10-h4",
            "PAN-OS 11.2.10-h3",
            "PAN-OS 11.2.10-h2",
            "PAN-OS 11.2.10-h1",
            "PAN-OS 11.2.10",
            "PAN-OS 11.2.9",
            "PAN-OS 11.2.8",
            "PAN-OS 11.2.7-h15",
            "PAN-OS 11.2.7-h14",
            "PAN-OS 11.2.7-h13",
            "PAN-OS 11.2.7-h12",
            "PAN-OS 11.2.7-h11",
            "PAN-OS 11.2.7-h10",
            "PAN-OS 11.2.7-h8",
            "PAN-OS 11.2.7-h7",
            "PAN-OS 11.2.7-h4",
            "PAN-OS 11.2.7-h3",
            "PAN-OS 11.2.7-h2",
            "PAN-OS 11.2.7-h1",
            "PAN-OS 11.2.7",
            "PAN-OS 11.2.6",
            "PAN-OS 11.2.5",
            "PAN-OS 11.2.4-h17",
            "PAN-OS 11.2.4-h15",
            "PAN-OS 11.2.4-h14",
            "PAN-OS 11.2.4-h12",
            "PAN-OS 11.2.4-h11",
            "PAN-OS 11.2.4-h10",
            "PAN-OS 11.2.4-h9",
            "PAN-OS 11.2.4-h8",
            "PAN-OS 11.2.4-h7",
            "PAN-OS 11.2.4-h6",
            "PAN-OS 11.2.4-h5",
            "PAN-OS 11.2.4-h4",
            "PAN-OS 11.2.4-h3",
            "PAN-OS 11.2.4-h2",
            "PAN-OS 11.2.4-h1",
            "PAN-OS 11.2.4",
            "PAN-OS 11.2.3-h5",
            "PAN-OS 11.2.3-h4",
            "PAN-OS 11.2.3-h3",
            "PAN-OS 11.2.3-h2",
            "PAN-OS 11.2.3-h1",
            "PAN-OS 11.2.3",
            "PAN-OS 11.2.2-h2",
            "PAN-OS 11.2.2-h1",
            "PAN-OS 11.2.1-h1",
            "PAN-OS 11.2.1",
            "PAN-OS 11.2.0-h1",
            "PAN-OS 11.2.0",
            "PAN-OS 11.1.15",
            "PAN-OS 11.1.14",
            "PAN-OS 11.1.13-h6",
            "PAN-OS 11.1.13-h5",
            "PAN-OS 11.1.13-h3",
            "PAN-OS 11.1.13-h2",
            "PAN-OS 11.1.13-h1",
            "PAN-OS 11.1.13",
            "PAN-OS 11.1.12",
            "PAN-OS 11.1.11",
            "PAN-OS 11.1.10-h26",
            "PAN-OS 11.1.10-h25",
            "PAN-OS 11.1.10-h21",
            "PAN-OS 11.1.10-h12",
            "PAN-OS 11.1.10-h10",
            "PAN-OS 11.1.10-h9",
            "PAN-OS 11.1.10-h7",
            "PAN-OS 11.1.10-h5",
            "PAN-OS 11.1.10-h4",
            "PAN-OS 11.1.10-h1",
            "PAN-OS 11.1.10",
            "PAN-OS 11.1.9",
            "PAN-OS 11.1.8",
            "PAN-OS 11.1.6-h32",
            "PAN-OS 11.1.6-h29",
            "PAN-OS 11.1.6-h25",
            "PAN-OS 11.1.6-h23",
            "PAN-OS 11.1.6-h22",
            "PAN-OS 11.1.6-h21",
            "PAN-OS 11.1.6-h20",
            "PAN-OS 11.1.6-h19",
            "PAN-OS 11.1.6-h18",
            "PAN-OS 11.1.6-h17",
            "PAN-OS 11.1.6-h14",
            "PAN-OS 11.1.6-h10",
            "PAN-OS 11.1.6-h7",
            "PAN-OS 11.1.6-h6",
            "PAN-OS 11.1.6-h4",
            "PAN-OS 11.1.6-h3",
            "PAN-OS 11.1.6-h2",
            "PAN-OS 11.1.6-h1",
            "PAN-OS 11.1.6",
            "PAN-OS 11.1.5-h1",
            "PAN-OS 11.1.5",
            "PAN-OS 11.1.4-h33",
            "PAN-OS 11.1.4-h32",
            "PAN-OS 11.1.4-h27",
            "PAN-OS 11.1.4-h25",
            "PAN-OS 11.1.4-h18",
            "PAN-OS 11.1.4-h17",
            "PAN-OS 11.1.4-h15",
            "PAN-OS 11.1.4-h13",
            "PAN-OS 11.1.4-h12",
            "PAN-OS 11.1.4-h11",
            "PAN-OS 11.1.4-h10",
            "PAN-OS 11.1.4-h9",
            "PAN-OS 11.1.4-h8",
            "PAN-OS 11.1.4-h7",
            "PAN-OS 11.1.4-h6",
            "PAN-OS 11.1.4-h5",
            "PAN-OS 11.1.4-h4",
            "PAN-OS 11.1.4-h3",
            "PAN-OS 11.1.4-h2",
            "PAN-OS 11.1.4-h1",
            "PAN-OS 11.1.4",
            "PAN-OS 11.1.3-h13",
            "PAN-OS 11.1.3-h12",
            "PAN-OS 11.1.3-h11",
            "PAN-OS 11.1.3-h10",
            "PAN-OS 11.1.3-h9",
            "PAN-OS 11.1.3-h8",
            "PAN-OS 11.1.3-h7",
            "PAN-OS 11.1.3-h6",
            "PAN-OS 11.1.3-h5",
            "PAN-OS 11.1.3-h4",
            "PAN-OS 11.1.3-h3",
            "PAN-OS 11.1.3-h2",
            "PAN-OS 11.1.3-h1",
            "PAN-OS 11.1.3",
            "PAN-OS 11.1.2-h18",
            "PAN-OS 11.1.2-h17",
            "PAN-OS 11.1.2-h16",
            "PAN-OS 11.1.2-h15",
            "PAN-OS 11.1.2-h14",
            "PAN-OS 11.1.2-h13",
            "PAN-OS 11.1.2-h12",
            "PAN-OS 11.1.2-h11",
            "PAN-OS 11.1.2-h10",
            "PAN-OS 11.1.2-h9",
            "PAN-OS 11.1.2-h8",
            "PAN-OS 11.1.2-h7",
            "PAN-OS 11.1.2-h6",
            "PAN-OS 11.1.2-h5",
            "PAN-OS 11.1.2-h4",
            "PAN-OS 11.1.2-h3",
            "PAN-OS 11.1.2-h2",
            "PAN-OS 11.1.2-h1",
            "PAN-OS 11.1.2",
            "PAN-OS 11.1.1-h2",
            "PAN-OS 11.1.1-h1",
            "PAN-OS 11.1.1",
            "PAN-OS 11.1.0-h4",
            "PAN-OS 11.1.0-h3",
            "PAN-OS 11.1.0-h2",
            "PAN-OS 11.1.0-h1",
            "PAN-OS 11.1.0",
            "PAN-OS 10.2.18-h6",
            "PAN-OS 10.2.18-h5",
            "PAN-OS 10.2.18-h1",
            "PAN-OS 10.2.18",
            "PAN-OS 10.2.17",
            "PAN-OS 10.2.16-h7",
            "PAN-OS 10.2.16-h6",
            "PAN-OS 10.2.16-h4",
            "PAN-OS 10.2.16-h1",
            "PAN-OS 10.2.16",
            "PAN-OS 10.2.15",
            "PAN-OS 10.2.14-h1",
            "PAN-OS 10.2.14",
            "PAN-OS 10.2.13-h21",
            "PAN-OS 10.2.13-h18",
            "PAN-OS 10.2.13-h16",
            "PAN-OS 10.2.13-h15",
            "PAN-OS 10.2.13-h10",
            "PAN-OS 10.2.13-h7",
            "PAN-OS 10.2.13-h5",
            "PAN-OS 10.2.13-h4",
            "PAN-OS 10.2.13-h3",
            "PAN-OS 10.2.13-h2",
            "PAN-OS 10.2.13-h1",
            "PAN-OS 10.2.13",
            "PAN-OS 10.2.12-h6",
            "PAN-OS 10.2.12-h5",
            "PAN-OS 10.2.12-h4",
            "PAN-OS 10.2.12-h3",
            "PAN-OS 10.2.12-h2",
            "PAN-OS 10.2.12-h1",
            "PAN-OS 10.2.12",
            "PAN-OS 10.2.11-h13",
            "PAN-OS 10.2.11-h12",
            "PAN-OS 10.2.11-h11",
            "PAN-OS 10.2.11-h10",
            "PAN-OS 10.2.11-h9",
            "PAN-OS 10.2.11-h8",
            "PAN-OS 10.2.11-h7",
            "PAN-OS 10.2.11-h6",
            "PAN-OS 10.2.11-h5",
            "PAN-OS 10.2.11-h4",
            "PAN-OS 10.2.11-h3",
            "PAN-OS 10.2.11-h2",
            "PAN-OS 10.2.11-h1",
            "PAN-OS 10.2.11",
            "PAN-OS 10.2.10-h36",
            "PAN-OS 10.2.10-h31",
            "PAN-OS 10.2.10-h30",
            "PAN-OS 10.2.10-h27",
            "PAN-OS 10.2.10-h26",
            "PAN-OS 10.2.10-h23",
            "PAN-OS 10.2.10-h21",
            "PAN-OS 10.2.10-h18",
            "PAN-OS 10.2.10-h17",
            "PAN-OS 10.2.10-h14",
            "PAN-OS 10.2.10-h13",
            "PAN-OS 10.2.10-h12",
            "PAN-OS 10.2.10-h11",
            "PAN-OS 10.2.10-h10",
            "PAN-OS 10.2.10-h9",
            "PAN-OS 10.2.10-h8",
            "PAN-OS 10.2.10-h7",
            "PAN-OS 10.2.10-h6",
            "PAN-OS 10.2.10-h5",
            "PAN-OS 10.2.10-h4",
            "PAN-OS 10.2.10-h3",
            "PAN-OS 10.2.10-h2",
            "PAN-OS 10.2.10-h1",
            "PAN-OS 10.2.10",
            "PAN-OS 10.2.9-h21",
            "PAN-OS 10.2.9-h20",
            "PAN-OS 10.2.9-h19",
            "PAN-OS 10.2.9-h18",
            "PAN-OS 10.2.9-h17",
            "PAN-OS 10.2.9-h16",
            "PAN-OS 10.2.9-h15",
            "PAN-OS 10.2.9-h14",
            "PAN-OS 10.2.9-h13",
            "PAN-OS 10.2.9-h12",
            "PAN-OS 10.2.9-h11",
            "PAN-OS 10.2.9-h10",
            "PAN-OS 10.2.9-h9",
            "PAN-OS 10.2.9-h8",
            "PAN-OS 10.2.9-h7",
            "PAN-OS 10.2.9-h6",
            "PAN-OS 10.2.9-h5",
            "PAN-OS 10.2.9-h4",
            "PAN-OS 10.2.9-h3",
            "PAN-OS 10.2.9-h2",
            "PAN-OS 10.2.9-h1",
            "PAN-OS 10.2.9",
            "PAN-OS 10.2.8-h21",
            "PAN-OS 10.2.8-h20",
            "PAN-OS 10.2.8-h19",
            "PAN-OS 10.2.8-h18",
            "PAN-OS 10.2.8-h17",
            "PAN-OS 10.2.8-h16",
            "PAN-OS 10.2.8-h15",
            "PAN-OS 10.2.8-h14",
            "PAN-OS 10.2.8-h13",
            "PAN-OS 10.2.8-h12",
            "PAN-OS 10.2.8-h11",
            "PAN-OS 10.2.8-h10",
            "PAN-OS 10.2.8-h9",
            "PAN-OS 10.2.8-h8",
            "PAN-OS 10.2.8-h7",
            "PAN-OS 10.2.8-h6",
            "PAN-OS 10.2.8-h5",
            "PAN-OS 10.2.8-h4",
            "PAN-OS 10.2.8-h3",
            "PAN-OS 10.2.8-h2",
            "PAN-OS 10.2.8-h1",
            "PAN-OS 10.2.8",
            "PAN-OS 10.2.7-h34",
            "PAN-OS 10.2.7-h32",
            "PAN-OS 10.2.7-h24",
            "PAN-OS 10.2.7-h23",
            "PAN-OS 10.2.7-h22",
            "PAN-OS 10.2.7-h21",
            "PAN-OS 10.2.7-h20",
            "PAN-OS 10.2.7-h19",
            "PAN-OS 10.2.7-h18",
            "PAN-OS 10.2.7-h17",
            "PAN-OS 10.2.7-h16",
            "PAN-OS 10.2.7-h15",
            "PAN-OS 10.2.7-h14",
            "PAN-OS 10.2.7-h13",
            "PAN-OS 10.2.7-h12",
            "PAN-OS 10.2.7-h11",
            "PAN-OS 10.2.7-h10",
            "PAN-OS 10.2.7-h9",
            "PAN-OS 10.2.7-h8",
            "PAN-OS 10.2.7-h7",
            "PAN-OS 10.2.7-h6",
            "PAN-OS 10.2.7-h5",
            "PAN-OS 10.2.7-h4",
            "PAN-OS 10.2.7-h3",
            "PAN-OS 10.2.7-h2",
            "PAN-OS 10.2.7-h1",
            "PAN-OS 10.2.7",
            "PAN-OS 10.2.6-h6",
            "PAN-OS 10.2.6-h5",
            "PAN-OS 10.2.6-h4",
            "PAN-OS 10.2.6-h3",
            "PAN-OS 10.2.6-h2",
            "PAN-OS 10.2.6-h1",
            "PAN-OS 10.2.6",
            "PAN-OS 10.2.5-h9",
            "PAN-OS 10.2.5-h8",
            "PAN-OS 10.2.5-h7",
            "PAN-OS 10.2.5-h6",
            "PAN-OS 10.2.5-h5",
            "PAN-OS 10.2.5-h4",
            "PAN-OS 10.2.5-h3",
            "PAN-OS 10.2.5-h2",
            "PAN-OS 10.2.5-h1",
            "PAN-OS 10.2.5",
            "PAN-OS 10.2.4-h32",
            "PAN-OS 10.2.4-h31",
            "PAN-OS 10.2.4-h30",
            "PAN-OS 10.2.4-h29",
            "PAN-OS 10.2.4-h28",
            "PAN-OS 10.2.4-h27",
            "PAN-OS 10.2.4-h26",
            "PAN-OS 10.2.4-h25",
            "PAN-OS 10.2.4-h24",
            "PAN-OS 10.2.4-h23",
            "PAN-OS 10.2.4-h22",
            "PAN-OS 10.2.4-h21",
            "PAN-OS 10.2.4-h20",
            "PAN-OS 10.2.4-h19",
            "PAN-OS 10.2.4-h18",
            "PAN-OS 10.2.4-h17",
            "PAN-OS 10.2.4-h16",
            "PAN-OS 10.2.4-h15",
            "PAN-OS 10.2.4-h14",
            "PAN-OS 10.2.4-h13",
            "PAN-OS 10.2.4-h12",
            "PAN-OS 10.2.4-h11",
            "PAN-OS 10.2.4-h10",
            "PAN-OS 10.2.4-h9",
            "PAN-OS 10.2.4-h8",
            "PAN-OS 10.2.4-h7",
            "PAN-OS 10.2.4-h6",
            "PAN-OS 10.2.4-h5",
            "PAN-OS 10.2.4-h4",
            "PAN-OS 10.2.4-h3",
            "PAN-OS 10.2.4-h2",
            "PAN-OS 10.2.4-h1",
            "PAN-OS 10.2.4",
            "PAN-OS 10.2.3-h14",
            "PAN-OS 10.2.3-h13",
            "PAN-OS 10.2.3-h12",
            "PAN-OS 10.2.3-h11",
            "PAN-OS 10.2.3-h10",
            "PAN-OS 10.2.3-h9",
            "PAN-OS 10.2.3-h8",
            "PAN-OS 10.2.3-h7",
            "PAN-OS 10.2.3-h6",
            "PAN-OS 10.2.3-h5",
            "PAN-OS 10.2.3-h4",
            "PAN-OS 10.2.3-h3",
            "PAN-OS 10.2.3-h2",
            "PAN-OS 10.2.3-h1",
            "PAN-OS 10.2.3",
            "PAN-OS 10.2.2-h6",
            "PAN-OS 10.2.2-h5",
            "PAN-OS 10.2.2-h4",
            "PAN-OS 10.2.2-h3",
            "PAN-OS 10.2.2-h2",
            "PAN-OS 10.2.2-h1",
            "PAN-OS 10.2.2",
            "PAN-OS 10.2.1-h3",
            "PAN-OS 10.2.1-h2",
            "PAN-OS 10.2.1-h1",
            "PAN-OS 10.2.1",
            "PAN-OS 10.2.0-h4",
            "PAN-OS 10.2.0-h3",
            "PAN-OS 10.2.0-h2",
            "PAN-OS 10.2.0-h1",
            "PAN-OS 10.2.0"
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "assignerShortName": "palo_alto",
        "cveId": "CVE-2026-0288",
        "datePublished": "2026-07-08T20:14:32.405Z",
        "dateReserved": "2025-11-03T20:44:46.432Z",
        "dateUpdated": "2026-07-09T18:48:32.880Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CERTFR-2026-AVI-0853

    Vulnerability from certfr_avis - Published: 2026-07-09 - Updated: 2026-07-09

    De multiples vulnérabilités ont été découvertes dans les produits Palo Alto Networks. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Palo Alto Networks Prisma Access Browser Prisma Access versions 11.2.x antérieures à 11.2.7-h18
    Palo Alto Networks PAN-OS PAN-OS versions 11.2.x antérieures à 11.2.13
    Palo Alto Networks Prisma Access Browser Prisma Browser versions antérieures à 150.33.2.46
    Palo Alto Networks Prisma Access Browser Prisma Access versions 10.2.x antérieures à 10.2.10-h39
    Palo Alto Networks Prisma Access Browser Prisma Access versions 12.1.x antérieures à 12.1.8
    Palo Alto Networks Prisma Access Browser Prisma Access Agent sans les derniers correctifs de sécurité
    Palo Alto Networks PAN-OS PAN-OS versions 12.1.x antérieures à 12.1.8
    Palo Alto Networks PAN-OS PAN-OS versions 11.1.0 antérieures à 11.1.4-h35
    Palo Alto Networks Cortex XDR Broker Cortex XDR Broker VM versions 20.0.96 antérieures à 31.0.58
    Palo Alto Networks PAN-OS PAN-OS versions 10.2.0 antérieures à 10.2.18-h8
    Palo Alto Networks PAN-OS PAN-OS versions 11.1.x antérieures à 11.1.16

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Prisma Access versions 11.2.x ant\u00e9rieures \u00e0 11.2.7-h18",
          "product": {
            "name": "Prisma Access Browser",
            "vendor": {
              "name": "Palo Alto Networks",
              "scada": false
            }
          }
        },
        {
          "description": "PAN-OS versions 11.2.x ant\u00e9rieures \u00e0 11.2.13",
          "product": {
            "name": "PAN-OS",
            "vendor": {
              "name": "Palo Alto Networks",
              "scada": false
            }
          }
        },
        {
          "description": "Prisma Browser versions ant\u00e9rieures \u00e0 150.33.2.46",
          "product": {
            "name": "Prisma Access Browser",
            "vendor": {
              "name": "Palo Alto Networks",
              "scada": false
            }
          }
        },
        {
          "description": "Prisma Access versions 10.2.x ant\u00e9rieures \u00e0 10.2.10-h39",
          "product": {
            "name": "Prisma Access Browser",
            "vendor": {
              "name": "Palo Alto Networks",
              "scada": false
            }
          }
        },
        {
          "description": "Prisma Access versions 12.1.x ant\u00e9rieures \u00e0 12.1.8",
          "product": {
            "name": "Prisma Access Browser",
            "vendor": {
              "name": "Palo Alto Networks",
              "scada": false
            }
          }
        },
        {
          "description": "Prisma Access Agent sans les derniers correctifs de s\u00e9curit\u00e9",
          "product": {
            "name": "Prisma Access Browser",
            "vendor": {
              "name": "Palo Alto Networks",
              "scada": false
            }
          }
        },
        {
          "description": "PAN-OS versions 12.1.x ant\u00e9rieures \u00e0 12.1.8",
          "product": {
            "name": "PAN-OS",
            "vendor": {
              "name": "Palo Alto Networks",
              "scada": false
            }
          }
        },
        {
          "description": "PAN-OS versions 11.1.0 ant\u00e9rieures \u00e0 11.1.4-h35",
          "product": {
            "name": "PAN-OS",
            "vendor": {
              "name": "Palo Alto Networks",
              "scada": false
            }
          }
        },
        {
          "description": "Cortex XDR Broker VM versions 20.0.96 ant\u00e9rieures \u00e0 31.0.58",
          "product": {
            "name": "Cortex XDR Broker",
            "vendor": {
              "name": "Palo Alto Networks",
              "scada": false
            }
          }
        },
        {
          "description": "PAN-OS versions 10.2.0 ant\u00e9rieures \u00e0 10.2.18-h8",
          "product": {
            "name": "PAN-OS",
            "vendor": {
              "name": "Palo Alto Networks",
              "scada": false
            }
          }
        },
        {
          "description": "PAN-OS versions 11.1.x ant\u00e9rieures \u00e0 11.1.16",
          "product": {
            "name": "PAN-OS",
            "vendor": {
              "name": "Palo Alto Networks",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2026-10927",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10927"
        },
        {
          "name": "CVE-2026-10991",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10991"
        },
        {
          "name": "CVE-2026-11637",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11637"
        },
        {
          "name": "CVE-2026-11239",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11239"
        },
        {
          "name": "CVE-2026-11182",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11182"
        },
        {
          "name": "CVE-2026-10986",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10986"
        },
        {
          "name": "CVE-2026-10955",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10955"
        },
        {
          "name": "CVE-2026-11144",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11144"
        },
        {
          "name": "CVE-2026-0281",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-0281"
        },
        {
          "name": "CVE-2026-11041",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11041"
        },
        {
          "name": "CVE-2026-10902",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10902"
        },
        {
          "name": "CVE-2026-11047",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11047"
        },
        {
          "name": "CVE-2026-10892",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10892"
        },
        {
          "name": "CVE-2026-11153",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11153"
        },
        {
          "name": "CVE-2026-11221",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11221"
        },
        {
          "name": "CVE-2026-0283",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-0283"
        },
        {
          "name": "CVE-2026-10981",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10981"
        },
        {
          "name": "CVE-2026-10958",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10958"
        },
        {
          "name": "CVE-2026-11693",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11693"
        },
        {
          "name": "CVE-2026-10967",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10967"
        },
        {
          "name": "CVE-2026-11229",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11229"
        },
        {
          "name": "CVE-2026-11057",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11057"
        },
        {
          "name": "CVE-2026-11139",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11139"
        },
        {
          "name": "CVE-2026-11204",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11204"
        },
        {
          "name": "CVE-2026-11175",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11175"
        },
        {
          "name": "CVE-2026-11023",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11023"
        },
        {
          "name": "CVE-2026-11250",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11250"
        },
        {
          "name": "CVE-2026-10968",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10968"
        },
        {
          "name": "CVE-2026-10896",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10896"
        },
        {
          "name": "CVE-2026-11071",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11071"
        },
        {
          "name": "CVE-2026-11238",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11238"
        },
        {
          "name": "CVE-2026-11274",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11274"
        },
        {
          "name": "CVE-2026-11200",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11200"
        },
        {
          "name": "CVE-2026-10915",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10915"
        },
        {
          "name": "CVE-2026-11257",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11257"
        },
        {
          "name": "CVE-2026-11011",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11011"
        },
        {
          "name": "CVE-2026-11049",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11049"
        },
        {
          "name": "CVE-2026-12031",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-12031"
        },
        {
          "name": "CVE-2026-10923",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10923"
        },
        {
          "name": "CVE-2026-11070",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11070"
        },
        {
          "name": "CVE-2026-11101",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11101"
        },
        {
          "name": "CVE-2026-10946",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10946"
        },
        {
          "name": "CVE-2026-11016",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11016"
        },
        {
          "name": "CVE-2026-11236",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11236"
        },
        {
          "name": "CVE-2026-11108",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11108"
        },
        {
          "name": "CVE-2026-10912",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10912"
        },
        {
          "name": "CVE-2026-11098",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11098"
        },
        {
          "name": "CVE-2026-11086",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11086"
        },
        {
          "name": "CVE-2026-11122",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11122"
        },
        {
          "name": "CVE-2026-11267",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11267"
        },
        {
          "name": "CVE-2026-11279",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11279"
        },
        {
          "name": "CVE-2026-11668",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11668"
        },
        {
          "name": "CVE-2026-12019",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-12019"
        },
        {
          "name": "CVE-2026-10911",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10911"
        },
        {
          "name": "CVE-2026-10944",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10944"
        },
        {
          "name": "CVE-2026-10922",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10922"
        },
        {
          "name": "CVE-2026-11189",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11189"
        },
        {
          "name": "CVE-2026-11044",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11044"
        },
        {
          "name": "CVE-2026-10995",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10995"
        },
        {
          "name": "CVE-2026-11186",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11186"
        },
        {
          "name": "CVE-2026-11309",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11309"
        },
        {
          "name": "CVE-2026-10898",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10898"
        },
        {
          "name": "CVE-2026-11235",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11235"
        },
        {
          "name": "CVE-2026-11007",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11007"
        },
        {
          "name": "CVE-2026-10883",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10883"
        },
        {
          "name": "CVE-2026-11036",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11036"
        },
        {
          "name": "CVE-2026-11673",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11673"
        },
        {
          "name": "CVE-2026-11290",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11290"
        },
        {
          "name": "CVE-2026-11262",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11262"
        },
        {
          "name": "CVE-2026-11075",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11075"
        },
        {
          "name": "CVE-2026-10887",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10887"
        },
        {
          "name": "CVE-2026-11263",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11263"
        },
        {
          "name": "CVE-2026-10996",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10996"
        },
        {
          "name": "CVE-2026-11280",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11280"
        },
        {
          "name": "CVE-2026-11133",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11133"
        },
        {
          "name": "CVE-2026-10979",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10979"
        },
        {
          "name": "CVE-2026-11640",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11640"
        },
        {
          "name": "CVE-2026-11134",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11134"
        },
        {
          "name": "CVE-2026-10920",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10920"
        },
        {
          "name": "CVE-2026-11687",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11687"
        },
        {
          "name": "CVE-2026-11150",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11150"
        },
        {
          "name": "CVE-2026-11038",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11038"
        },
        {
          "name": "CVE-2026-11135",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11135"
        },
        {
          "name": "CVE-2026-11652",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11652"
        },
        {
          "name": "CVE-2026-11024",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11024"
        },
        {
          "name": "CVE-2026-10891",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10891"
        },
        {
          "name": "CVE-2026-0286",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-0286"
        },
        {
          "name": "CVE-2026-11195",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11195"
        },
        {
          "name": "CVE-2026-10974",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10974"
        },
        {
          "name": "CVE-2026-12035",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-12035"
        },
        {
          "name": "CVE-2026-11003",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11003"
        },
        {
          "name": "CVE-2026-12014",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-12014"
        },
        {
          "name": "CVE-2026-10987",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10987"
        },
        {
          "name": "CVE-2026-11696",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11696"
        },
        {
          "name": "CVE-2026-11222",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11222"
        },
        {
          "name": "CVE-2026-10957",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10957"
        },
        {
          "name": "CVE-2026-11666",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11666"
        },
        {
          "name": "CVE-2026-10971",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10971"
        },
        {
          "name": "CVE-2026-10949",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10949"
        },
        {
          "name": "CVE-2026-11256",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11256"
        },
        {
          "name": "CVE-2026-11663",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11663"
        },
        {
          "name": "CVE-2026-10941",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10941"
        },
        {
          "name": "CVE-2026-11226",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11226"
        },
        {
          "name": "CVE-2026-10928",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10928"
        },
        {
          "name": "CVE-2026-11169",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11169"
        },
        {
          "name": "CVE-2026-11009",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11009"
        },
        {
          "name": "CVE-2026-12016",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-12016"
        },
        {
          "name": "CVE-2026-10921",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10921"
        },
        {
          "name": "CVE-2026-11307",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11307"
        },
        {
          "name": "CVE-2026-12027",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-12027"
        },
        {
          "name": "CVE-2026-11628",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11628"
        },
        {
          "name": "CVE-2026-10975",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10975"
        },
        {
          "name": "CVE-2026-10909",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10909"
        },
        {
          "name": "CVE-2026-11127",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11127"
        },
        {
          "name": "CVE-2026-11125",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11125"
        },
        {
          "name": "CVE-2026-11177",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11177"
        },
        {
          "name": "CVE-2026-11302",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11302"
        },
        {
          "name": "CVE-2026-11171",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11171"
        },
        {
          "name": "CVE-2026-12013",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-12013"
        },
        {
          "name": "CVE-2026-11661",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11661"
        },
        {
          "name": "CVE-2026-11168",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11168"
        },
        {
          "name": "CVE-2026-11022",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11022"
        },
        {
          "name": "CVE-2026-11126",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11126"
        },
        {
          "name": "CVE-2026-11161",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11161"
        },
        {
          "name": "CVE-2026-11639",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11639"
        },
        {
          "name": "CVE-2026-10903",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10903"
        },
        {
          "name": "CVE-2026-10893",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10893"
        },
        {
          "name": "CVE-2026-0276",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-0276"
        },
        {
          "name": "CVE-2026-11265",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11265"
        },
        {
          "name": "CVE-2026-11268",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11268"
        },
        {
          "name": "CVE-2026-11634",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11634"
        },
        {
          "name": "CVE-2026-0284",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-0284"
        },
        {
          "name": "CVE-2026-11288",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11288"
        },
        {
          "name": "CVE-2026-11228",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11228"
        },
        {
          "name": "CVE-2026-11686",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11686"
        },
        {
          "name": "CVE-2026-11158",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11158"
        },
        {
          "name": "CVE-2026-11234",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11234"
        },
        {
          "name": "CVE-2026-11291",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11291"
        },
        {
          "name": "CVE-2026-11155",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11155"
        },
        {
          "name": "CVE-2026-11241",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11241"
        },
        {
          "name": "CVE-2026-10953",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10953"
        },
        {
          "name": "CVE-2026-11690",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11690"
        },
        {
          "name": "CVE-2026-12009",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-12009"
        },
        {
          "name": "CVE-2026-11216",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11216"
        },
        {
          "name": "CVE-2026-11119",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11119"
        },
        {
          "name": "CVE-2026-11285",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11285"
        },
        {
          "name": "CVE-2026-11019",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11019"
        },
        {
          "name": "CVE-2026-11063",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11063"
        },
        {
          "name": "CVE-2026-11090",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11090"
        },
        {
          "name": "CVE-2026-10939",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10939"
        },
        {
          "name": "CVE-2026-11205",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11205"
        },
        {
          "name": "CVE-2026-11248",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11248"
        },
        {
          "name": "CVE-2026-11013",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11013"
        },
        {
          "name": "CVE-2026-11030",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11030"
        },
        {
          "name": "CVE-2026-11650",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11650"
        },
        {
          "name": "CVE-2026-11188",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11188"
        },
        {
          "name": "CVE-2026-11045",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11045"
        },
        {
          "name": "CVE-2026-11670",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11670"
        },
        {
          "name": "CVE-2026-11006",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11006"
        },
        {
          "name": "CVE-2026-11232",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11232"
        },
        {
          "name": "CVE-2026-10904",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10904"
        },
        {
          "name": "CVE-2026-11202",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11202"
        },
        {
          "name": "CVE-2026-10977",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10977"
        },
        {
          "name": "CVE-2026-11214",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11214"
        },
        {
          "name": "CVE-2026-11651",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11651"
        },
        {
          "name": "CVE-2026-11129",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11129"
        },
        {
          "name": "CVE-2026-12018",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-12018"
        },
        {
          "name": "CVE-2026-11021",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11021"
        },
        {
          "name": "CVE-2026-11665",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11665"
        },
        {
          "name": "CVE-2026-10947",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10947"
        },
        {
          "name": "CVE-2026-11160",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11160"
        },
        {
          "name": "CVE-2026-0279",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-0279"
        },
        {
          "name": "CVE-2026-10956",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10956"
        },
        {
          "name": "CVE-2026-10935",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10935"
        },
        {
          "name": "CVE-2026-11635",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11635"
        },
        {
          "name": "CVE-2026-11050",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11050"
        },
        {
          "name": "CVE-2026-11069",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11069"
        },
        {
          "name": "CVE-2026-11034",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11034"
        },
        {
          "name": "CVE-2026-11305",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11305"
        },
        {
          "name": "CVE-2026-12034",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-12034"
        },
        {
          "name": "CVE-2026-11259",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11259"
        },
        {
          "name": "CVE-2026-11193",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11193"
        },
        {
          "name": "CVE-2026-11026",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11026"
        },
        {
          "name": "CVE-2026-11662",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11662"
        },
        {
          "name": "CVE-2026-11094",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11094"
        },
        {
          "name": "CVE-2026-11692",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11692"
        },
        {
          "name": "CVE-2026-11237",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11237"
        },
        {
          "name": "CVE-2026-11104",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11104"
        },
        {
          "name": "CVE-2026-11281",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11281"
        },
        {
          "name": "CVE-2026-11093",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11093"
        },
        {
          "name": "CVE-2026-11080",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11080"
        },
        {
          "name": "CVE-2026-11143",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11143"
        },
        {
          "name": "CVE-2026-10924",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10924"
        },
        {
          "name": "CVE-2026-11653",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11653"
        },
        {
          "name": "CVE-2026-11181",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11181"
        },
        {
          "name": "CVE-2026-12024",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-12024"
        },
        {
          "name": "CVE-2026-11061",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11061"
        },
        {
          "name": "CVE-2026-11684",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11684"
        },
        {
          "name": "CVE-2026-10885",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10885"
        },
        {
          "name": "CVE-2026-11292",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11292"
        },
        {
          "name": "CVE-2026-11058",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11058"
        },
        {
          "name": "CVE-2026-11032",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11032"
        },
        {
          "name": "CVE-2026-10994",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10994"
        },
        {
          "name": "CVE-2026-11163",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11163"
        },
        {
          "name": "CVE-2026-12029",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-12029"
        },
        {
          "name": "CVE-2026-11682",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11682"
        },
        {
          "name": "CVE-2026-11672",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11672"
        },
        {
          "name": "CVE-2026-11676",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11676"
        },
        {
          "name": "CVE-2026-11105",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11105"
        },
        {
          "name": "CVE-2026-11689",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11689"
        },
        {
          "name": "CVE-2026-11147",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11147"
        },
        {
          "name": "CVE-2026-11247",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11247"
        },
        {
          "name": "CVE-2026-11266",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11266"
        },
        {
          "name": "CVE-2026-11253",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11253"
        },
        {
          "name": "CVE-2026-11187",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11187"
        },
        {
          "name": "CVE-2026-11272",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11272"
        },
        {
          "name": "CVE-2026-11005",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11005"
        },
        {
          "name": "CVE-2026-10914",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10914"
        },
        {
          "name": "CVE-2026-11029",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11029"
        },
        {
          "name": "CVE-2026-11206",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11206"
        },
        {
          "name": "CVE-2026-11167",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11167"
        },
        {
          "name": "CVE-2026-11001",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11001"
        },
        {
          "name": "CVE-2026-11203",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11203"
        },
        {
          "name": "CVE-2026-10988",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10988"
        },
        {
          "name": "CVE-2026-11301",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11301"
        },
        {
          "name": "CVE-2026-11010",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11010"
        },
        {
          "name": "CVE-2026-11636",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11636"
        },
        {
          "name": "CVE-2026-11212",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11212"
        },
        {
          "name": "CVE-2026-11190",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11190"
        },
        {
          "name": "CVE-2026-11289",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11289"
        },
        {
          "name": "CVE-2026-11215",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11215"
        },
        {
          "name": "CVE-2026-11294",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11294"
        },
        {
          "name": "CVE-2026-11254",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11254"
        },
        {
          "name": "CVE-2026-11649",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11649"
        },
        {
          "name": "CVE-2026-11076",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11076"
        },
        {
          "name": "CVE-2026-11020",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11020"
        },
        {
          "name": "CVE-2026-11065",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11065"
        },
        {
          "name": "CVE-2026-11219",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11219"
        },
        {
          "name": "CVE-2026-10895",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10895"
        },
        {
          "name": "CVE-2026-11074",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11074"
        },
        {
          "name": "CVE-2026-10918",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10918"
        },
        {
          "name": "CVE-2026-12007",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-12007"
        },
        {
          "name": "CVE-2026-0280",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-0280"
        },
        {
          "name": "CVE-2026-11042",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11042"
        },
        {
          "name": "CVE-2026-11246",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11246"
        },
        {
          "name": "CVE-2026-11118",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11118"
        },
        {
          "name": "CVE-2026-11141",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11141"
        },
        {
          "name": "CVE-2026-11157",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11157"
        },
        {
          "name": "CVE-2026-11087",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11087"
        },
        {
          "name": "CVE-2026-11109",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11109"
        },
        {
          "name": "CVE-2026-11631",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11631"
        },
        {
          "name": "CVE-2026-11245",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11245"
        },
        {
          "name": "CVE-2026-12028",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-12028"
        },
        {
          "name": "CVE-2026-10925",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10925"
        },
        {
          "name": "CVE-2026-12015",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-12015"
        },
        {
          "name": "CVE-2026-11110",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11110"
        },
        {
          "name": "CVE-2026-11646",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11646"
        },
        {
          "name": "CVE-2026-10929",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10929"
        },
        {
          "name": "CVE-2026-10961",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10961"
        },
        {
          "name": "CVE-2026-11121",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11121"
        },
        {
          "name": "CVE-2026-11260",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11260"
        },
        {
          "name": "CVE-2026-11111",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11111"
        },
        {
          "name": "CVE-2026-11271",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11271"
        },
        {
          "name": "CVE-2026-11658",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11658"
        },
        {
          "name": "CVE-2026-11112",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11112"
        },
        {
          "name": "CVE-2026-11037",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11037"
        },
        {
          "name": "CVE-2026-11128",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11128"
        },
        {
          "name": "CVE-2026-11284",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11284"
        },
        {
          "name": "CVE-2026-11683",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11683"
        },
        {
          "name": "CVE-2026-11688",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11688"
        },
        {
          "name": "CVE-2026-11694",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11694"
        },
        {
          "name": "CVE-2026-10954",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10954"
        },
        {
          "name": "CVE-2026-10937",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10937"
        },
        {
          "name": "CVE-2026-11685",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11685"
        },
        {
          "name": "CVE-2026-11131",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11131"
        },
        {
          "name": "CVE-2026-11079",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11079"
        },
        {
          "name": "CVE-2026-11162",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11162"
        },
        {
          "name": "CVE-2026-10942",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10942"
        },
        {
          "name": "CVE-2026-11629",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11629"
        },
        {
          "name": "CVE-2026-11018",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11018"
        },
        {
          "name": "CVE-2026-11148",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11148"
        },
        {
          "name": "CVE-2026-12017",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-12017"
        },
        {
          "name": "CVE-2026-11240",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11240"
        },
        {
          "name": "CVE-2026-10894",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10894"
        },
        {
          "name": "CVE-2026-11277",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11277"
        },
        {
          "name": "CVE-2026-11130",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11130"
        },
        {
          "name": "CVE-2026-10938",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10938"
        },
        {
          "name": "CVE-2026-11084",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11084"
        },
        {
          "name": "CVE-2026-11297",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11297"
        },
        {
          "name": "CVE-2026-11264",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11264"
        },
        {
          "name": "CVE-2026-11306",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11306"
        },
        {
          "name": "CVE-2026-10972",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10972"
        },
        {
          "name": "CVE-2026-11113",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11113"
        },
        {
          "name": "CVE-2026-11648",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11648"
        },
        {
          "name": "CVE-2026-11691",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11691"
        },
        {
          "name": "CVE-2026-11681",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11681"
        },
        {
          "name": "CVE-2026-10965",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10965"
        },
        {
          "name": "CVE-2026-11296",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11296"
        },
        {
          "name": "CVE-2026-11192",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11192"
        },
        {
          "name": "CVE-2026-11008",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11008"
        },
        {
          "name": "CVE-2026-11082",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11082"
        },
        {
          "name": "CVE-2026-11123",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11123"
        },
        {
          "name": "CVE-2026-11000",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11000"
        },
        {
          "name": "CVE-2026-11103",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11103"
        },
        {
          "name": "CVE-2026-11286",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11286"
        },
        {
          "name": "CVE-2026-10993",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10993"
        },
        {
          "name": "CVE-2026-10959",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10959"
        },
        {
          "name": "CVE-2026-11172",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11172"
        },
        {
          "name": "CVE-2026-10913",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10913"
        },
        {
          "name": "CVE-2026-11146",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11146"
        },
        {
          "name": "CVE-2026-10884",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10884"
        },
        {
          "name": "CVE-2026-0287",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-0287"
        },
        {
          "name": "CVE-2026-10980",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10980"
        },
        {
          "name": "CVE-2026-10910",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10910"
        },
        {
          "name": "CVE-2026-11077",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11077"
        },
        {
          "name": "CVE-2026-11116",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11116"
        },
        {
          "name": "CVE-2026-11137",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11137"
        },
        {
          "name": "CVE-2026-11638",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11638"
        },
        {
          "name": "CVE-2026-11278",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11278"
        },
        {
          "name": "CVE-2026-11174",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11174"
        },
        {
          "name": "CVE-2026-10905",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10905"
        },
        {
          "name": "CVE-2026-11056",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11056"
        },
        {
          "name": "CVE-2026-0285",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-0285"
        },
        {
          "name": "CVE-2026-11224",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11224"
        },
        {
          "name": "CVE-2026-11138",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11138"
        },
        {
          "name": "CVE-2026-12008",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-12008"
        },
        {
          "name": "CVE-2026-10908",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10908"
        },
        {
          "name": "CVE-2026-11293",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11293"
        },
        {
          "name": "CVE-2026-11060",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11060"
        },
        {
          "name": "CVE-2026-11142",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11142"
        },
        {
          "name": "CVE-2026-10969",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10969"
        },
        {
          "name": "CVE-2026-10930",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10930"
        },
        {
          "name": "CVE-2026-11642",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11642"
        },
        {
          "name": "CVE-2026-11152",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11152"
        },
        {
          "name": "CVE-2026-11165",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11165"
        },
        {
          "name": "CVE-2026-11051",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11051"
        },
        {
          "name": "CVE-2026-11304",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11304"
        },
        {
          "name": "CVE-2026-10999",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10999"
        },
        {
          "name": "CVE-2026-11282",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11282"
        },
        {
          "name": "CVE-2026-10888",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10888"
        },
        {
          "name": "CVE-2026-11095",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11095"
        },
        {
          "name": "CVE-2026-11055",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11055"
        },
        {
          "name": "CVE-2026-11217",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11217"
        },
        {
          "name": "CVE-2026-10907",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10907"
        },
        {
          "name": "CVE-2026-11276",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11276"
        },
        {
          "name": "CVE-2026-11633",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11633"
        },
        {
          "name": "CVE-2026-11156",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11156"
        },
        {
          "name": "CVE-2026-11031",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11031"
        },
        {
          "name": "CVE-2026-10952",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10952"
        },
        {
          "name": "CVE-2026-12032",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-12032"
        },
        {
          "name": "CVE-2026-11184",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11184"
        },
        {
          "name": "CVE-2026-11680",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11680"
        },
        {
          "name": "CVE-2026-10900",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10900"
        },
        {
          "name": "CVE-2026-10962",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10962"
        },
        {
          "name": "CVE-2026-10966",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10966"
        },
        {
          "name": "CVE-2026-11170",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11170"
        },
        {
          "name": "CVE-2026-11632",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11632"
        },
        {
          "name": "CVE-2026-10943",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10943"
        },
        {
          "name": "CVE-2026-11166",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11166"
        },
        {
          "name": "CVE-2026-10964",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10964"
        },
        {
          "name": "CVE-2026-11100",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11100"
        },
        {
          "name": "CVE-2026-10992",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10992"
        },
        {
          "name": "CVE-2026-11695",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11695"
        },
        {
          "name": "CVE-2026-11647",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11647"
        },
        {
          "name": "CVE-2026-10916",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10916"
        },
        {
          "name": "CVE-2026-11085",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11085"
        },
        {
          "name": "CVE-2026-11645",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11645"
        },
        {
          "name": "CVE-2026-11096",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11096"
        },
        {
          "name": "CVE-2026-11178",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11178"
        },
        {
          "name": "CVE-2026-11275",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11275"
        },
        {
          "name": "CVE-2026-11046",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11046"
        },
        {
          "name": "CVE-2026-11028",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11028"
        },
        {
          "name": "CVE-2026-11176",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11176"
        },
        {
          "name": "CVE-2026-11068",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11068"
        },
        {
          "name": "CVE-2026-10940",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10940"
        },
        {
          "name": "CVE-2026-12023",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-12023"
        },
        {
          "name": "CVE-2026-10936",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10936"
        },
        {
          "name": "CVE-2026-10886",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10886"
        },
        {
          "name": "CVE-2026-12012",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-12012"
        },
        {
          "name": "CVE-2026-10917",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10917"
        },
        {
          "name": "CVE-2026-11191",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11191"
        },
        {
          "name": "CVE-2026-11674",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11674"
        },
        {
          "name": "CVE-2026-11154",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11154"
        },
        {
          "name": "CVE-2026-12025",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-12025"
        },
        {
          "name": "CVE-2026-11180",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11180"
        },
        {
          "name": "CVE-2026-11699",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11699"
        },
        {
          "name": "CVE-2026-10882",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10882"
        },
        {
          "name": "CVE-2026-12026",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-12026"
        },
        {
          "name": "CVE-2026-10901",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10901"
        },
        {
          "name": "CVE-2026-11308",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11308"
        },
        {
          "name": "CVE-2026-11697",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11697"
        },
        {
          "name": "CVE-2026-11655",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11655"
        },
        {
          "name": "CVE-2026-11132",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11132"
        },
        {
          "name": "CVE-2026-11677",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11677"
        },
        {
          "name": "CVE-2026-11261",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11261"
        },
        {
          "name": "CVE-2026-11197",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11197"
        },
        {
          "name": "CVE-2026-11300",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11300"
        },
        {
          "name": "CVE-2026-10899",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10899"
        },
        {
          "name": "CVE-2026-10998",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10998"
        },
        {
          "name": "CVE-2026-11064",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11064"
        },
        {
          "name": "CVE-2026-11017",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11017"
        },
        {
          "name": "CVE-2026-11207",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11207"
        },
        {
          "name": "CVE-2026-11303",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11303"
        },
        {
          "name": "CVE-2026-11295",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11295"
        },
        {
          "name": "CVE-2026-11106",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11106"
        },
        {
          "name": "CVE-2026-10932",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10932"
        },
        {
          "name": "CVE-2026-11660",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11660"
        },
        {
          "name": "CVE-2026-11231",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11231"
        },
        {
          "name": "CVE-2026-11117",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11117"
        },
        {
          "name": "CVE-2026-12022",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-12022"
        },
        {
          "name": "CVE-2026-11641",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11641"
        },
        {
          "name": "CVE-2026-10906",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10906"
        },
        {
          "name": "CVE-2026-11643",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11643"
        },
        {
          "name": "CVE-2026-11194",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11194"
        },
        {
          "name": "CVE-2026-0288",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-0288"
        },
        {
          "name": "CVE-2026-11700",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11700"
        },
        {
          "name": "CVE-2026-11004",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11004"
        },
        {
          "name": "CVE-2026-11081",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11081"
        },
        {
          "name": "CVE-2026-11179",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11179"
        },
        {
          "name": "CVE-2026-11033",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11033"
        },
        {
          "name": "CVE-2026-11173",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11173"
        },
        {
          "name": "CVE-2026-0275",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-0275"
        },
        {
          "name": "CVE-2026-11669",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11669"
        },
        {
          "name": "CVE-2026-10970",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10970"
        },
        {
          "name": "CVE-2026-11230",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11230"
        },
        {
          "name": "CVE-2026-11114",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11114"
        },
        {
          "name": "CVE-2026-10976",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10976"
        },
        {
          "name": "CVE-2026-12010",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-12010"
        },
        {
          "name": "CVE-2026-11258",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11258"
        },
        {
          "name": "CVE-2026-11107",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11107"
        },
        {
          "name": "CVE-2026-10983",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10983"
        },
        {
          "name": "CVE-2026-11066",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11066"
        },
        {
          "name": "CVE-2026-11120",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11120"
        },
        {
          "name": "CVE-2026-11225",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11225"
        },
        {
          "name": "CVE-2026-11062",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11062"
        },
        {
          "name": "CVE-2026-11185",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11185"
        },
        {
          "name": "CVE-2026-11102",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11102"
        },
        {
          "name": "CVE-2026-11664",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11664"
        },
        {
          "name": "CVE-2026-10948",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10948"
        },
        {
          "name": "CVE-2026-11012",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11012"
        },
        {
          "name": "CVE-2026-10963",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10963"
        },
        {
          "name": "CVE-2026-11209",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11209"
        },
        {
          "name": "CVE-2026-11088",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11088"
        },
        {
          "name": "CVE-2026-10990",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10990"
        },
        {
          "name": "CVE-2026-11183",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11183"
        },
        {
          "name": "CVE-2026-10933",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10933"
        },
        {
          "name": "CVE-2026-11115",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11115"
        },
        {
          "name": "CVE-2026-11679",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11679"
        },
        {
          "name": "CVE-2026-11067",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11067"
        },
        {
          "name": "CVE-2026-10934",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10934"
        },
        {
          "name": "CVE-2026-11698",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11698"
        },
        {
          "name": "CVE-2026-11251",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11251"
        },
        {
          "name": "CVE-2026-11270",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11270"
        },
        {
          "name": "CVE-2026-11015",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11015"
        },
        {
          "name": "CVE-2026-11091",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11091"
        },
        {
          "name": "CVE-2026-11025",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11025"
        },
        {
          "name": "CVE-2026-10989",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10989"
        },
        {
          "name": "CVE-2026-11039",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11039"
        },
        {
          "name": "CVE-2026-11249",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11249"
        },
        {
          "name": "CVE-2026-10950",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10950"
        },
        {
          "name": "CVE-2026-10889",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10889"
        },
        {
          "name": "CVE-2026-10926",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10926"
        },
        {
          "name": "CVE-2026-11078",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11078"
        },
        {
          "name": "CVE-2026-0282",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-0282"
        },
        {
          "name": "CVE-2026-11659",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11659"
        },
        {
          "name": "CVE-2026-11243",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11243"
        },
        {
          "name": "CVE-2026-11014",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11014"
        },
        {
          "name": "CVE-2026-11671",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11671"
        },
        {
          "name": "CVE-2026-11059",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11059"
        },
        {
          "name": "CVE-2026-10960",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10960"
        },
        {
          "name": "CVE-2026-10951",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10951"
        },
        {
          "name": "CVE-2026-11667",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11667"
        },
        {
          "name": "CVE-2026-10931",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10931"
        },
        {
          "name": "CVE-2026-11072",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11072"
        },
        {
          "name": "CVE-2026-10982",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10982"
        },
        {
          "name": "CVE-2026-10997",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10997"
        },
        {
          "name": "CVE-2026-11136",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11136"
        },
        {
          "name": "CVE-2026-11283",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11283"
        },
        {
          "name": "CVE-2026-11164",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11164"
        },
        {
          "name": "CVE-2026-11675",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11675"
        },
        {
          "name": "CVE-2026-11213",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11213"
        },
        {
          "name": "CVE-2026-10897",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10897"
        },
        {
          "name": "CVE-2026-11233",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11233"
        },
        {
          "name": "CVE-2026-11630",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11630"
        },
        {
          "name": "CVE-2026-11211",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11211"
        },
        {
          "name": "CVE-2026-10985",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10985"
        },
        {
          "name": "CVE-2026-12011",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-12011"
        },
        {
          "name": "CVE-2026-11054",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11054"
        },
        {
          "name": "CVE-2026-11027",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11027"
        },
        {
          "name": "CVE-2026-12020",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-12020"
        },
        {
          "name": "CVE-2026-11244",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11244"
        },
        {
          "name": "CVE-2026-11151",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11151"
        },
        {
          "name": "CVE-2026-11196",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11196"
        },
        {
          "name": "CVE-2026-11252",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11252"
        },
        {
          "name": "CVE-2026-11678",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11678"
        },
        {
          "name": "CVE-2026-10978",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10978"
        },
        {
          "name": "CVE-2026-11145",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11145"
        },
        {
          "name": "CVE-2026-10881",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10881"
        },
        {
          "name": "CVE-2026-10984",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10984"
        },
        {
          "name": "CVE-2026-11159",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11159"
        },
        {
          "name": "CVE-2026-11223",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11223"
        },
        {
          "name": "CVE-2026-11287",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11287"
        },
        {
          "name": "CVE-2026-11644",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11644"
        },
        {
          "name": "CVE-2026-10919",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10919"
        },
        {
          "name": "CVE-2026-11654",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11654"
        },
        {
          "name": "CVE-2026-11048",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11048"
        },
        {
          "name": "CVE-2026-11089",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11089"
        },
        {
          "name": "CVE-2026-11657",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11657"
        },
        {
          "name": "CVE-2026-11269",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11269"
        },
        {
          "name": "CVE-2026-12030",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-12030"
        },
        {
          "name": "CVE-2026-0277",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-0277"
        },
        {
          "name": "CVE-2026-11208",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11208"
        },
        {
          "name": "CVE-2026-11097",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11097"
        },
        {
          "name": "CVE-2026-11043",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11043"
        },
        {
          "name": "CVE-2026-11040",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11040"
        },
        {
          "name": "CVE-2026-11035",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11035"
        },
        {
          "name": "CVE-2026-12033",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-12033"
        },
        {
          "name": "CVE-2026-11199",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11199"
        },
        {
          "name": "CVE-2026-11149",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11149"
        },
        {
          "name": "CVE-2026-11092",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11092"
        },
        {
          "name": "CVE-2026-11198",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11198"
        },
        {
          "name": "CVE-2026-11073",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11073"
        },
        {
          "name": "CVE-2026-11052",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11052"
        },
        {
          "name": "CVE-2026-0278",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-0278"
        },
        {
          "name": "CVE-2026-11701",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11701"
        },
        {
          "name": "CVE-2026-11140",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11140"
        },
        {
          "name": "CVE-2026-10945",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10945"
        },
        {
          "name": "CVE-2026-11299",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11299"
        },
        {
          "name": "CVE-2026-11227",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11227"
        },
        {
          "name": "CVE-2026-11124",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11124"
        },
        {
          "name": "CVE-2026-11002",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11002"
        },
        {
          "name": "CVE-2026-11273",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11273"
        },
        {
          "name": "CVE-2026-11656",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11656"
        },
        {
          "name": "CVE-2026-11255",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11255"
        },
        {
          "name": "CVE-2026-11242",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11242"
        },
        {
          "name": "CVE-2026-10890",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10890"
        },
        {
          "name": "CVE-2026-11218",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11218"
        },
        {
          "name": "CVE-2026-11201",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11201"
        },
        {
          "name": "CVE-2026-11083",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11083"
        },
        {
          "name": "CVE-2026-10973",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10973"
        },
        {
          "name": "CVE-2026-11210",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11210"
        },
        {
          "name": "CVE-2026-11298",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11298"
        },
        {
          "name": "CVE-2026-11220",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11220"
        }
      ],
      "initial_release_date": "2026-07-09T00:00:00",
      "last_revision_date": "2026-07-09T00:00:00",
      "links": [],
      "reference": "CERTFR-2026-AVI-0853",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2026-07-09T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "D\u00e9ni de service \u00e0 distance"
        },
        {
          "description": "Injection de code indirecte \u00e0 distance (XSS)"
        },
        {
          "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
        },
        {
          "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
        },
        {
          "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
        },
        {
          "description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
        },
        {
          "description": "Contournement de la politique de s\u00e9curit\u00e9"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        },
        {
          "description": "\u00c9l\u00e9vation de privil\u00e8ges"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Palo Alto Networks. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Palo Alto Networks",
      "vendor_advisories": [
        {
          "published_at": "2026-07-08",
          "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2026-0276",
          "url": "https://security.paloaltonetworks.com/CVE-2026-0276"
        },
        {
          "published_at": "2026-07-08",
          "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2026-0285",
          "url": "https://security.paloaltonetworks.com/CVE-2026-0285"
        },
        {
          "published_at": "2026-07-08",
          "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2026-0277",
          "url": "https://security.paloaltonetworks.com/CVE-2026-0277"
        },
        {
          "published_at": "2026-07-08",
          "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks PAN-SA-2026-0010",
          "url": "https://security.paloaltonetworks.com/PAN-SA-2026-0010"
        },
        {
          "published_at": "2026-07-08",
          "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2026-0286",
          "url": "https://security.paloaltonetworks.com/CVE-2026-0286"
        },
        {
          "published_at": "2026-07-08",
          "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2026-0282",
          "url": "https://security.paloaltonetworks.com/CVE-2026-0282"
        },
        {
          "published_at": "2026-07-08",
          "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2026-0279",
          "url": "https://security.paloaltonetworks.com/CVE-2026-0279"
        },
        {
          "published_at": "2026-07-08",
          "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2026-0280",
          "url": "https://security.paloaltonetworks.com/CVE-2026-0280"
        },
        {
          "published_at": "2026-07-08",
          "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2026-0278",
          "url": "https://security.paloaltonetworks.com/CVE-2026-0278"
        },
        {
          "published_at": "2026-07-08",
          "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2026-0288",
          "url": "https://security.paloaltonetworks.com/CVE-2026-0288"
        },
        {
          "published_at": "2026-07-08",
          "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2026-0287",
          "url": "https://security.paloaltonetworks.com/CVE-2026-0287"
        },
        {
          "published_at": "2026-07-08",
          "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2026-0281",
          "url": "https://security.paloaltonetworks.com/CVE-2026-0281"
        },
        {
          "published_at": "2026-07-08",
          "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2026-0284",
          "url": "https://security.paloaltonetworks.com/CVE-2026-0284"
        },
        {
          "published_at": "2026-07-08",
          "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2026-0283",
          "url": "https://security.paloaltonetworks.com/CVE-2026-0283"
        }
      ]
    }

    CERTFR-2026-AVI-0734

    Vulnerability from certfr_avis - Published: 2026-06-11 - Updated: 2026-06-11

    De multiples vulnérabilités ont été découvertes dans les produits Palo Alto Networks. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Palo Alto Networks Prisma Access Browser Prisma Access Agent versions antérieures à 26.2.1 sur Linux
    Palo Alto Networks PAN-OS PAN-OS versions 11.2.x antérieures à 11.2.11
    Palo Alto Networks Prisma Access Browser Prisma Browser versions antérieures à 148.18.4.217
    Palo Alto Networks PAN-OS PAN-OS versions 10.2.0 antérieures à 10.2.7-h35
    Palo Alto Networks PAN-OS PAN-OS versions 10.2.x à 11.1.x antérieures à 11.1.14
    Palo Alto Networks GlobalProtect App GlobalProtect App versions 6.2.x antérieures à 6.2.8-h2
    Palo Alto Networks Cortex XSOAR Cortex XSOAR CommvaultSecurityIQ Marketplace versions antérieures à 1.2.0
    Palo Alto Networks Cortex XSOAR Cortex XSOAR versions antérieures à 8.13.0.11 sur Linux
    Palo Alto Networks PAN-OS PAN-OS versions 12.1.x antérieures à 12.1.5
    Palo Alto Networks GlobalProtect App GlobalProtect App versions 6.3.x antérieures à 6.3.3-h1
    Palo Alto Networks Cortex XSIAM Cortex XSIAM CommvaultSecurityIQ Marketplace versions antérieures à 1.2.0

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Prisma Access Agent versions ant\u00e9rieures \u00e0 26.2.1 sur Linux",
          "product": {
            "name": "Prisma Access Browser",
            "vendor": {
              "name": "Palo Alto Networks",
              "scada": false
            }
          }
        },
        {
          "description": "PAN-OS versions 11.2.x ant\u00e9rieures \u00e0 11.2.11",
          "product": {
            "name": "PAN-OS",
            "vendor": {
              "name": "Palo Alto Networks",
              "scada": false
            }
          }
        },
        {
          "description": "Prisma Browser versions ant\u00e9rieures \u00e0 148.18.4.217",
          "product": {
            "name": "Prisma Access Browser",
            "vendor": {
              "name": "Palo Alto Networks",
              "scada": false
            }
          }
        },
        {
          "description": "PAN-OS versions 10.2.0 ant\u00e9rieures \u00e0 10.2.7-h35",
          "product": {
            "name": "PAN-OS",
            "vendor": {
              "name": "Palo Alto Networks",
              "scada": false
            }
          }
        },
        {
          "description": "PAN-OS versions 10.2.x \u00e0 11.1.x ant\u00e9rieures \u00e0 11.1.14",
          "product": {
            "name": "PAN-OS",
            "vendor": {
              "name": "Palo Alto Networks",
              "scada": false
            }
          }
        },
        {
          "description": "GlobalProtect App versions 6.2.x ant\u00e9rieures \u00e0 6.2.8-h2",
          "product": {
            "name": "GlobalProtect App",
            "vendor": {
              "name": "Palo Alto Networks",
              "scada": false
            }
          }
        },
        {
          "description": "Cortex XSOAR CommvaultSecurityIQ Marketplace versions ant\u00e9rieures \u00e0 1.2.0",
          "product": {
            "name": "Cortex XSOAR",
            "vendor": {
              "name": "Palo Alto Networks",
              "scada": false
            }
          }
        },
        {
          "description": "Cortex XSOAR versions ant\u00e9rieures \u00e0 8.13.0.11 sur Linux",
          "product": {
            "name": "Cortex XSOAR",
            "vendor": {
              "name": "Palo Alto Networks",
              "scada": false
            }
          }
        },
        {
          "description": "PAN-OS versions 12.1.x ant\u00e9rieures \u00e0 12.1.5",
          "product": {
            "name": "PAN-OS",
            "vendor": {
              "name": "Palo Alto Networks",
              "scada": false
            }
          }
        },
        {
          "description": "GlobalProtect App versions 6.3.x ant\u00e9rieures \u00e0 6.3.3-h1",
          "product": {
            "name": "GlobalProtect App",
            "vendor": {
              "name": "Palo Alto Networks",
              "scada": false
            }
          }
        },
        {
          "description": "Cortex XSIAM CommvaultSecurityIQ Marketplace versions ant\u00e9rieures \u00e0 1.2.0",
          "product": {
            "name": "Cortex XSIAM",
            "vendor": {
              "name": "Palo Alto Networks",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2026-9998",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9998"
        },
        {
          "name": "CVE-2026-9873",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9873"
        },
        {
          "name": "CVE-2026-9911",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9911"
        },
        {
          "name": "CVE-2026-9961",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9961"
        },
        {
          "name": "CVE-2026-9124",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9124"
        },
        {
          "name": "CVE-2026-9942",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9942"
        },
        {
          "name": "CVE-2026-9989",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9989"
        },
        {
          "name": "CVE-2026-9952",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9952"
        },
        {
          "name": "CVE-2026-9905",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9905"
        },
        {
          "name": "CVE-2026-0274",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-0274"
        },
        {
          "name": "CVE-2026-9877",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9877"
        },
        {
          "name": "CVE-2026-8554",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-8554"
        },
        {
          "name": "CVE-2026-8559",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-8559"
        },
        {
          "name": "CVE-2026-8547",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-8547"
        },
        {
          "name": "CVE-2026-8542",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-8542"
        },
        {
          "name": "CVE-2026-9900",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9900"
        },
        {
          "name": "CVE-2026-9890",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9890"
        },
        {
          "name": "CVE-2026-0268",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-0268"
        },
        {
          "name": "CVE-2026-9914",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9914"
        },
        {
          "name": "CVE-2026-9115",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9115"
        },
        {
          "name": "CVE-2026-8562",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-8562"
        },
        {
          "name": "CVE-2026-8513",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-8513"
        },
        {
          "name": "CVE-2026-8560",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-8560"
        },
        {
          "name": "CVE-2026-9985",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9985"
        },
        {
          "name": "CVE-2026-8534",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-8534"
        },
        {
          "name": "CVE-2026-9949",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9949"
        },
        {
          "name": "CVE-2026-10006",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10006"
        },
        {
          "name": "CVE-2026-9898",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9898"
        },
        {
          "name": "CVE-2026-0273",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-0273"
        },
        {
          "name": "CVE-2026-8531",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-8531"
        },
        {
          "name": "CVE-2026-9912",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9912"
        },
        {
          "name": "CVE-2026-9901",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9901"
        },
        {
          "name": "CVE-2026-8578",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-8578"
        },
        {
          "name": "CVE-2026-8565",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-8565"
        },
        {
          "name": "CVE-2026-8520",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-8520"
        },
        {
          "name": "CVE-2026-9968",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9968"
        },
        {
          "name": "CVE-2026-9882",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9882"
        },
        {
          "name": "CVE-2026-9974",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9974"
        },
        {
          "name": "CVE-2026-8536",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-8536"
        },
        {
          "name": "CVE-2026-9118",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9118"
        },
        {
          "name": "CVE-2026-9947",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9947"
        },
        {
          "name": "CVE-2026-9976",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9976"
        },
        {
          "name": "CVE-2026-9935",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9935"
        },
        {
          "name": "CVE-2026-9893",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9893"
        },
        {
          "name": "CVE-2026-9971",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9971"
        },
        {
          "name": "CVE-2026-9940",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9940"
        },
        {
          "name": "CVE-2026-8587",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-8587"
        },
        {
          "name": "CVE-2026-9973",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9973"
        },
        {
          "name": "CVE-2026-9110",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9110"
        },
        {
          "name": "CVE-2026-9943",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9943"
        },
        {
          "name": "CVE-2026-10019",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10019"
        },
        {
          "name": "CVE-2026-9937",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9937"
        },
        {
          "name": "CVE-2026-8571",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-8571"
        },
        {
          "name": "CVE-2026-8556",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-8556"
        },
        {
          "name": "CVE-2026-8543",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-8543"
        },
        {
          "name": "CVE-2026-9895",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9895"
        },
        {
          "name": "CVE-2026-9936",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9936"
        },
        {
          "name": "CVE-2026-9894",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9894"
        },
        {
          "name": "CVE-2026-10004",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10004"
        },
        {
          "name": "CVE-2026-9999",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9999"
        },
        {
          "name": "CVE-2026-8557",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-8557"
        },
        {
          "name": "CVE-2026-9121",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9121"
        },
        {
          "name": "CVE-2026-0272",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-0272"
        },
        {
          "name": "CVE-2026-9958",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9958"
        },
        {
          "name": "CVE-2026-8538",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-8538"
        },
        {
          "name": "CVE-2026-9954",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9954"
        },
        {
          "name": "CVE-2026-8526",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-8526"
        },
        {
          "name": "CVE-2026-9970",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9970"
        },
        {
          "name": "CVE-2026-9951",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9951"
        },
        {
          "name": "CVE-2026-9918",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9918"
        },
        {
          "name": "CVE-2026-10001",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10001"
        },
        {
          "name": "CVE-2026-8523",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-8523"
        },
        {
          "name": "CVE-2026-9992",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9992"
        },
        {
          "name": "CVE-2026-9889",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9889"
        },
        {
          "name": "CVE-2026-9950",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9950"
        },
        {
          "name": "CVE-2026-9883",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9883"
        },
        {
          "name": "CVE-2026-8549",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-8549"
        },
        {
          "name": "CVE-2026-8530",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-8530"
        },
        {
          "name": "CVE-2026-9996",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9996"
        },
        {
          "name": "CVE-2026-9913",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9913"
        },
        {
          "name": "CVE-2026-8541",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-8541"
        },
        {
          "name": "CVE-2026-9930",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9930"
        },
        {
          "name": "CVE-2026-8535",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-8535"
        },
        {
          "name": "CVE-2026-9965",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9965"
        },
        {
          "name": "CVE-2026-8515",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-8515"
        },
        {
          "name": "CVE-2026-8583",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-8583"
        },
        {
          "name": "CVE-2026-9876",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9876"
        },
        {
          "name": "CVE-2026-9879",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9879"
        },
        {
          "name": "CVE-2026-9872",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9872"
        },
        {
          "name": "CVE-2026-9875",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9875"
        },
        {
          "name": "CVE-2026-9963",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9963"
        },
        {
          "name": "CVE-2026-9922",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9922"
        },
        {
          "name": "CVE-2026-9975",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9975"
        },
        {
          "name": "CVE-2026-9931",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9931"
        },
        {
          "name": "CVE-2026-9980",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9980"
        },
        {
          "name": "CVE-2026-10000",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10000"
        },
        {
          "name": "CVE-2026-9904",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9904"
        },
        {
          "name": "CVE-2026-8533",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-8533"
        },
        {
          "name": "CVE-2026-10007",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10007"
        },
        {
          "name": "CVE-2026-8585",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-8585"
        },
        {
          "name": "CVE-2026-9116",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9116"
        },
        {
          "name": "CVE-2026-9983",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9983"
        },
        {
          "name": "CVE-2026-8527",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-8527"
        },
        {
          "name": "CVE-2026-10014",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10014"
        },
        {
          "name": "CVE-2026-10022",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10022"
        },
        {
          "name": "CVE-2026-9892",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9892"
        },
        {
          "name": "CVE-2026-8584",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-8584"
        },
        {
          "name": "CVE-2026-9880",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9880"
        },
        {
          "name": "CVE-2026-8517",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-8517"
        },
        {
          "name": "CVE-2026-9979",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9979"
        },
        {
          "name": "CVE-2026-10011",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10011"
        },
        {
          "name": "CVE-2026-9978",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9978"
        },
        {
          "name": "CVE-2026-8579",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-8579"
        },
        {
          "name": "CVE-2026-10020",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10020"
        },
        {
          "name": "CVE-2026-9899",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9899"
        },
        {
          "name": "CVE-2026-10015",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10015"
        },
        {
          "name": "CVE-2026-8573",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-8573"
        },
        {
          "name": "CVE-2026-9969",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9969"
        },
        {
          "name": "CVE-2026-8569",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-8569"
        },
        {
          "name": "CVE-2026-9123",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9123"
        },
        {
          "name": "CVE-2026-9919",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9919"
        },
        {
          "name": "CVE-2026-8545",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-8545"
        },
        {
          "name": "CVE-2026-8529",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-8529"
        },
        {
          "name": "CVE-2026-8561",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-8561"
        },
        {
          "name": "CVE-2026-9920",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9920"
        },
        {
          "name": "CVE-2026-9921",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9921"
        },
        {
          "name": "CVE-2026-9977",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9977"
        },
        {
          "name": "CVE-2026-9878",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9878"
        },
        {
          "name": "CVE-2026-9888",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9888"
        },
        {
          "name": "CVE-2026-9113",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9113"
        },
        {
          "name": "CVE-2026-9923",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9923"
        },
        {
          "name": "CVE-2026-9909",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9909"
        },
        {
          "name": "CVE-2026-9962",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9962"
        },
        {
          "name": "CVE-2026-9881",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9881"
        },
        {
          "name": "CVE-2026-8546",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-8546"
        },
        {
          "name": "CVE-2026-10010",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10010"
        },
        {
          "name": "CVE-2026-9945",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9945"
        },
        {
          "name": "CVE-2026-9956",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9956"
        },
        {
          "name": "CVE-2026-8522",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-8522"
        },
        {
          "name": "CVE-2026-8544",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-8544"
        },
        {
          "name": "CVE-2026-10008",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10008"
        },
        {
          "name": "CVE-2026-8540",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-8540"
        },
        {
          "name": "CVE-2026-9927",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9927"
        },
        {
          "name": "CVE-2026-9120",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9120"
        },
        {
          "name": "CVE-2026-8555",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-8555"
        },
        {
          "name": "CVE-2026-9944",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9944"
        },
        {
          "name": "CVE-2026-9948",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9948"
        },
        {
          "name": "CVE-2026-9117",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9117"
        },
        {
          "name": "CVE-2026-9902",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9902"
        },
        {
          "name": "CVE-2026-9988",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9988"
        },
        {
          "name": "CVE-2026-9925",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9925"
        },
        {
          "name": "CVE-2026-8528",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-8528"
        },
        {
          "name": "CVE-2026-0269",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-0269"
        },
        {
          "name": "CVE-2026-8570",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-8570"
        },
        {
          "name": "CVE-2026-9114",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9114"
        },
        {
          "name": "CVE-2026-9928",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9928"
        },
        {
          "name": "CVE-2026-8512",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-8512"
        },
        {
          "name": "CVE-2026-9886",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9886"
        },
        {
          "name": "CVE-2026-10021",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10021"
        },
        {
          "name": "CVE-2026-9957",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9957"
        },
        {
          "name": "CVE-2026-10005",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10005"
        },
        {
          "name": "CVE-2026-9896",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9896"
        },
        {
          "name": "CVE-2026-9915",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9915"
        },
        {
          "name": "CVE-2026-9990",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9990"
        },
        {
          "name": "CVE-2026-9907",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9907"
        },
        {
          "name": "CVE-2026-9932",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9932"
        },
        {
          "name": "CVE-2026-8553",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-8553"
        },
        {
          "name": "CVE-2026-10016",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10016"
        },
        {
          "name": "CVE-2026-8566",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-8566"
        },
        {
          "name": "CVE-2026-8551",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-8551"
        },
        {
          "name": "CVE-2026-8577",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-8577"
        },
        {
          "name": "CVE-2026-9997",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9997"
        },
        {
          "name": "CVE-2026-8539",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-8539"
        },
        {
          "name": "CVE-2026-8525",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-8525"
        },
        {
          "name": "CVE-2026-8563",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-8563"
        },
        {
          "name": "CVE-2026-9994",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9994"
        },
        {
          "name": "CVE-2026-8514",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-8514"
        },
        {
          "name": "CVE-2026-9874",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9874"
        },
        {
          "name": "CVE-2026-8509",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-8509"
        },
        {
          "name": "CVE-2026-10017",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10017"
        },
        {
          "name": "CVE-2026-9929",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9929"
        },
        {
          "name": "CVE-2026-9984",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9984"
        },
        {
          "name": "CVE-2026-8521",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-8521"
        },
        {
          "name": "CVE-2026-9885",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9885"
        },
        {
          "name": "CVE-2026-8524",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-8524"
        },
        {
          "name": "CVE-2026-8558",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-8558"
        },
        {
          "name": "CVE-2026-8564",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-8564"
        },
        {
          "name": "CVE-2026-9887",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9887"
        },
        {
          "name": "CVE-2026-9910",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9910"
        },
        {
          "name": "CVE-2026-0270",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-0270"
        },
        {
          "name": "CVE-2026-8580",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-8580"
        },
        {
          "name": "CVE-2026-9906",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9906"
        },
        {
          "name": "CVE-2026-9111",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9111"
        },
        {
          "name": "CVE-2026-9917",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9917"
        },
        {
          "name": "CVE-2026-9959",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9959"
        },
        {
          "name": "CVE-2026-8516",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-8516"
        },
        {
          "name": "CVE-2026-8567",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-8567"
        },
        {
          "name": "CVE-2026-9908",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9908"
        },
        {
          "name": "CVE-2026-9946",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9946"
        },
        {
          "name": "CVE-2026-9903",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9903"
        },
        {
          "name": "CVE-2026-9993",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9993"
        },
        {
          "name": "CVE-2026-8510",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-8510"
        },
        {
          "name": "CVE-2026-9966",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9966"
        },
        {
          "name": "CVE-2026-8576",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-8576"
        },
        {
          "name": "CVE-2026-9955",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9955"
        },
        {
          "name": "CVE-2026-9953",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9953"
        },
        {
          "name": "CVE-2026-9967",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9967"
        },
        {
          "name": "CVE-2026-8568",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-8568"
        },
        {
          "name": "CVE-2026-0271",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-0271"
        },
        {
          "name": "CVE-2026-9960",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9960"
        },
        {
          "name": "CVE-2026-8582",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-8582"
        },
        {
          "name": "CVE-2026-9916",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9916"
        },
        {
          "name": "CVE-2026-10018",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10018"
        },
        {
          "name": "CVE-2026-8518",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-8518"
        },
        {
          "name": "CVE-2026-8586",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-8586"
        },
        {
          "name": "CVE-2026-8575",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-8575"
        },
        {
          "name": "CVE-2026-9982",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9982"
        },
        {
          "name": "CVE-2026-9986",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9986"
        },
        {
          "name": "CVE-2026-10013",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10013"
        },
        {
          "name": "CVE-2026-8572",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-8572"
        },
        {
          "name": "CVE-2026-10003",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10003"
        },
        {
          "name": "CVE-2026-9981",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9981"
        },
        {
          "name": "CVE-2026-9112",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9112"
        },
        {
          "name": "CVE-2026-9933",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9933"
        },
        {
          "name": "CVE-2026-8548",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-8548"
        },
        {
          "name": "CVE-2026-8532",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-8532"
        },
        {
          "name": "CVE-2026-9938",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9938"
        },
        {
          "name": "CVE-2026-9934",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9934"
        },
        {
          "name": "CVE-2026-8574",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-8574"
        },
        {
          "name": "CVE-2026-9991",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9991"
        },
        {
          "name": "CVE-2026-8581",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-8581"
        },
        {
          "name": "CVE-2026-9939",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9939"
        },
        {
          "name": "CVE-2026-9897",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9897"
        },
        {
          "name": "CVE-2026-9926",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9926"
        },
        {
          "name": "CVE-2026-9972",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9972"
        },
        {
          "name": "CVE-2026-9987",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9987"
        },
        {
          "name": "CVE-2026-9995",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9995"
        },
        {
          "name": "CVE-2026-0266",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-0266"
        },
        {
          "name": "CVE-2026-9126",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9126"
        },
        {
          "name": "CVE-2026-9964",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9964"
        },
        {
          "name": "CVE-2026-0267",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-0267"
        },
        {
          "name": "CVE-2026-10002",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10002"
        },
        {
          "name": "CVE-2026-8537",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-8537"
        },
        {
          "name": "CVE-2026-8519",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-8519"
        },
        {
          "name": "CVE-2026-8550",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-8550"
        },
        {
          "name": "CVE-2026-10009",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10009"
        },
        {
          "name": "CVE-2026-8511",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-8511"
        },
        {
          "name": "CVE-2026-9924",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9924"
        },
        {
          "name": "CVE-2026-10012",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10012"
        },
        {
          "name": "CVE-2026-9891",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9891"
        },
        {
          "name": "CVE-2026-9941",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9941"
        },
        {
          "name": "CVE-2026-9884",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9884"
        },
        {
          "name": "CVE-2026-8552",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-8552"
        }
      ],
      "initial_release_date": "2026-06-11T00:00:00",
      "last_revision_date": "2026-06-11T00:00:00",
      "links": [],
      "reference": "CERTFR-2026-AVI-0734",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2026-06-11T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "D\u00e9ni de service \u00e0 distance"
        },
        {
          "description": "Injection de code indirecte \u00e0 distance (XSS)"
        },
        {
          "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
        },
        {
          "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
        },
        {
          "description": "Contournement de la politique de s\u00e9curit\u00e9"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        },
        {
          "description": "\u00c9l\u00e9vation de privil\u00e8ges"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Palo Alto Networks. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Palo Alto Networks",
      "vendor_advisories": [
        {
          "published_at": "2026-06-10",
          "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2026-0273",
          "url": "https://security.paloaltonetworks.com/CVE-2026-0273"
        },
        {
          "published_at": "2026-06-10",
          "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2026-0269",
          "url": "https://security.paloaltonetworks.com/CVE-2026-0269"
        },
        {
          "published_at": "2026-06-10",
          "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2026-0266",
          "url": "https://security.paloaltonetworks.com/CVE-2026-0266"
        },
        {
          "published_at": "2026-06-10",
          "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2026-0268",
          "url": "https://security.paloaltonetworks.com/CVE-2026-0268"
        },
        {
          "published_at": "2026-06-10",
          "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2026-0270",
          "url": "https://security.paloaltonetworks.com/CVE-2026-0270"
        },
        {
          "published_at": "2026-06-10",
          "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks PAN-SA-2026-0008",
          "url": "https://security.paloaltonetworks.com/PAN-SA-2026-0008"
        },
        {
          "published_at": "2026-06-10",
          "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2026-0272",
          "url": "https://security.paloaltonetworks.com/CVE-2026-0272"
        },
        {
          "published_at": "2026-06-10",
          "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2026-0271",
          "url": "https://security.paloaltonetworks.com/CVE-2026-0271"
        },
        {
          "published_at": "2026-06-10",
          "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2026-0274",
          "url": "https://security.paloaltonetworks.com/CVE-2026-0274"
        },
        {
          "published_at": "2026-06-10",
          "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2026-0267",
          "url": "https://security.paloaltonetworks.com/CVE-2026-0267"
        }
      ]
    }