Action not permitted
Modal body text goes here.
Modal Title
Modal Body
NCSC-2026-0227
Vulnerability from csaf_ncscnl - Published: 2026-07-13 08:27 - Updated: 2026-07-13 08:27Multiple cross-site scripting vulnerabilities in Palo Alto Networks PAN-OS software's User-ID Authentication Portal, GlobalProtect gateway/portal, and Clientless VPN allow unauthenticated attackers to execute malicious JavaScript, affecting PA-Series, VM-Series firewalls, and Panorama but not Cloud NGFW.
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Palo Alto Networks / PAN-OS
|
vers:unknown/* | ||
|
vers:unknown/*
Palo Alto Networks / Panorama
|
vers:unknown/* |
A vulnerability in Palo Alto Networks PAN-OS IPv6 packet processing allows unauthenticated attackers to bypass firewall security policies and access protected services, with Cloud NGFW and Panorama unaffected.
CWE-131 - Incorrect Calculation of Buffer Size| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Palo Alto Networks / PAN-OS
|
vers:unknown/* | ||
|
vers:unknown/*
Palo Alto Networks / Panorama
|
vers:unknown/* |
An information disclosure vulnerability in Palo Alto Networks PAN-OS allows unauthenticated attackers with network access to the management web interface to obtain web session tokens if a legitimate user clicks a malicious link, affecting PA-Series, VM-Series firewalls, and Panorama.
CWE-524 - Use of Cache Containing Sensitive Information| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Palo Alto Networks / PAN-OS
|
vers:unknown/* | ||
|
vers:unknown/*
Palo Alto Networks / Panorama
|
vers:unknown/* |
A file deletion vulnerability in Palo Alto Networks PAN-OS allows unauthenticated attackers with network access to the management web interface to delete files from a temporary directory, affecting PA-Series, VM-Series firewalls, and Panorama.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Palo Alto Networks / PAN-OS
|
vers:unknown/* | ||
|
vers:unknown/*
Palo Alto Networks / Panorama
|
vers:unknown/* |
An authentication bypass vulnerability in the Large Scale VPN (LSVPN) feature of Palo Alto Networks PAN-OS software enables attackers with network access to establish unauthorized site-to-site VPN connections, excluding Panorama, Cloud NGFW, and Prisma Access.
CWE-306 - Missing Authentication for Critical Function| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Palo Alto Networks / PAN-OS
|
vers:unknown/* | ||
|
vers:unknown/*
Palo Alto Networks / Panorama
|
vers:unknown/* |
An XML injection vulnerability in Palo Alto Networks PAN-OS Large Scale VPN feature allows unauthenticated network attackers to inject malicious XML, risking information disclosure or data corruption, while Panorama, Cloud NGFW, and Prisma Access remain unaffected.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Palo Alto Networks / PAN-OS
|
vers:unknown/* | ||
|
vers:unknown/*
Palo Alto Networks / Panorama
|
vers:unknown/* |
A server-side request forgery (SSRF) vulnerability in Palo Alto Networks PAN-OS allows authenticated administrators with management web interface access to make unauthorized internal service requests, with risk mitigated by restricting management interface access to trusted IPs.
CWE-918 - Server-Side Request Forgery (SSRF)| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Palo Alto Networks / PAN-OS
|
vers:unknown/* | ||
|
vers:unknown/*
Palo Alto Networks / Panorama
|
vers:unknown/* |
A command injection vulnerability in Palo Alto Networks PAN-OS management plane allows authenticated administrators to execute arbitrary root OS commands on PA-Series, VM-Series firewalls, and Panorama devices.
CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Palo Alto Networks / PAN-OS
|
vers:unknown/* | ||
|
vers:unknown/*
Palo Alto Networks / Panorama
|
vers:unknown/* |
Multiple denial of service vulnerabilities in Palo Alto Networks PAN-OS allow unauthenticated attackers with network access to cause a DoS condition and force the firewall into maintenance mode, with Panorama unaffected.
CWE-754 - Improper Check for Unusual or Exceptional Conditions| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Palo Alto Networks / PAN-OS
|
vers:unknown/* | ||
|
vers:unknown/*
Palo Alto Networks / Panorama
|
vers:unknown/* |
Multiple buffer overflow vulnerabilities in the User-ID Terminal Server Agent of Palo Alto Networks PAN-OS allow unauthenticated attackers to cause denial of service or execute arbitrary code, with Panorama unaffected and risk limited by internal IP restrictions.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Palo Alto Networks / PAN-OS
|
vers:unknown/* | ||
|
vers:unknown/*
Palo Alto Networks / Panorama
|
vers:unknown/* |
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Palo Alto Networks heeft meerdere kwetsbaarheden verholpen in PAN-OS software, specifiek in PA-Series en VM-Series firewalls, evenals Panorama management platforms.",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden betreffen verschillende onderdelen van PAN-OS.\n- Er zijn meerdere cross-site scripting (XSS) kwetsbaarheden in de User-ID Authentication Portal, GlobalProtect gateway/portal en Clientless VPN modules, die ongeauthenticeerde aanvallers in staat stellen om willekeurige JavaScript-code uit te voeren.\n- Een IPv6-pakketverwerkingsfout maakt het mogelijk om firewall security policies te omzeilen, waardoor toegang tot normaal beschermde services mogelijk is.\n- Een informatielek laat een ongeauthenticeerde aanvaller met netwerktoegang tot de management webinterface toe om sessietokens te verkrijgen via een kwaadaardige link.\n- Daarnaast bestaat er een kwetsbaarheid waardoor ongeauthenticeerde aanvallers bestanden kunnen verwijderen uit een tijdelijke map via de management webinterface.\n- De Large Scale VPN (LSVPN) feature kent een authenticatie-omzeilingsfout, waarmee onbevoegden site-to-site VPN-verbindingen kunnen opzetten, en een XML-injectie die kan leiden tot ongeautoriseerde informatietoegang of datacorruptie.\n- Een server-side request forgery (SSRF) kwetsbaarheid maakt het mogelijk voor geauthenticeerde beheerders om ongeautoriseerde verzoeken naar interne services te sturen.\n- Verder is er een command injection kwetsbaarheid in de management plane die geauthenticeerde beheerders root-toegang tot het besturingssysteem kan geven.\n- Meerdere denial of service (DoS) kwetsbaarheden kunnen door ongeauthenticeerde aanvallers een firewall in onderhoudsmodus dwingen, wat de normale werking verstoort.\n- Tenslotte zijn er buffer overflow kwetsbaarheden in de User-ID Terminal Server Agent die DoS of remote code execution mogelijk maken.\n \nDe Cloud NGFW en Prisma Access producten zijn niet getroffen door deze kwetsbaarheden. Beperking van toegang tot de management interface tot vertrouwde interne IP-adressen vermindert het risico op exploitatie.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Palo Alto Networks heeft updates uitgebracht om de kwetsbaarheden in PAN-OS te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "general",
"text": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"title": "CWE-74"
},
{
"category": "general",
"text": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"title": "CWE-78"
},
{
"category": "general",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
},
{
"category": "general",
"text": "Incorrect Calculation of Buffer Size",
"title": "CWE-131"
},
{
"category": "general",
"text": "Missing Authentication for Critical Function",
"title": "CWE-306"
},
{
"category": "general",
"text": "Use of Cache Containing Sensitive Information",
"title": "CWE-524"
},
{
"category": "general",
"text": "Improper Check for Unusual or Exceptional Conditions",
"title": "CWE-754"
},
{
"category": "general",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "general",
"text": "Server-Side Request Forgery (SSRF)",
"title": "CWE-918"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference",
"url": "https://security.paloaltonetworks.com/json/CVE-2026-0279"
},
{
"category": "external",
"summary": "Reference",
"url": "https://security.paloaltonetworks.com/json/CVE-2026-0280"
},
{
"category": "external",
"summary": "Reference",
"url": "https://security.paloaltonetworks.com/json/CVE-2026-0281"
},
{
"category": "external",
"summary": "Reference",
"url": "https://security.paloaltonetworks.com/json/CVE-2026-0282"
},
{
"category": "external",
"summary": "Reference",
"url": "https://security.paloaltonetworks.com/json/CVE-2026-0283"
},
{
"category": "external",
"summary": "Reference",
"url": "https://security.paloaltonetworks.com/json/CVE-2026-0284"
},
{
"category": "external",
"summary": "Reference",
"url": "https://security.paloaltonetworks.com/json/CVE-2026-0285"
},
{
"category": "external",
"summary": "Reference",
"url": "https://security.paloaltonetworks.com/json/CVE-2026-0286"
},
{
"category": "external",
"summary": "Reference",
"url": "https://security.paloaltonetworks.com/json/CVE-2026-0287"
},
{
"category": "external",
"summary": "Reference",
"url": "https://security.paloaltonetworks.com/json/CVE-2026-0288"
}
],
"title": "Kwetsbaarheden verholpen in Palo Alto Networks PAN-OS",
"tracking": {
"current_release_date": "2026-07-13T08:27:56.212302Z",
"generator": {
"date": "2025-08-04T16:30:00Z",
"engine": {
"name": "V.A.",
"version": "1.3"
}
},
"id": "NCSC-2026-0227",
"initial_release_date": "2026-07-13T08:27:56.212302Z",
"revision_history": [
{
"date": "2026-07-13T08:27:56.212302Z",
"number": "1.0.0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-1"
}
}
],
"category": "product_name",
"name": "PAN-OS"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-2"
}
}
],
"category": "product_name",
"name": "Panorama"
}
],
"category": "vendor",
"name": "Palo Alto Networks"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-0279",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
},
{
"category": "description",
"text": "Multiple cross-site scripting vulnerabilities in Palo Alto Networks PAN-OS software\u0027s User-ID Authentication Portal, GlobalProtect gateway/portal, and Clientless VPN allow unauthenticated attackers to execute malicious JavaScript, affecting PA-Series, VM-Series firewalls, and Panorama but not Cloud NGFW.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-0279 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-0279.json"
}
],
"title": "CVE-2026-0279"
},
{
"cve": "CVE-2026-0280",
"cwe": {
"id": "CWE-131",
"name": "Incorrect Calculation of Buffer Size"
},
"notes": [
{
"category": "other",
"text": "Incorrect Calculation of Buffer Size",
"title": "CWE-131"
},
{
"category": "description",
"text": "A vulnerability in Palo Alto Networks PAN-OS IPv6 packet processing allows unauthenticated attackers to bypass firewall security policies and access protected services, with Cloud NGFW and Panorama unaffected.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/AU:Y/V:D/RE:M/U:Amber",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-0280 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-0280.json"
}
],
"title": "CVE-2026-0280"
},
{
"cve": "CVE-2026-0281",
"cwe": {
"id": "CWE-524",
"name": "Use of Cache Containing Sensitive Information"
},
"notes": [
{
"category": "other",
"text": "Use of Cache Containing Sensitive Information",
"title": "CWE-524"
},
{
"category": "description",
"text": "An information disclosure vulnerability in Palo Alto Networks PAN-OS allows unauthenticated attackers with network access to the management web interface to obtain web session tokens if a legitimate user clicks a malicious link, affecting PA-Series, VM-Series firewalls, and Panorama.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/AU:N/R:A/V:D/RE:M/U:Amber",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-0281 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-0281.json"
}
],
"title": "CVE-2026-0281"
},
{
"cve": "CVE-2026-0282",
"notes": [
{
"category": "description",
"text": "A file deletion vulnerability in Palo Alto Networks PAN-OS allows unauthenticated attackers with network access to the management web interface to delete files from a temporary directory, affecting PA-Series, VM-Series firewalls, and Panorama.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-0282 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-0282.json"
}
],
"title": "CVE-2026-0282"
},
{
"cve": "CVE-2026-0283",
"cwe": {
"id": "CWE-306",
"name": "Missing Authentication for Critical Function"
},
"notes": [
{
"category": "other",
"text": "Missing Authentication for Critical Function",
"title": "CWE-306"
},
{
"category": "description",
"text": "An authentication bypass vulnerability in the Large Scale VPN (LSVPN) feature of Palo Alto Networks PAN-OS software enables attackers with network access to establish unauthorized site-to-site VPN connections, excluding Panorama, Cloud NGFW, and Prisma Access.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:H/SI:L/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-0283 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-0283.json"
}
],
"title": "CVE-2026-0283"
},
{
"cve": "CVE-2026-0284",
"notes": [
{
"category": "description",
"text": "An XML injection vulnerability in Palo Alto Networks PAN-OS Large Scale VPN feature allows unauthenticated network attackers to inject malicious XML, risking information disclosure or data corruption, while Panorama, Cloud NGFW, and Prisma Access remain unaffected.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:H/SI:L/SA:L/E:U/AU:N/R:A/V:D/RE:M/U:Amber",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-0284 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-0284.json"
}
],
"title": "CVE-2026-0284"
},
{
"cve": "CVE-2026-0285",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"notes": [
{
"category": "other",
"text": "Server-Side Request Forgery (SSRF)",
"title": "CWE-918"
},
{
"category": "description",
"text": "A server-side request forgery (SSRF) vulnerability in Palo Alto Networks PAN-OS allows authenticated administrators with management web interface access to make unauthorized internal service requests, with risk mitigated by restricting management interface access to trusted IPs.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-0285 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-0285.json"
}
],
"title": "CVE-2026-0285"
},
{
"cve": "CVE-2026-0286",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"title": "CWE-78"
},
{
"category": "description",
"text": "A command injection vulnerability in Palo Alto Networks PAN-OS management plane allows authenticated administrators to execute arbitrary root OS commands on PA-Series, VM-Series firewalls, and Panorama devices.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-0286 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-0286.json"
}
],
"title": "CVE-2026-0286"
},
{
"cve": "CVE-2026-0287",
"cwe": {
"id": "CWE-754",
"name": "Improper Check for Unusual or Exceptional Conditions"
},
"notes": [
{
"category": "other",
"text": "Improper Check for Unusual or Exceptional Conditions",
"title": "CWE-754"
},
{
"category": "description",
"text": "Multiple denial of service vulnerabilities in Palo Alto Networks PAN-OS allow unauthenticated attackers with network access to cause a DoS condition and force the firewall into maintenance mode, with Panorama unaffected.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:C/RE:M/U:Amber",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-0287 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-0287.json"
}
],
"title": "CVE-2026-0287"
},
{
"cve": "CVE-2026-0288",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "description",
"text": "Multiple buffer overflow vulnerabilities in the User-ID Terminal Server Agent of Palo Alto Networks PAN-OS allow unauthenticated attackers to cause denial of service or execute arbitrary code, with Panorama unaffected and risk limited by internal IP restrictions.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:U/AU:N/R:U/V:D/RE:M/U:Red",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-0288 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-0288.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-0288"
}
]
}
CVE-2026-0279 (GCVE-0-2026-0279)
Vulnerability from cvelistv5 – Published: 2026-07-09 19:08 – Updated: 2026-07-09 19:23- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| URL | Tags |
|---|---|
| https://security.paloaltonetworks.com/CVE-2026-0279 | vendor-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Palo Alto Networks | Cloud NGFW |
Unaffected:
All
(custom)
|
|
| Palo Alto Networks | PAN-OS |
Affected:
12.1.0 , < 12.1.8
(custom)
Affected: 11.2.0 , < 11.2.13 (custom) Affected: 11.1.0 , < 11.1.16 (custom) Affected: 10.2.0 , < 10.2.18-h8 (custom) cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.12:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h17:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h16:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h15:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h14:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h13:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h12:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h11:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h10:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h8:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.15:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.14:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h37:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h36:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h31:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h30:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h27:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h26:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h23:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h21:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h18:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h17:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h14:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h13:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h12:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h11:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h10:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h9:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h8:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h6:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:* |
|
| Palo Alto Networks | Prisma Access |
Affected:
12.1.0 , < 12.1.8
(custom)
Affected: 11.2.0 (custom) Affected: 10.2.0 (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-0279",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-09T19:23:35.978278Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T19:23:42.200Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Cloud NGFW",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "unaffected",
"version": "All",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.12:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h17:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h16:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h15:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h14:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h13:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h12:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h11:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h8:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.15:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.14:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h37:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h36:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h31:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h30:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h27:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h26:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h23:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h21:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h18:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h17:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h14:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h13:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h12:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h11:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h9:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h8:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "PAN-OS",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "12.1.8",
"status": "unaffected"
}
],
"lessThan": "12.1.8",
"status": "affected",
"version": "12.1.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "11.2.13",
"status": "unaffected"
}
],
"lessThan": "11.2.13",
"status": "affected",
"version": "11.2.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "11.1.16",
"status": "unaffected"
}
],
"lessThan": "11.1.16",
"status": "affected",
"version": "11.1.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "10.2.18-h8",
"status": "unaffected"
},
{
"at": "10.2.16-h9",
"status": "unaffected"
},
{
"at": "10.2.13-h23",
"status": "unaffected"
},
{
"at": "10.2.10-h39",
"status": "unaffected"
},
{
"at": "10.2.7-h36",
"status": "unaffected"
}
],
"lessThan": "10.2.18-h8",
"status": "affected",
"version": "10.2.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "Prisma Access",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "12.1.8",
"status": "unaffected"
}
],
"lessThan": "12.1.8",
"status": "affected",
"version": "12.1.0",
"versionType": "custom"
},
{
"status": "affected",
"version": "11.2.0",
"versionType": "custom"
},
{
"status": "affected",
"version": "10.2.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "No special configuration is required to be affected by this issue."
}
],
"value": "No special configuration is required to be affected by this issue."
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "12.1.8",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.2.13",
"versionStartIncluding": "11.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.1.16",
"versionStartIncluding": "11.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:palo_alto_networks:prisma_access:*:*:*:*:*:*:*:*",
"versionEndExcluding": "12.1.8",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:prisma_access:*:*:*:*:*:*:*:*",
"versionStartIncluding": "11.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:prisma_access:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "our internal security research teams"
}
],
"datePublic": "2026-07-08T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Multiple cross site scripting vulnerabilities in the User-ID\u2122 Authentication Portal (aka Captive Portal) service, GlobalProtect\u2122 gateway/portal features and Clientless VPN of Palo Alto Networks PAN-OS\u00ae software enables a malicious unauthenticated user to store or execute malicious JavaScript payload.\u003cbr\u003e\u003cp\u003e\u003cspan\u003eThe security risk posed by this issue is minimized when the management interface and access to the User-ID\u2122 Authentication Portal is restricted to only trusted internal IP addresses according to our recommended\u003c/span\u003e \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"\u003e\u003cspan\u003ebest practice deployment guidelines\u003c/span\u003e\u003c/a\u003e\u003cspan\u003e.\u003cbr\u003e\u003cbr\u003e\u003c/span\u003e\u003cspan\u003eThis issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series).\u003c/span\u003e\u003cb\u003e\u003cspan\u003e\u003cbr\u003e\u003c/span\u003e\u003cspan\u003e\u003cbr\u003e\u003c/span\u003e\u003c/b\u003e\u003cspan\u003eCloud NGFW is not affected by this vulnerability.\u003c/span\u003e\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "Multiple cross site scripting vulnerabilities in the User-ID\u2122 Authentication Portal (aka Captive Portal) service, GlobalProtect\u2122 gateway/portal features and Clientless VPN of Palo Alto Networks PAN-OS\u00ae software enables a malicious unauthenticated user to store or execute malicious JavaScript payload.\n\n\nThe security risk posed by this issue is minimized when the management interface and access to the User-ID\u2122 Authentication Portal is restricted to only trusted internal IP addresses according to our recommended best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .\n\nThis issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series).\n\nCloud NGFW is not affected by this vulnerability."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Palo Alto Networks is not aware of any malicious exploitation of these issues."
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of these issues."
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63 Cross-Site Scripting (XSS)"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 1.3,
"baseSeverity": "LOW",
"exploitMaturity": "UNREPORTED",
"privilegesRequired": "NONE",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "The risk is highest when you allow access to the management interface from external IP addresses on the internet."
}
]
},
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 1.2,
"baseSeverity": "LOW",
"exploitMaturity": "UNREPORTED",
"privilegesRequired": "NONE",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "You can reduce the risk of exploitation by restricting access to a jump box that is the only system allowed to access the management interface."
}
]
},
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 0.4,
"baseSeverity": "LOW",
"exploitMaturity": "UNREPORTED",
"privilegesRequired": "LOW",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "The risk of exploitation is lower for Prisma Access as it requires an authenticated user and the external network access to the management interface is restricted."
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T19:08:41.656Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2026-0279"
}
],
"solutions": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ctable\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eVersion\u003cbr\u003e\u003c/th\u003e\u003cth\u003eMinor Version\u003cbr\u003e\u003c/th\u003e\u003cth\u003eSuggested Solution\u003cbr\u003e\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eCloud NGFW\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 12.1\u003c/td\u003e\u003ctd\u003e12.1.2 through 12.1.7-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 12.1.8\u0026nbsp; or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 11.2\u003c/td\u003e\u003ctd\u003e11.2.0 through 11.2.12\u003c/td\u003e\u003ctd\u003eUpgrade to 11.2.13 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 11.1\u003c/td\u003e\u003ctd\u003e11.1.0 through 11.1.15-h*\u003cbr\u003e\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.16\u0026nbsp; or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 10.2\u003c/td\u003e\u003ctd\u003e10.2.0 through 10.2*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.16, 11.2.13, 12.1.8 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eAll older\u003cbr\u003eunsupported\u003cbr\u003ePAN-OS versions\u003c/td\u003e\u003ctd\u003e\u0026nbsp;\u003c/td\u003e\u003ctd\u003eUpgrade to a supported fixed version.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u0026nbsp;Prisma Access 12.1\u003c/td\u003e\u003ctd\u003e12.1.2 through 12.1.7-h*\u003c/td\u003e\u003ctd\u003e\u0026nbsp;Upgrade to 12.1.8 or later.*\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePrisma Access 11.2\u003c/td\u003e\u003ctd\u003e11.2.0 through 11.2*\u003c/td\u003e\u003ctd\u003eUpgrade to 12.1.8 or later.*\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePrisma Access 10.2\u003c/td\u003e\u003ctd\u003e10.2.0 through 10.2*\u003c/td\u003e\u003ctd\u003eUpgrade to 12.1.8 or later.*\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cbr\u003e* See the note under Product Status for information regarding Prisma Access upgrades."
}
],
"value": "Version\nMinor Version\nSuggested Solution\nCloud NGFW\nNo action needed.PAN-OS 12.112.1.2 through 12.1.7-h*Upgrade to 12.1.8\u00a0 or later.PAN-OS 11.211.2.0 through 11.2.12Upgrade to 11.2.13 or later.PAN-OS 11.111.1.0 through 11.1.15-h*\nUpgrade to 11.1.16\u00a0 or later.PAN-OS 10.210.2.0 through 10.2*Upgrade to 11.1.16, 11.2.13, 12.1.8 or later.All older\nunsupported\nPAN-OS versions\u00a0Upgrade to a supported fixed version.\u00a0Prisma Access 12.112.1.2 through 12.1.7-h*\u00a0Upgrade to 12.1.8 or later.*Prisma Access 11.211.2.0 through 11.2*Upgrade to 12.1.8 or later.*Prisma Access 10.210.2.0 through 10.2*Upgrade to 12.1.8 or later.*\n* See the note under Product Status for information regarding Prisma Access upgrades."
}
],
"source": {
"discovery": "INTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2026-07-08T20:30:00.000Z",
"value": "Updated the Unaffected version for Prisma Access."
},
{
"lang": "en",
"time": "2026-07-08T16:00:00.000Z",
"value": "Initial publication"
}
],
"title": "PAN-OS: Multiple Cross-Site Scripting (XSS) Vulnerabilities",
"workarounds": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe vast majority of firewalls already follow Palo Alto Networks\u0027 and industry best practices. However, if you have not already, we strongly recommend that you secure access to your management interface according to our \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"\u003ebest practice deployment guidelines\u003c/a\u003e.\u0026nbsp;Specifically, you should restrict management interface access to only trusted internal IP addresses.\u003c/p\u003e\u003cp\u003eReview information about how to secure management access to your Palo Alto Networks firewalls:\u003c/p\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"\u003e\u003c/a\u003e\u003cul\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"\u003e\u003c/a\u003e\u003cli\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"\u003e\u003c/a\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"\u003ePalo Alto Networks LIVEcommunity article\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices\"\u003ePalo Alto Networks official and detailed technical documentation\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "The vast majority of firewalls already follow Palo Alto Networks\u0027 and industry best practices. However, if you have not already, we strongly recommend that you secure access to your management interface according to our best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .\u00a0Specifically, you should restrict management interface access to only trusted internal IP addresses.\n\n\n\nReview information about how to secure management access to your Palo Alto Networks firewalls:\n\n https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 * https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 Palo Alto Networks LIVEcommunity article https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 \n * Palo Alto Networks official and detailed technical documentation https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices"
}
],
"x_affectedList": [
"PAN-OS 12.1.7",
"PAN-OS 12.1.6",
"PAN-OS 12.1.5",
"PAN-OS 12.1.4-h6",
"PAN-OS 12.1.4-h5",
"PAN-OS 12.1.4-h3",
"PAN-OS 12.1.4-h2",
"PAN-OS 12.1.4",
"PAN-OS 12.1.3-h3",
"PAN-OS 12.1.3-h1",
"PAN-OS 12.1.3",
"PAN-OS 12.1.2",
"PAN-OS 11.2.12",
"PAN-OS 11.2.11",
"PAN-OS 11.2.10-h8",
"PAN-OS 11.2.10-h7",
"PAN-OS 11.2.10-h6",
"PAN-OS 11.2.10-h5",
"PAN-OS 11.2.10-h4",
"PAN-OS 11.2.10-h3",
"PAN-OS 11.2.10-h2",
"PAN-OS 11.2.10-h1",
"PAN-OS 11.2.10",
"PAN-OS 11.2.9",
"PAN-OS 11.2.8",
"PAN-OS 11.2.7-h15",
"PAN-OS 11.2.7-h14",
"PAN-OS 11.2.7-h13",
"PAN-OS 11.2.7-h12",
"PAN-OS 11.2.7-h11",
"PAN-OS 11.2.7-h10",
"PAN-OS 11.2.7-h8",
"PAN-OS 11.2.7-h7",
"PAN-OS 11.2.7-h4",
"PAN-OS 11.2.7-h3",
"PAN-OS 11.2.7-h2",
"PAN-OS 11.2.7-h1",
"PAN-OS 11.2.7",
"PAN-OS 11.2.6",
"PAN-OS 11.2.5",
"PAN-OS 11.2.4-h17",
"PAN-OS 11.2.4-h15",
"PAN-OS 11.2.4-h14",
"PAN-OS 11.2.4-h12",
"PAN-OS 11.2.4-h11",
"PAN-OS 11.2.4-h10",
"PAN-OS 11.2.4-h9",
"PAN-OS 11.2.4-h8",
"PAN-OS 11.2.4-h7",
"PAN-OS 11.2.4-h6",
"PAN-OS 11.2.4-h5",
"PAN-OS 11.2.4-h4",
"PAN-OS 11.2.4-h3",
"PAN-OS 11.2.4-h2",
"PAN-OS 11.2.4-h1",
"PAN-OS 11.2.4",
"PAN-OS 11.2.3-h5",
"PAN-OS 11.2.3-h4",
"PAN-OS 11.2.3-h3",
"PAN-OS 11.2.3-h2",
"PAN-OS 11.2.3-h1",
"PAN-OS 11.2.3",
"PAN-OS 11.2.2-h2",
"PAN-OS 11.2.2-h1",
"PAN-OS 11.2.1-h1",
"PAN-OS 11.2.1",
"PAN-OS 11.2.0-h1",
"PAN-OS 11.2.0",
"PAN-OS 11.1.15",
"PAN-OS 11.1.14",
"PAN-OS 11.1.13-h6",
"PAN-OS 11.1.13-h5",
"PAN-OS 11.1.13-h3",
"PAN-OS 11.1.13-h2",
"PAN-OS 11.1.13-h1",
"PAN-OS 11.1.13",
"PAN-OS 11.1.12",
"PAN-OS 11.1.11",
"PAN-OS 11.1.10-h26",
"PAN-OS 11.1.10-h25",
"PAN-OS 11.1.10-h21",
"PAN-OS 11.1.10-h12",
"PAN-OS 11.1.10-h10",
"PAN-OS 11.1.10-h9",
"PAN-OS 11.1.10-h7",
"PAN-OS 11.1.10-h5",
"PAN-OS 11.1.10-h4",
"PAN-OS 11.1.10-h1",
"PAN-OS 11.1.10",
"PAN-OS 11.1.9",
"PAN-OS 11.1.8",
"PAN-OS 11.1.6-h32",
"PAN-OS 11.1.6-h29",
"PAN-OS 11.1.6-h25",
"PAN-OS 11.1.6-h23",
"PAN-OS 11.1.6-h22",
"PAN-OS 11.1.6-h21",
"PAN-OS 11.1.6-h20",
"PAN-OS 11.1.6-h19",
"PAN-OS 11.1.6-h18",
"PAN-OS 11.1.6-h17",
"PAN-OS 11.1.6-h14",
"PAN-OS 11.1.6-h10",
"PAN-OS 11.1.6-h7",
"PAN-OS 11.1.6-h6",
"PAN-OS 11.1.6-h4",
"PAN-OS 11.1.6-h3",
"PAN-OS 11.1.6-h2",
"PAN-OS 11.1.6-h1",
"PAN-OS 11.1.6",
"PAN-OS 11.1.5-h1",
"PAN-OS 11.1.5",
"PAN-OS 11.1.4-h33",
"PAN-OS 11.1.4-h32",
"PAN-OS 11.1.4-h27",
"PAN-OS 11.1.4-h25",
"PAN-OS 11.1.4-h18",
"PAN-OS 11.1.4-h17",
"PAN-OS 11.1.4-h15",
"PAN-OS 11.1.4-h13",
"PAN-OS 11.1.4-h12",
"PAN-OS 11.1.4-h11",
"PAN-OS 11.1.4-h10",
"PAN-OS 11.1.4-h9",
"PAN-OS 11.1.4-h8",
"PAN-OS 11.1.4-h7",
"PAN-OS 11.1.4-h6",
"PAN-OS 11.1.4-h5",
"PAN-OS 11.1.4-h4",
"PAN-OS 11.1.4-h3",
"PAN-OS 11.1.4-h2",
"PAN-OS 11.1.4-h1",
"PAN-OS 11.1.4",
"PAN-OS 11.1.3-h13",
"PAN-OS 11.1.3-h12",
"PAN-OS 11.1.3-h11",
"PAN-OS 11.1.3-h10",
"PAN-OS 11.1.3-h9",
"PAN-OS 11.1.3-h8",
"PAN-OS 11.1.3-h7",
"PAN-OS 11.1.3-h6",
"PAN-OS 11.1.3-h5",
"PAN-OS 11.1.3-h4",
"PAN-OS 11.1.3-h3",
"PAN-OS 11.1.3-h2",
"PAN-OS 11.1.3-h1",
"PAN-OS 11.1.3",
"PAN-OS 11.1.2-h18",
"PAN-OS 11.1.2-h17",
"PAN-OS 11.1.2-h16",
"PAN-OS 11.1.2-h15",
"PAN-OS 11.1.2-h14",
"PAN-OS 11.1.2-h13",
"PAN-OS 11.1.2-h12",
"PAN-OS 11.1.2-h11",
"PAN-OS 11.1.2-h10",
"PAN-OS 11.1.2-h9",
"PAN-OS 11.1.2-h8",
"PAN-OS 11.1.2-h7",
"PAN-OS 11.1.2-h6",
"PAN-OS 11.1.2-h5",
"PAN-OS 11.1.2-h4",
"PAN-OS 11.1.2-h3",
"PAN-OS 11.1.2-h2",
"PAN-OS 11.1.2-h1",
"PAN-OS 11.1.2",
"PAN-OS 11.1.1-h2",
"PAN-OS 11.1.1-h1",
"PAN-OS 11.1.1",
"PAN-OS 11.1.0-h4",
"PAN-OS 11.1.0-h3",
"PAN-OS 11.1.0-h2",
"PAN-OS 11.1.0-h1",
"PAN-OS 11.1.0",
"PAN-OS 10.2.18-h6",
"PAN-OS 10.2.18-h5",
"PAN-OS 10.2.18-h1",
"PAN-OS 10.2.18",
"PAN-OS 10.2.17",
"PAN-OS 10.2.16-h7",
"PAN-OS 10.2.16-h6",
"PAN-OS 10.2.16-h4",
"PAN-OS 10.2.16-h1",
"PAN-OS 10.2.16",
"PAN-OS 10.2.15",
"PAN-OS 10.2.14-h1",
"PAN-OS 10.2.14",
"PAN-OS 10.2.13-h21",
"PAN-OS 10.2.13-h18",
"PAN-OS 10.2.13-h16",
"PAN-OS 10.2.13-h15",
"PAN-OS 10.2.13-h10",
"PAN-OS 10.2.13-h7",
"PAN-OS 10.2.13-h5",
"PAN-OS 10.2.13-h4",
"PAN-OS 10.2.13-h3",
"PAN-OS 10.2.13-h2",
"PAN-OS 10.2.13-h1",
"PAN-OS 10.2.13",
"PAN-OS 10.2.12-h6",
"PAN-OS 10.2.12-h5",
"PAN-OS 10.2.12-h4",
"PAN-OS 10.2.12-h3",
"PAN-OS 10.2.12-h2",
"PAN-OS 10.2.12-h1",
"PAN-OS 10.2.12",
"PAN-OS 10.2.11-h13",
"PAN-OS 10.2.11-h12",
"PAN-OS 10.2.11-h11",
"PAN-OS 10.2.11-h10",
"PAN-OS 10.2.11-h9",
"PAN-OS 10.2.11-h8",
"PAN-OS 10.2.11-h7",
"PAN-OS 10.2.11-h6",
"PAN-OS 10.2.11-h5",
"PAN-OS 10.2.11-h4",
"PAN-OS 10.2.11-h3",
"PAN-OS 10.2.11-h2",
"PAN-OS 10.2.11-h1",
"PAN-OS 10.2.11",
"PAN-OS 10.2.10-h36",
"PAN-OS 10.2.10-h31",
"PAN-OS 10.2.10-h30",
"PAN-OS 10.2.10-h27",
"PAN-OS 10.2.10-h26",
"PAN-OS 10.2.10-h23",
"PAN-OS 10.2.10-h21",
"PAN-OS 10.2.10-h18",
"PAN-OS 10.2.10-h17",
"PAN-OS 10.2.10-h14",
"PAN-OS 10.2.10-h13",
"PAN-OS 10.2.10-h12",
"PAN-OS 10.2.10-h11",
"PAN-OS 10.2.10-h10",
"PAN-OS 10.2.10-h9",
"PAN-OS 10.2.10-h8",
"PAN-OS 10.2.10-h7",
"PAN-OS 10.2.10-h6",
"PAN-OS 10.2.10-h5",
"PAN-OS 10.2.10-h4",
"PAN-OS 10.2.10-h3",
"PAN-OS 10.2.10-h2",
"PAN-OS 10.2.10-h1",
"PAN-OS 10.2.10",
"PAN-OS 10.2.9-h21",
"PAN-OS 10.2.9-h20",
"PAN-OS 10.2.9-h19",
"PAN-OS 10.2.9-h18",
"PAN-OS 10.2.9-h17",
"PAN-OS 10.2.9-h16",
"PAN-OS 10.2.9-h15",
"PAN-OS 10.2.9-h14",
"PAN-OS 10.2.9-h13",
"PAN-OS 10.2.9-h12",
"PAN-OS 10.2.9-h11",
"PAN-OS 10.2.9-h10",
"PAN-OS 10.2.9-h9",
"PAN-OS 10.2.9-h8",
"PAN-OS 10.2.9-h7",
"PAN-OS 10.2.9-h6",
"PAN-OS 10.2.9-h5",
"PAN-OS 10.2.9-h4",
"PAN-OS 10.2.9-h3",
"PAN-OS 10.2.9-h2",
"PAN-OS 10.2.9-h1",
"PAN-OS 10.2.9",
"PAN-OS 10.2.8-h21",
"PAN-OS 10.2.8-h20",
"PAN-OS 10.2.8-h19",
"PAN-OS 10.2.8-h18",
"PAN-OS 10.2.8-h17",
"PAN-OS 10.2.8-h16",
"PAN-OS 10.2.8-h15",
"PAN-OS 10.2.8-h14",
"PAN-OS 10.2.8-h13",
"PAN-OS 10.2.8-h12",
"PAN-OS 10.2.8-h11",
"PAN-OS 10.2.8-h10",
"PAN-OS 10.2.8-h9",
"PAN-OS 10.2.8-h8",
"PAN-OS 10.2.8-h7",
"PAN-OS 10.2.8-h6",
"PAN-OS 10.2.8-h5",
"PAN-OS 10.2.8-h4",
"PAN-OS 10.2.8-h3",
"PAN-OS 10.2.8-h2",
"PAN-OS 10.2.8-h1",
"PAN-OS 10.2.8",
"PAN-OS 10.2.7-h34",
"PAN-OS 10.2.7-h32",
"PAN-OS 10.2.7-h24",
"PAN-OS 10.2.7-h23",
"PAN-OS 10.2.7-h22",
"PAN-OS 10.2.7-h21",
"PAN-OS 10.2.7-h20",
"PAN-OS 10.2.7-h19",
"PAN-OS 10.2.7-h18",
"PAN-OS 10.2.7-h17",
"PAN-OS 10.2.7-h16",
"PAN-OS 10.2.7-h15",
"PAN-OS 10.2.7-h14",
"PAN-OS 10.2.7-h13",
"PAN-OS 10.2.7-h12",
"PAN-OS 10.2.7-h11",
"PAN-OS 10.2.7-h10",
"PAN-OS 10.2.7-h9",
"PAN-OS 10.2.7-h8",
"PAN-OS 10.2.7-h7",
"PAN-OS 10.2.7-h6",
"PAN-OS 10.2.7-h5",
"PAN-OS 10.2.7-h4",
"PAN-OS 10.2.7-h3",
"PAN-OS 10.2.7-h2",
"PAN-OS 10.2.7-h1",
"PAN-OS 10.2.7",
"PAN-OS 10.2.6-h6",
"PAN-OS 10.2.6-h5",
"PAN-OS 10.2.6-h4",
"PAN-OS 10.2.6-h3",
"PAN-OS 10.2.6-h2",
"PAN-OS 10.2.6-h1",
"PAN-OS 10.2.6",
"PAN-OS 10.2.5-h9",
"PAN-OS 10.2.5-h8",
"PAN-OS 10.2.5-h7",
"PAN-OS 10.2.5-h6",
"PAN-OS 10.2.5-h5",
"PAN-OS 10.2.5-h4",
"PAN-OS 10.2.5-h3",
"PAN-OS 10.2.5-h2",
"PAN-OS 10.2.5-h1",
"PAN-OS 10.2.5",
"PAN-OS 10.2.4-h32",
"PAN-OS 10.2.4-h31",
"PAN-OS 10.2.4-h30",
"PAN-OS 10.2.4-h29",
"PAN-OS 10.2.4-h28",
"PAN-OS 10.2.4-h27",
"PAN-OS 10.2.4-h26",
"PAN-OS 10.2.4-h25",
"PAN-OS 10.2.4-h24",
"PAN-OS 10.2.4-h23",
"PAN-OS 10.2.4-h22",
"PAN-OS 10.2.4-h21",
"PAN-OS 10.2.4-h20",
"PAN-OS 10.2.4-h19",
"PAN-OS 10.2.4-h18",
"PAN-OS 10.2.4-h17",
"PAN-OS 10.2.4-h16",
"PAN-OS 10.2.4-h15",
"PAN-OS 10.2.4-h14",
"PAN-OS 10.2.4-h13",
"PAN-OS 10.2.4-h12",
"PAN-OS 10.2.4-h11",
"PAN-OS 10.2.4-h10",
"PAN-OS 10.2.4-h9",
"PAN-OS 10.2.4-h8",
"PAN-OS 10.2.4-h7",
"PAN-OS 10.2.4-h6",
"PAN-OS 10.2.4-h5",
"PAN-OS 10.2.4-h4",
"PAN-OS 10.2.4-h3",
"PAN-OS 10.2.4-h2",
"PAN-OS 10.2.4-h1",
"PAN-OS 10.2.4",
"PAN-OS 10.2.3-h14",
"PAN-OS 10.2.3-h13",
"PAN-OS 10.2.3-h12",
"PAN-OS 10.2.3-h11",
"PAN-OS 10.2.3-h10",
"PAN-OS 10.2.3-h9",
"PAN-OS 10.2.3-h8",
"PAN-OS 10.2.3-h7",
"PAN-OS 10.2.3-h6",
"PAN-OS 10.2.3-h5",
"PAN-OS 10.2.3-h4",
"PAN-OS 10.2.3-h3",
"PAN-OS 10.2.3-h2",
"PAN-OS 10.2.3-h1",
"PAN-OS 10.2.3",
"PAN-OS 10.2.2-h6",
"PAN-OS 10.2.2-h5",
"PAN-OS 10.2.2-h4",
"PAN-OS 10.2.2-h3",
"PAN-OS 10.2.2-h2",
"PAN-OS 10.2.2-h1",
"PAN-OS 10.2.2",
"PAN-OS 10.2.1-h3",
"PAN-OS 10.2.1-h2",
"PAN-OS 10.2.1-h1",
"PAN-OS 10.2.1",
"PAN-OS 10.2.0-h4",
"PAN-OS 10.2.0-h3",
"PAN-OS 10.2.0-h2",
"PAN-OS 10.2.0-h1",
"PAN-OS 10.2.0"
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2026-0279",
"datePublished": "2026-07-09T19:08:41.656Z",
"dateReserved": "2025-11-03T20:44:38.280Z",
"dateUpdated": "2026-07-09T19:23:42.200Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-0280 (GCVE-0-2026-0280)
Vulnerability from cvelistv5 – Published: 2026-07-09 19:05 – Updated: 2026-07-09 19:23- CWE-131 - Incorrect Calculation of Buffer Size
| URL | Tags |
|---|---|
| https://security.paloaltonetworks.com/CVE-2026-0280 | vendor-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Palo Alto Networks | Cloud NGFW |
Unaffected:
All
(custom)
|
|
| Palo Alto Networks | PAN-OS |
Affected:
12.1.0 , < 12.1.8
(custom)
Affected: 11.2.0 , < 11.2.13 (custom) Affected: 11.1.0 , < 11.1.16 (custom) Affected: 10.2.0 , < 10.2.18-h8 (custom) cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h6:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.12:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h8:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h6:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h15:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h14:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h13:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h12:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h11:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h10:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h8:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h17:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h15:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h14:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h12:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h11:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h10:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h9:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h8:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h6:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.15:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.14:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h6:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h26:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h25:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h21:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h12:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h10:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h9:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h32:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h29:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h25:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h23:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h22:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h21:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h20:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h19:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h18:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h17:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h14:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h10:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h6:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h33:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h32:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h27:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h25:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h18:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h17:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h15:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h13:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h12:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h11:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h10:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h9:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h8:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h6:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h6:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h6:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h21:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h18:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h16:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h15:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h10:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h36:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h31:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h30:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h27:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h26:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h23:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h21:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h18:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h17:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h14:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h13:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h12:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h11:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h10:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h9:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h8:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h6:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h34:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h32:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h24:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h23:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h22:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h21:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h20:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h19:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h18:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h17:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h16:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h15:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h14:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h13:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h12:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h11:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h10:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h9:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h8:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h6:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:* |
|
| Palo Alto Networks | Panorama |
Unaffected:
All
(custom)
|
|
| Palo Alto Networks | Prisma Access |
Affected:
11.2.0 , < 11.2.7-h18
(custom)
Affected: 10.2.0 , < 10.2.10-h39 (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-0280",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-09T19:23:50.545835Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T19:23:56.125Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Cloud NGFW",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "unaffected",
"version": "All",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.12:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h8:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h15:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h14:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h13:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h12:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h11:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h8:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h17:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h15:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h14:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h12:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h11:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h9:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h8:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.15:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.14:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h26:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h25:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h21:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h12:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h9:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h32:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h29:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h25:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h23:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h22:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h21:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h20:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h19:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h18:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h17:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h14:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h33:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h32:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h27:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h25:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h18:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h17:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h15:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h13:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h12:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h11:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h9:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h8:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h21:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h18:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h16:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h15:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h36:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h31:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h30:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h27:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h26:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h23:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h21:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h18:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h17:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h14:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h13:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h12:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h11:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h9:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h8:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h34:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h32:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h24:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h23:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h22:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h21:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h20:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h19:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h18:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h17:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h16:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h15:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h14:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h13:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h12:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h11:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h9:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h8:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "PAN-OS",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "12.1.8",
"status": "unaffected"
},
{
"at": "12.1.7-h2",
"status": "unaffected"
},
{
"at": "12.1.4-h8",
"status": "unaffected"
}
],
"lessThan": "12.1.8",
"status": "affected",
"version": "12.1.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "11.2.13",
"status": "unaffected"
},
{
"at": "11.2.10-h11",
"status": "unaffected"
},
{
"at": "11.2.7-h18",
"status": "unaffected"
},
{
"at": "11.2.4-h20",
"status": "unaffected"
}
],
"lessThan": "11.2.13",
"status": "affected",
"version": "11.2.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "11.1.16",
"status": "unaffected"
},
{
"at": "11.1.13-h9",
"status": "unaffected"
},
{
"at": "11.1.10-h30",
"status": "unaffected"
},
{
"at": "11.1.7-h8",
"status": "unaffected"
},
{
"at": "11.1.6-h35",
"status": "unaffected"
},
{
"at": "11.1.4-h35",
"status": "unaffected"
}
],
"lessThan": "11.1.16",
"status": "affected",
"version": "11.1.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "10.2.18-h8",
"status": "unaffected"
},
{
"at": "10.2.16-h9",
"status": "unaffected"
},
{
"at": "10.2.13-h23",
"status": "unaffected"
},
{
"at": "10.2.10-h39",
"status": "unaffected"
},
{
"at": "10.2.7-h36",
"status": "unaffected"
}
],
"lessThan": "10.2.18-h8",
"status": "affected",
"version": "10.2.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Panorama",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "unaffected",
"version": "All",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Prisma Access",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "11.2.7-h18",
"status": "unaffected"
}
],
"lessThan": "11.2.7-h18",
"status": "affected",
"version": "11.2.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "10.2.10-h39",
"status": "unaffected"
}
],
"lessThan": "10.2.10-h39",
"status": "affected",
"version": "10.2.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue applies to PAN-OS firewalls with IPv6 enabled on one or more interfaces.\u003cbr\u003e\u003cbr\u003eYou can verify IPv6 is enabled by checking:\u003cbr\u003e\u2003Network -\u0026gt; Interfaces -\u0026gt; [Interface with Layer3 type] -\u0026gt; IPv6 \u0026gt; Enable IPv6 on the interface"
}
],
"value": "This issue applies to PAN-OS firewalls with IPv6 enabled on one or more interfaces.\n\nYou can verify IPv6 is enabled by checking:\n\u2003Network -\u003e Interfaces -\u003e [Interface with Layer3 type] -\u003e IPv6 \u003e Enable IPv6 on the interface"
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "12.1.8",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "12.1.7-h2",
"versionStartIncluding": "12.1.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "12.1.4-h8",
"versionStartIncluding": "12.1.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.2.13",
"versionStartIncluding": "11.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.2.10-h11",
"versionStartIncluding": "11.2.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.2.7-h18",
"versionStartIncluding": "11.2.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.2.4-h20",
"versionStartIncluding": "11.2.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.1.16",
"versionStartIncluding": "11.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.1.13-h9",
"versionStartIncluding": "11.1.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.1.10-h30",
"versionStartIncluding": "11.1.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.1.7-h8",
"versionStartIncluding": "11.1.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.1.6-h35",
"versionStartIncluding": "11.1.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.1.4-h35",
"versionStartIncluding": "11.1.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.2.18-h8",
"versionStartIncluding": "10.2.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.2.16-h9",
"versionStartIncluding": "10.2.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.2.13-h23",
"versionStartIncluding": "10.2.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.2.10-h39",
"versionStartIncluding": "10.2.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.2.7-h36",
"versionStartIncluding": "10.2.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:palo_alto_networks:prisma_access:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.2.7-h18",
"versionStartIncluding": "11.2.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:prisma_access:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.2.10-h39",
"versionStartIncluding": "10.2.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Curious of TRAPA Security"
}
],
"datePublic": "2026-07-08T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An IPv6 packet processing vulnerability in the dataplane of Palo Alto Networks PAN-OS\u00ae software enables an unauthenticated attacker to bypass firewall security policy enforcement, allowing network traffic that should be blocked to reach protected services.\u003cbr\u003e\u003cbr\u003eCloud NGFW and Panorama are not impacted by this vulnerability."
}
],
"value": "An IPv6 packet processing vulnerability in the dataplane of Palo Alto Networks PAN-OS\u00ae software enables an unauthenticated attacker to bypass firewall security policy enforcement, allowing network traffic that should be blocked to reach protected services.\n\nCloud NGFW and Panorama are not impacted by this vulnerability."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"impacts": [
{
"capecId": "CAPEC-153",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-153 Input Data Manipulation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 1.7,
"baseSeverity": "LOW",
"exploitMaturity": "UNREPORTED",
"privilegesRequired": "NONE",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/AU:Y/V:D/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-131",
"description": "CWE-131 Incorrect Calculation of Buffer Size",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T19:05:24.367Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2026-0280"
}
],
"solutions": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ctable\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eVersion\u003cbr\u003e\u003c/th\u003e\u003cth\u003eMinor Version\u003cbr\u003e\u003c/th\u003e\u003cth\u003eSuggested Solution\u003cbr\u003e\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eCloud NGFW\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003ePAN-OS 12.1\u003cbr\u003e\u003c/td\u003e\n \u003ctd\u003e12.1.5 through 12.1.7\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n \u003ctd\u003eUpgrade to 12.1.7-h2 or 12.1.8 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd\u003e12.1.2 through 12.1.4\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n \u003ctd\u003eUpgrade to 12.1.4-h8 or 12.1.8 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003ePAN-OS 11.2\u003cbr\u003e\u003c/td\u003e\n \u003ctd\u003e11.2.11 through 11.2.12\u003c/td\u003e\n \u003ctd\u003eUpgrade to 11.2.13 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd\u003e11.2.8 through 11.2.10\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n \u003ctd\u003eUpgrade to 11.2.10-h11 or 11.2.13 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd\u003e11.2.5 through 11.2.7\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n \u003ctd\u003eUpgrade to 11.2.7-h18 or 11.2.13 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd\u003e11.2.0 through 11.2.4\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n \u003ctd\u003eUpgrade to 11.2.4-h20 or 11.2.13 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003ePAN-OS 11.1\u003cbr\u003e\u003c/td\u003e\n \u003ctd\u003e11.1.14 through 11.1.15\u003c/td\u003e\n \u003ctd\u003eUpgrade to 11.1.16 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd\u003e11.1.11 through 11.1.13\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n \u003ctd\u003eUpgrade to 11.1.13-h9 or 11.1.16 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd\u003e11.1.8 through 11.1.10\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n \u003ctd\u003eUpgrade to 11.1.10-h30 or 11.1.16 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd\u003e11.1.7 through 11.1.7\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n \u003ctd\u003eUpgrade to 11.1.7-h8 or 11.1.16 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd\u003e11.1.5 through 11.1.6\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n \u003ctd\u003eUpgrade to 11.1.6-h35 or 11.1.16 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd\u003e11.1.0 through 11.1.4\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n \u003ctd\u003eUpgrade to 11.1.4-h35 or 11.1.16 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003ePAN-OS 10.2\u003cbr\u003e\u003c/td\u003e\n \u003ctd\u003e10.2.17 through 10.2.18\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n \u003ctd\u003eUpgrade to 10.2.18-h8 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd\u003e10.2.14 through 10.2.16\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n \u003ctd\u003eUpgrade to 10.2.16-h9 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd\u003e10.2.11 through 10.2.13\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n \u003ctd\u003eUpgrade to 10.2.13-h23 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd\u003e10.2.8 through 10.2.10\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n \u003ctd\u003eUpgrade to 10.2.10-h39 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd\u003e10.2.0 through 10.2.7\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n \u003ctd\u003eUpgrade to 10.2.7-h36 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eAll older\u003cbr\u003eunsupported\u003cbr\u003ePAN-OS versions\u003c/td\u003e\u003ctd\u003e\u0026nbsp;\u003c/td\u003e\u003ctd\u003eUpgrade to a supported fixed version.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePrisma Access 11.2\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.2.0 through 11.2.7\u003c/td\u003e\u003ctd\u003eUpgrade to 11.2.7-h18 or later.*\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePrisma Access 10.2\u003c/td\u003e\u003ctd\u003e10.2.0 through 10.2.10\u003c/td\u003e\u003ctd\u003eUpgrade to 10.2.10-h39 or later.*\u003cbr\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cbr\u003e* See the note under Product Status for information regarding Prisma Access upgrades."
}
],
"value": "Version\nMinor Version\nSuggested Solution\nCloud NGFW\nNo action needed.\n PAN-OS 12.1\n\n 12.1.5 through 12.1.7-h*\n Upgrade to 12.1.7-h2 or 12.1.8 or later.\n \n \n 12.1.2 through 12.1.4-h*\n Upgrade to 12.1.4-h8 or 12.1.8 or later.\n \n PAN-OS 11.2\n\n 11.2.11 through 11.2.12\n Upgrade to 11.2.13 or later.\n \n \n 11.2.8 through 11.2.10-h*\n Upgrade to 11.2.10-h11 or 11.2.13 or later.\n \n \n 11.2.5 through 11.2.7-h*\n Upgrade to 11.2.7-h18 or 11.2.13 or later.\n \n \n 11.2.0 through 11.2.4-h*\n Upgrade to 11.2.4-h20 or 11.2.13 or later.\n \n PAN-OS 11.1\n\n 11.1.14 through 11.1.15\n Upgrade to 11.1.16 or later.\n \n \n 11.1.11 through 11.1.13-h*\n Upgrade to 11.1.13-h9 or 11.1.16 or later.\n \n \n 11.1.8 through 11.1.10-h*\n Upgrade to 11.1.10-h30 or 11.1.16 or later.\n \n \n 11.1.7 through 11.1.7-h*\n Upgrade to 11.1.7-h8 or 11.1.16 or later.\n \n \n 11.1.5 through 11.1.6-h*\n Upgrade to 11.1.6-h35 or 11.1.16 or later.\n \n \n 11.1.0 through 11.1.4-h*\n Upgrade to 11.1.4-h35 or 11.1.16 or later.\n \n PAN-OS 10.2\n\n 10.2.17 through 10.2.18-h*\n Upgrade to 10.2.18-h8 or later.\n \n \n 10.2.14 through 10.2.16-h*\n Upgrade to 10.2.16-h9 or later.\n \n \n 10.2.11 through 10.2.13-h*\n Upgrade to 10.2.13-h23 or later.\n \n \n 10.2.8 through 10.2.10-h*\n Upgrade to 10.2.10-h39 or later.\n \n \n 10.2.0 through 10.2.7-h*\n Upgrade to 10.2.7-h36 or later.\n All older\nunsupported\nPAN-OS versions\u00a0Upgrade to a supported fixed version.Prisma Access 11.2\n11.2.0 through 11.2.7Upgrade to 11.2.7-h18 or later.*Prisma Access 10.210.2.0 through 10.2.10Upgrade to 10.2.10-h39 or later.*\n\n* See the note under Product Status for information regarding Prisma Access upgrades."
}
],
"source": {
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2026-07-08T16:00:00.000Z",
"value": "Initial Publication"
}
],
"title": "PAN-OS: IPv6 Firewall Policy Bypass",
"workarounds": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe only way to completely address this vulnerability is to upgrade to a fixed version. However, if operationally feasible for your environment, risk can be mitigated by enabling the default \"Non SYN TCP Reject\" setting via the following command:\u2003\u003c/p\u003e\u2003set deviceconfig setting session tcp-reject-non-syn yes"
}
],
"value": "The only way to completely address this vulnerability is to upgrade to a fixed version. However, if operationally feasible for your environment, risk can be mitigated by enabling the default \"Non SYN TCP Reject\" setting via the following command:\u2003\n\n\u2003set deviceconfig setting session tcp-reject-non-syn yes"
}
],
"x_affectedList": [
"PAN-OS 12.1.7",
"PAN-OS 12.1.6",
"PAN-OS 12.1.5",
"PAN-OS 12.1.4-h6",
"PAN-OS 12.1.4-h5",
"PAN-OS 12.1.4-h3",
"PAN-OS 12.1.4-h2",
"PAN-OS 12.1.4",
"PAN-OS 12.1.3-h3",
"PAN-OS 12.1.3-h1",
"PAN-OS 12.1.3",
"PAN-OS 12.1.2",
"PAN-OS 11.2.12",
"PAN-OS 11.2.11",
"PAN-OS 11.2.10-h8",
"PAN-OS 11.2.10-h7",
"PAN-OS 11.2.10-h6",
"PAN-OS 11.2.10-h5",
"PAN-OS 11.2.10-h4",
"PAN-OS 11.2.10-h3",
"PAN-OS 11.2.10-h2",
"PAN-OS 11.2.10-h1",
"PAN-OS 11.2.10",
"PAN-OS 11.2.9",
"PAN-OS 11.2.8",
"PAN-OS 11.2.7-h15",
"PAN-OS 11.2.7-h14",
"PAN-OS 11.2.7-h13",
"PAN-OS 11.2.7-h12",
"PAN-OS 11.2.7-h11",
"PAN-OS 11.2.7-h10",
"PAN-OS 11.2.7-h8",
"PAN-OS 11.2.7-h7",
"PAN-OS 11.2.7-h4",
"PAN-OS 11.2.7-h3",
"PAN-OS 11.2.7-h2",
"PAN-OS 11.2.7-h1",
"PAN-OS 11.2.7",
"PAN-OS 11.2.6",
"PAN-OS 11.2.5",
"PAN-OS 11.2.4-h17",
"PAN-OS 11.2.4-h15",
"PAN-OS 11.2.4-h14",
"PAN-OS 11.2.4-h12",
"PAN-OS 11.2.4-h11",
"PAN-OS 11.2.4-h10",
"PAN-OS 11.2.4-h9",
"PAN-OS 11.2.4-h8",
"PAN-OS 11.2.4-h7",
"PAN-OS 11.2.4-h6",
"PAN-OS 11.2.4-h5",
"PAN-OS 11.2.4-h4",
"PAN-OS 11.2.4-h3",
"PAN-OS 11.2.4-h2",
"PAN-OS 11.2.4-h1",
"PAN-OS 11.2.4",
"PAN-OS 11.2.3-h5",
"PAN-OS 11.2.3-h4",
"PAN-OS 11.2.3-h3",
"PAN-OS 11.2.3-h2",
"PAN-OS 11.2.3-h1",
"PAN-OS 11.2.3",
"PAN-OS 11.2.2-h2",
"PAN-OS 11.2.2-h1",
"PAN-OS 11.2.1-h1",
"PAN-OS 11.2.1",
"PAN-OS 11.2.0-h1",
"PAN-OS 11.2.0",
"PAN-OS 11.1.15",
"PAN-OS 11.1.14",
"PAN-OS 11.1.13-h6",
"PAN-OS 11.1.13-h5",
"PAN-OS 11.1.13-h3",
"PAN-OS 11.1.13-h2",
"PAN-OS 11.1.13-h1",
"PAN-OS 11.1.13",
"PAN-OS 11.1.12",
"PAN-OS 11.1.11",
"PAN-OS 11.1.10-h26",
"PAN-OS 11.1.10-h25",
"PAN-OS 11.1.10-h21",
"PAN-OS 11.1.10-h12",
"PAN-OS 11.1.10-h10",
"PAN-OS 11.1.10-h9",
"PAN-OS 11.1.10-h7",
"PAN-OS 11.1.10-h5",
"PAN-OS 11.1.10-h4",
"PAN-OS 11.1.10-h1",
"PAN-OS 11.1.10",
"PAN-OS 11.1.9",
"PAN-OS 11.1.8",
"PAN-OS 11.1.6-h32",
"PAN-OS 11.1.6-h29",
"PAN-OS 11.1.6-h25",
"PAN-OS 11.1.6-h23",
"PAN-OS 11.1.6-h22",
"PAN-OS 11.1.6-h21",
"PAN-OS 11.1.6-h20",
"PAN-OS 11.1.6-h19",
"PAN-OS 11.1.6-h18",
"PAN-OS 11.1.6-h17",
"PAN-OS 11.1.6-h14",
"PAN-OS 11.1.6-h10",
"PAN-OS 11.1.6-h7",
"PAN-OS 11.1.6-h6",
"PAN-OS 11.1.6-h4",
"PAN-OS 11.1.6-h3",
"PAN-OS 11.1.6-h2",
"PAN-OS 11.1.6-h1",
"PAN-OS 11.1.6",
"PAN-OS 11.1.5-h1",
"PAN-OS 11.1.5",
"PAN-OS 11.1.4-h33",
"PAN-OS 11.1.4-h32",
"PAN-OS 11.1.4-h27",
"PAN-OS 11.1.4-h25",
"PAN-OS 11.1.4-h18",
"PAN-OS 11.1.4-h17",
"PAN-OS 11.1.4-h15",
"PAN-OS 11.1.4-h13",
"PAN-OS 11.1.4-h12",
"PAN-OS 11.1.4-h11",
"PAN-OS 11.1.4-h10",
"PAN-OS 11.1.4-h9",
"PAN-OS 11.1.4-h8",
"PAN-OS 11.1.4-h7",
"PAN-OS 11.1.4-h6",
"PAN-OS 11.1.4-h5",
"PAN-OS 11.1.4-h4",
"PAN-OS 11.1.4-h3",
"PAN-OS 11.1.4-h2",
"PAN-OS 11.1.4-h1",
"PAN-OS 11.1.4",
"PAN-OS 11.1.3-h13",
"PAN-OS 11.1.3-h12",
"PAN-OS 11.1.3-h11",
"PAN-OS 11.1.3-h10",
"PAN-OS 11.1.3-h9",
"PAN-OS 11.1.3-h8",
"PAN-OS 11.1.3-h7",
"PAN-OS 11.1.3-h6",
"PAN-OS 11.1.3-h5",
"PAN-OS 11.1.3-h4",
"PAN-OS 11.1.3-h3",
"PAN-OS 11.1.3-h2",
"PAN-OS 11.1.3-h1",
"PAN-OS 11.1.3",
"PAN-OS 11.1.2-h18",
"PAN-OS 11.1.2-h17",
"PAN-OS 11.1.2-h16",
"PAN-OS 11.1.2-h15",
"PAN-OS 11.1.2-h14",
"PAN-OS 11.1.2-h13",
"PAN-OS 11.1.2-h12",
"PAN-OS 11.1.2-h11",
"PAN-OS 11.1.2-h10",
"PAN-OS 11.1.2-h9",
"PAN-OS 11.1.2-h8",
"PAN-OS 11.1.2-h7",
"PAN-OS 11.1.2-h6",
"PAN-OS 11.1.2-h5",
"PAN-OS 11.1.2-h4",
"PAN-OS 11.1.2-h3",
"PAN-OS 11.1.2-h2",
"PAN-OS 11.1.2-h1",
"PAN-OS 11.1.2",
"PAN-OS 11.1.1-h2",
"PAN-OS 11.1.1-h1",
"PAN-OS 11.1.1",
"PAN-OS 11.1.0-h4",
"PAN-OS 11.1.0-h3",
"PAN-OS 11.1.0-h2",
"PAN-OS 11.1.0-h1",
"PAN-OS 11.1.0",
"PAN-OS 10.2.18-h6",
"PAN-OS 10.2.18-h5",
"PAN-OS 10.2.18-h1",
"PAN-OS 10.2.18",
"PAN-OS 10.2.17",
"PAN-OS 10.2.16-h7",
"PAN-OS 10.2.16-h6",
"PAN-OS 10.2.16-h4",
"PAN-OS 10.2.16-h1",
"PAN-OS 10.2.16",
"PAN-OS 10.2.15",
"PAN-OS 10.2.14-h1",
"PAN-OS 10.2.14",
"PAN-OS 10.2.13-h21",
"PAN-OS 10.2.13-h18",
"PAN-OS 10.2.13-h16",
"PAN-OS 10.2.13-h15",
"PAN-OS 10.2.13-h10",
"PAN-OS 10.2.13-h7",
"PAN-OS 10.2.13-h5",
"PAN-OS 10.2.13-h4",
"PAN-OS 10.2.13-h3",
"PAN-OS 10.2.13-h2",
"PAN-OS 10.2.13-h1",
"PAN-OS 10.2.13",
"PAN-OS 10.2.12-h6",
"PAN-OS 10.2.12-h5",
"PAN-OS 10.2.12-h4",
"PAN-OS 10.2.12-h3",
"PAN-OS 10.2.12-h2",
"PAN-OS 10.2.12-h1",
"PAN-OS 10.2.12",
"PAN-OS 10.2.11-h13",
"PAN-OS 10.2.11-h12",
"PAN-OS 10.2.11-h11",
"PAN-OS 10.2.11-h10",
"PAN-OS 10.2.11-h9",
"PAN-OS 10.2.11-h8",
"PAN-OS 10.2.11-h7",
"PAN-OS 10.2.11-h6",
"PAN-OS 10.2.11-h5",
"PAN-OS 10.2.11-h4",
"PAN-OS 10.2.11-h3",
"PAN-OS 10.2.11-h2",
"PAN-OS 10.2.11-h1",
"PAN-OS 10.2.11",
"PAN-OS 10.2.10-h36",
"PAN-OS 10.2.10-h31",
"PAN-OS 10.2.10-h30",
"PAN-OS 10.2.10-h27",
"PAN-OS 10.2.10-h26",
"PAN-OS 10.2.10-h23",
"PAN-OS 10.2.10-h21",
"PAN-OS 10.2.10-h18",
"PAN-OS 10.2.10-h17",
"PAN-OS 10.2.10-h14",
"PAN-OS 10.2.10-h13",
"PAN-OS 10.2.10-h12",
"PAN-OS 10.2.10-h11",
"PAN-OS 10.2.10-h10",
"PAN-OS 10.2.10-h9",
"PAN-OS 10.2.10-h8",
"PAN-OS 10.2.10-h7",
"PAN-OS 10.2.10-h6",
"PAN-OS 10.2.10-h5",
"PAN-OS 10.2.10-h4",
"PAN-OS 10.2.10-h3",
"PAN-OS 10.2.10-h2",
"PAN-OS 10.2.10-h1",
"PAN-OS 10.2.10",
"PAN-OS 10.2.9-h21",
"PAN-OS 10.2.9-h20",
"PAN-OS 10.2.9-h19",
"PAN-OS 10.2.9-h18",
"PAN-OS 10.2.9-h17",
"PAN-OS 10.2.9-h16",
"PAN-OS 10.2.9-h15",
"PAN-OS 10.2.9-h14",
"PAN-OS 10.2.9-h13",
"PAN-OS 10.2.9-h12",
"PAN-OS 10.2.9-h11",
"PAN-OS 10.2.9-h10",
"PAN-OS 10.2.9-h9",
"PAN-OS 10.2.9-h8",
"PAN-OS 10.2.9-h7",
"PAN-OS 10.2.9-h6",
"PAN-OS 10.2.9-h5",
"PAN-OS 10.2.9-h4",
"PAN-OS 10.2.9-h3",
"PAN-OS 10.2.9-h2",
"PAN-OS 10.2.9-h1",
"PAN-OS 10.2.9",
"PAN-OS 10.2.8-h21",
"PAN-OS 10.2.8-h20",
"PAN-OS 10.2.8-h19",
"PAN-OS 10.2.8-h18",
"PAN-OS 10.2.8-h17",
"PAN-OS 10.2.8-h16",
"PAN-OS 10.2.8-h15",
"PAN-OS 10.2.8-h14",
"PAN-OS 10.2.8-h13",
"PAN-OS 10.2.8-h12",
"PAN-OS 10.2.8-h11",
"PAN-OS 10.2.8-h10",
"PAN-OS 10.2.8-h9",
"PAN-OS 10.2.8-h8",
"PAN-OS 10.2.8-h7",
"PAN-OS 10.2.8-h6",
"PAN-OS 10.2.8-h5",
"PAN-OS 10.2.8-h4",
"PAN-OS 10.2.8-h3",
"PAN-OS 10.2.8-h2",
"PAN-OS 10.2.8-h1",
"PAN-OS 10.2.8",
"PAN-OS 10.2.7-h34",
"PAN-OS 10.2.7-h32",
"PAN-OS 10.2.7-h24",
"PAN-OS 10.2.7-h23",
"PAN-OS 10.2.7-h22",
"PAN-OS 10.2.7-h21",
"PAN-OS 10.2.7-h20",
"PAN-OS 10.2.7-h19",
"PAN-OS 10.2.7-h18",
"PAN-OS 10.2.7-h17",
"PAN-OS 10.2.7-h16",
"PAN-OS 10.2.7-h15",
"PAN-OS 10.2.7-h14",
"PAN-OS 10.2.7-h13",
"PAN-OS 10.2.7-h12",
"PAN-OS 10.2.7-h11",
"PAN-OS 10.2.7-h10",
"PAN-OS 10.2.7-h9",
"PAN-OS 10.2.7-h8",
"PAN-OS 10.2.7-h7",
"PAN-OS 10.2.7-h6",
"PAN-OS 10.2.7-h5",
"PAN-OS 10.2.7-h4",
"PAN-OS 10.2.7-h3",
"PAN-OS 10.2.7-h2",
"PAN-OS 10.2.7-h1",
"PAN-OS 10.2.7",
"PAN-OS 10.2.6-h6",
"PAN-OS 10.2.6-h5",
"PAN-OS 10.2.6-h4",
"PAN-OS 10.2.6-h3",
"PAN-OS 10.2.6-h2",
"PAN-OS 10.2.6-h1",
"PAN-OS 10.2.6",
"PAN-OS 10.2.5-h9",
"PAN-OS 10.2.5-h8",
"PAN-OS 10.2.5-h7",
"PAN-OS 10.2.5-h6",
"PAN-OS 10.2.5-h5",
"PAN-OS 10.2.5-h4",
"PAN-OS 10.2.5-h3",
"PAN-OS 10.2.5-h2",
"PAN-OS 10.2.5-h1",
"PAN-OS 10.2.5",
"PAN-OS 10.2.4-h32",
"PAN-OS 10.2.4-h31",
"PAN-OS 10.2.4-h30",
"PAN-OS 10.2.4-h29",
"PAN-OS 10.2.4-h28",
"PAN-OS 10.2.4-h27",
"PAN-OS 10.2.4-h26",
"PAN-OS 10.2.4-h25",
"PAN-OS 10.2.4-h24",
"PAN-OS 10.2.4-h23",
"PAN-OS 10.2.4-h22",
"PAN-OS 10.2.4-h21",
"PAN-OS 10.2.4-h20",
"PAN-OS 10.2.4-h19",
"PAN-OS 10.2.4-h18",
"PAN-OS 10.2.4-h17",
"PAN-OS 10.2.4-h16",
"PAN-OS 10.2.4-h15",
"PAN-OS 10.2.4-h14",
"PAN-OS 10.2.4-h13",
"PAN-OS 10.2.4-h12",
"PAN-OS 10.2.4-h11",
"PAN-OS 10.2.4-h10",
"PAN-OS 10.2.4-h9",
"PAN-OS 10.2.4-h8",
"PAN-OS 10.2.4-h7",
"PAN-OS 10.2.4-h6",
"PAN-OS 10.2.4-h5",
"PAN-OS 10.2.4-h4",
"PAN-OS 10.2.4-h3",
"PAN-OS 10.2.4-h2",
"PAN-OS 10.2.4-h1",
"PAN-OS 10.2.4",
"PAN-OS 10.2.3-h14",
"PAN-OS 10.2.3-h13",
"PAN-OS 10.2.3-h12",
"PAN-OS 10.2.3-h11",
"PAN-OS 10.2.3-h10",
"PAN-OS 10.2.3-h9",
"PAN-OS 10.2.3-h8",
"PAN-OS 10.2.3-h7",
"PAN-OS 10.2.3-h6",
"PAN-OS 10.2.3-h5",
"PAN-OS 10.2.3-h4",
"PAN-OS 10.2.3-h3",
"PAN-OS 10.2.3-h2",
"PAN-OS 10.2.3-h1",
"PAN-OS 10.2.3",
"PAN-OS 10.2.2-h6",
"PAN-OS 10.2.2-h5",
"PAN-OS 10.2.2-h4",
"PAN-OS 10.2.2-h3",
"PAN-OS 10.2.2-h2",
"PAN-OS 10.2.2-h1",
"PAN-OS 10.2.2",
"PAN-OS 10.2.1-h3",
"PAN-OS 10.2.1-h2",
"PAN-OS 10.2.1-h1",
"PAN-OS 10.2.1",
"PAN-OS 10.2.0-h4",
"PAN-OS 10.2.0-h3",
"PAN-OS 10.2.0-h2",
"PAN-OS 10.2.0-h1",
"PAN-OS 10.2.0"
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2026-0280",
"datePublished": "2026-07-09T19:05:24.367Z",
"dateReserved": "2025-11-03T20:44:39.119Z",
"dateUpdated": "2026-07-09T19:23:56.125Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-0281 (GCVE-0-2026-0281)
Vulnerability from cvelistv5 – Published: 2026-07-09 19:03 – Updated: 2026-07-09 19:24- CWE-524 - Use of Cache Containing Sensitive Information
| URL | Tags |
|---|---|
| https://security.paloaltonetworks.com/CVE-2026-0281 | vendor-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Palo Alto Networks | Cloud NGFW |
Unaffected:
All
(custom)
|
|
| Palo Alto Networks | PAN-OS |
Affected:
12.1.0 , < 12.1.8
(custom)
Affected: 11.2.0 , < 11.2.13 (custom) Affected: 11.1.0 , < 11.1.16 (custom) Affected: 10.2.0 , < 10.2.18-h8 (custom) cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.12:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.15:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.14:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:* |
|
| Palo Alto Networks | Prisma Access |
Unaffected:
All
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-0281",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-09T19:24:10.424243Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T19:24:18.136Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Cloud NGFW",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "unaffected",
"version": "All",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.12:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.15:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.14:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "PAN-OS",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "12.1.8",
"status": "unaffected"
}
],
"lessThan": "12.1.8",
"status": "affected",
"version": "12.1.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "11.2.13",
"status": "unaffected"
}
],
"lessThan": "11.2.13",
"status": "affected",
"version": "11.2.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "11.1.16",
"status": "unaffected"
}
],
"lessThan": "11.1.16",
"status": "affected",
"version": "11.1.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "10.2.18-h8",
"status": "unaffected"
},
{
"at": "10.2.16-h9",
"status": "unaffected"
},
{
"at": "10.2.13-h23",
"status": "unaffected"
},
{
"at": "10.2.10-h39",
"status": "unaffected"
},
{
"at": "10.2.7-h36",
"status": "unaffected"
}
],
"lessThan": "10.2.18-h8",
"status": "affected",
"version": "10.2.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Prisma Access",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "unaffected",
"version": "All",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "No special configuration is required to be affected by this issue."
}
],
"value": "No special configuration is required to be affected by this issue."
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "12.1.8",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.2.13",
"versionStartIncluding": "11.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.1.16",
"versionStartIncluding": "11.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "our internal security research teams"
}
],
"datePublic": "2026-07-08T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An information disclosure vulnerability in Palo Alto Networks PAN-OS\u00ae software enables an unauthenticated attacker with network access to the management web interface to obtain web session tokens. This requires a legitimate user to first click on a malicious link provided by the attacker.\u003cbr\u003e\u003cbr\u003eThe security risk posed by this issue is minimized by restricting access to the management web interface to only trusted internal IP addresses according to our recommended \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"\u003ebest practice deployment guidelines\u003c/a\u003e.\u003cbr\u003e\u003cbr\u003eThis issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series).\u003cbr\u003e\u003cbr\u003eCloud NGFW and Prisma\u00ae Access are not impacted by this vulnerability."
}
],
"value": "An information disclosure vulnerability in Palo Alto Networks PAN-OS\u00ae software enables an unauthenticated attacker with network access to the management web interface to obtain web session tokens. This requires a legitimate user to first click on a malicious link provided by the attacker.\n\nThe security risk posed by this issue is minimized by restricting access to the management web interface to only trusted internal IP addresses according to our recommended best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .\n\nThis issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series).\n\nCloud NGFW and Prisma\u00ae Access are not impacted by this vulnerability."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"impacts": [
{
"capecId": "CAPEC-141",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-141 Cache Poisoning"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "AUTOMATIC",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 2.1,
"baseSeverity": "LOW",
"exploitMaturity": "UNREPORTED",
"privilegesRequired": "NONE",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/AU:N/R:A/V:D/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "The risk is highest when you allow access to the management interface from external IP addresses on the internet."
}
]
},
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "AUTOMATIC",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 1.7,
"baseSeverity": "LOW",
"exploitMaturity": "UNREPORTED",
"privilegesRequired": "NONE",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/AU:N/R:A/V:D/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "You can reduce the risk of exploitation by restricting access to a jump box that is the only system allowed to access the management interface."
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-524",
"description": "CWE-524 Use of Cache Containing Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T19:03:44.381Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2026-0281"
}
],
"solutions": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ctable\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eVersion\u003c/th\u003e\u003cth\u003eMinor Version Range\u003c/th\u003e\u003cth\u003eSuggested Solution\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eCloud NGFW\u003c/td\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 12.1\u003c/td\u003e\u003ctd\u003e12.1.2 through 12.1.7-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 12.1.8 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 11.2\u003c/td\u003e\u003ctd\u003e11.2.0 through 11.2.12\u003c/td\u003e\u003ctd\u003eUpgrade to 11.2.13 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 11.1\u003c/td\u003e\u003ctd\u003e11.1.0 through 11.1.15-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.16 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 10.2\u003c/td\u003e\u003ctd\u003e10.2.0 through 10.2*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.16, 11.2.13, 12.1.8 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eAll older\u003cbr\u003eunsupported\u003cbr\u003ePAN-OS versions\u003c/td\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003eUpgrade to a supported fixed version.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePrisma Access\u003c/td\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e"
}
],
"value": "VersionMinor Version RangeSuggested SolutionCloud NGFW\nNo action needed.PAN-OS 12.112.1.2 through 12.1.7-h*Upgrade to 12.1.8 or later.PAN-OS 11.211.2.0 through 11.2.12Upgrade to 11.2.13 or later.PAN-OS 11.111.1.0 through 11.1.15-h*Upgrade to 11.1.16 or later.PAN-OS 10.210.2.0 through 10.2*Upgrade to 11.1.16, 11.2.13, 12.1.8 or later.All older\nunsupported\nPAN-OS versions\nUpgrade to a supported fixed version.Prisma Access\nNo action needed."
}
],
"source": {
"discovery": "INTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2026-07-08T16:00:00.000Z",
"value": "Initial publication."
}
],
"title": "PAN-OS: Information Disclosure Vulnerability in Management Web Interface",
"workarounds": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The vast majority of firewalls already follow Palo Alto Networks\u0027 and industry best practices. However, if you have not already, we strongly recommend that you secure access to your management interface according to our \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"\u003ebest practice deployment guidelines\u003c/a\u003e. Specifically, you should restrict management interface access to only trusted internal IP addresses.\u003cbr\u003e\u003cbr\u003eReview information about how to secure management access to your Palo Alto Networks firewalls:\u003cul\u003e\u003cli\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"\u003ePalo Alto Networks LIVEcommunity article\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices\"\u003ePalo Alto Networks official and detailed technical documentation\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "The vast majority of firewalls already follow Palo Alto Networks\u0027 and industry best practices. However, if you have not already, we strongly recommend that you secure access to your management interface according to our best practice deployment guidelines (https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431). Specifically, you should restrict management interface access to only trusted internal IP addresses.\n\nReview information about how to secure management access to your Palo Alto Networks firewalls:\n * Palo Alto Networks LIVEcommunity article (https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431)\n * Palo Alto Networks official and detailed technical documentation (https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices)"
}
],
"x_affectedList": [
"PAN-OS 12.1.7",
"PAN-OS 12.1.6",
"PAN-OS 12.1.5",
"PAN-OS 12.1.4-h6",
"PAN-OS 12.1.4-h5",
"PAN-OS 12.1.4-h3",
"PAN-OS 12.1.4-h2",
"PAN-OS 12.1.4",
"PAN-OS 12.1.3-h3",
"PAN-OS 12.1.3-h1",
"PAN-OS 12.1.3",
"PAN-OS 12.1.2",
"PAN-OS 11.2.12",
"PAN-OS 11.2.11",
"PAN-OS 11.2.10-h8",
"PAN-OS 11.2.10-h7",
"PAN-OS 11.2.10-h6",
"PAN-OS 11.2.10-h5",
"PAN-OS 11.2.10-h4",
"PAN-OS 11.2.10-h3",
"PAN-OS 11.2.10-h2",
"PAN-OS 11.2.10-h1",
"PAN-OS 11.2.10",
"PAN-OS 11.2.9",
"PAN-OS 11.2.8",
"PAN-OS 11.2.7-h15",
"PAN-OS 11.2.7-h14",
"PAN-OS 11.2.7-h13",
"PAN-OS 11.2.7-h12",
"PAN-OS 11.2.7-h11",
"PAN-OS 11.2.7-h10",
"PAN-OS 11.2.7-h8",
"PAN-OS 11.2.7-h7",
"PAN-OS 11.2.7-h4",
"PAN-OS 11.2.7-h3",
"PAN-OS 11.2.7-h2",
"PAN-OS 11.2.7-h1",
"PAN-OS 11.2.7",
"PAN-OS 11.2.6",
"PAN-OS 11.2.5",
"PAN-OS 11.2.4-h17",
"PAN-OS 11.2.4-h15",
"PAN-OS 11.2.4-h14",
"PAN-OS 11.2.4-h12",
"PAN-OS 11.2.4-h11",
"PAN-OS 11.2.4-h10",
"PAN-OS 11.2.4-h9",
"PAN-OS 11.2.4-h8",
"PAN-OS 11.2.4-h7",
"PAN-OS 11.2.4-h6",
"PAN-OS 11.2.4-h5",
"PAN-OS 11.2.4-h4",
"PAN-OS 11.2.4-h3",
"PAN-OS 11.2.4-h2",
"PAN-OS 11.2.4-h1",
"PAN-OS 11.2.4",
"PAN-OS 11.2.3-h5",
"PAN-OS 11.2.3-h4",
"PAN-OS 11.2.3-h3",
"PAN-OS 11.2.3-h2",
"PAN-OS 11.2.3-h1",
"PAN-OS 11.2.3",
"PAN-OS 11.2.2-h2",
"PAN-OS 11.2.2-h1",
"PAN-OS 11.2.1-h1",
"PAN-OS 11.2.1",
"PAN-OS 11.2.0-h1",
"PAN-OS 11.2.0",
"PAN-OS 11.1.15",
"PAN-OS 11.1.14",
"PAN-OS 11.1.13-h6",
"PAN-OS 11.1.13-h5",
"PAN-OS 11.1.13-h3",
"PAN-OS 11.1.13-h2",
"PAN-OS 11.1.13-h1",
"PAN-OS 11.1.13",
"PAN-OS 11.1.12",
"PAN-OS 11.1.11",
"PAN-OS 11.1.10-h26",
"PAN-OS 11.1.10-h25",
"PAN-OS 11.1.10-h21",
"PAN-OS 11.1.10-h12",
"PAN-OS 11.1.10-h10",
"PAN-OS 11.1.10-h9",
"PAN-OS 11.1.10-h7",
"PAN-OS 11.1.10-h5",
"PAN-OS 11.1.10-h4",
"PAN-OS 11.1.10-h1",
"PAN-OS 11.1.10",
"PAN-OS 11.1.9",
"PAN-OS 11.1.8",
"PAN-OS 11.1.6-h32",
"PAN-OS 11.1.6-h29",
"PAN-OS 11.1.6-h25",
"PAN-OS 11.1.6-h23",
"PAN-OS 11.1.6-h22",
"PAN-OS 11.1.6-h21",
"PAN-OS 11.1.6-h20",
"PAN-OS 11.1.6-h19",
"PAN-OS 11.1.6-h18",
"PAN-OS 11.1.6-h17",
"PAN-OS 11.1.6-h14",
"PAN-OS 11.1.6-h10",
"PAN-OS 11.1.6-h7",
"PAN-OS 11.1.6-h6",
"PAN-OS 11.1.6-h4",
"PAN-OS 11.1.6-h3",
"PAN-OS 11.1.6-h2",
"PAN-OS 11.1.6-h1",
"PAN-OS 11.1.6",
"PAN-OS 11.1.5-h1",
"PAN-OS 11.1.5",
"PAN-OS 11.1.4-h33",
"PAN-OS 11.1.4-h32",
"PAN-OS 11.1.4-h27",
"PAN-OS 11.1.4-h25",
"PAN-OS 11.1.4-h18",
"PAN-OS 11.1.4-h17",
"PAN-OS 11.1.4-h15",
"PAN-OS 11.1.4-h13",
"PAN-OS 11.1.4-h12",
"PAN-OS 11.1.4-h11",
"PAN-OS 11.1.4-h10",
"PAN-OS 11.1.4-h9",
"PAN-OS 11.1.4-h8",
"PAN-OS 11.1.4-h7",
"PAN-OS 11.1.4-h6",
"PAN-OS 11.1.4-h5",
"PAN-OS 11.1.4-h4",
"PAN-OS 11.1.4-h3",
"PAN-OS 11.1.4-h2",
"PAN-OS 11.1.4-h1",
"PAN-OS 11.1.4",
"PAN-OS 11.1.3-h13",
"PAN-OS 11.1.3-h12",
"PAN-OS 11.1.3-h11",
"PAN-OS 11.1.3-h10",
"PAN-OS 11.1.3-h9",
"PAN-OS 11.1.3-h8",
"PAN-OS 11.1.3-h7",
"PAN-OS 11.1.3-h6",
"PAN-OS 11.1.3-h5",
"PAN-OS 11.1.3-h4",
"PAN-OS 11.1.3-h3",
"PAN-OS 11.1.3-h2",
"PAN-OS 11.1.3-h1",
"PAN-OS 11.1.3",
"PAN-OS 11.1.2-h18",
"PAN-OS 11.1.2-h17",
"PAN-OS 11.1.2-h16",
"PAN-OS 11.1.2-h15",
"PAN-OS 11.1.2-h14",
"PAN-OS 11.1.2-h13",
"PAN-OS 11.1.2-h12",
"PAN-OS 11.1.2-h11",
"PAN-OS 11.1.2-h10",
"PAN-OS 11.1.2-h9",
"PAN-OS 11.1.2-h8",
"PAN-OS 11.1.2-h7",
"PAN-OS 11.1.2-h6",
"PAN-OS 11.1.2-h5",
"PAN-OS 11.1.2-h4",
"PAN-OS 11.1.2-h3",
"PAN-OS 11.1.2-h2",
"PAN-OS 11.1.2-h1",
"PAN-OS 11.1.2",
"PAN-OS 11.1.1-h2",
"PAN-OS 11.1.1-h1",
"PAN-OS 11.1.1",
"PAN-OS 11.1.0-h4",
"PAN-OS 11.1.0-h3",
"PAN-OS 11.1.0-h2",
"PAN-OS 11.1.0-h1",
"PAN-OS 11.1.0",
"PAN-OS 10.2.18-h6",
"PAN-OS 10.2.18-h5",
"PAN-OS 10.2.18-h1",
"PAN-OS 10.2.18",
"PAN-OS 10.2.17",
"PAN-OS 10.2.16-h7",
"PAN-OS 10.2.16-h6",
"PAN-OS 10.2.16-h4",
"PAN-OS 10.2.16-h1",
"PAN-OS 10.2.16",
"PAN-OS 10.2.15",
"PAN-OS 10.2.14-h1",
"PAN-OS 10.2.14",
"PAN-OS 10.2.13-h21",
"PAN-OS 10.2.13-h18",
"PAN-OS 10.2.13-h16",
"PAN-OS 10.2.13-h15",
"PAN-OS 10.2.13-h10",
"PAN-OS 10.2.13-h7",
"PAN-OS 10.2.13-h5",
"PAN-OS 10.2.13-h4",
"PAN-OS 10.2.13-h3",
"PAN-OS 10.2.13-h2",
"PAN-OS 10.2.13-h1",
"PAN-OS 10.2.13",
"PAN-OS 10.2.12-h6",
"PAN-OS 10.2.12-h5",
"PAN-OS 10.2.12-h4",
"PAN-OS 10.2.12-h3",
"PAN-OS 10.2.12-h2",
"PAN-OS 10.2.12-h1",
"PAN-OS 10.2.12",
"PAN-OS 10.2.11-h13",
"PAN-OS 10.2.11-h12",
"PAN-OS 10.2.11-h11",
"PAN-OS 10.2.11-h10",
"PAN-OS 10.2.11-h9",
"PAN-OS 10.2.11-h8",
"PAN-OS 10.2.11-h7",
"PAN-OS 10.2.11-h6",
"PAN-OS 10.2.11-h5",
"PAN-OS 10.2.11-h4",
"PAN-OS 10.2.11-h3",
"PAN-OS 10.2.11-h2",
"PAN-OS 10.2.11-h1",
"PAN-OS 10.2.11",
"PAN-OS 10.2.10-h36",
"PAN-OS 10.2.10-h31",
"PAN-OS 10.2.10-h30",
"PAN-OS 10.2.10-h27",
"PAN-OS 10.2.10-h26",
"PAN-OS 10.2.10-h23",
"PAN-OS 10.2.10-h21",
"PAN-OS 10.2.10-h18",
"PAN-OS 10.2.10-h17",
"PAN-OS 10.2.10-h14",
"PAN-OS 10.2.10-h13",
"PAN-OS 10.2.10-h12",
"PAN-OS 10.2.10-h11",
"PAN-OS 10.2.10-h10",
"PAN-OS 10.2.10-h9",
"PAN-OS 10.2.10-h8",
"PAN-OS 10.2.10-h7",
"PAN-OS 10.2.10-h6",
"PAN-OS 10.2.10-h5",
"PAN-OS 10.2.10-h4",
"PAN-OS 10.2.10-h3",
"PAN-OS 10.2.10-h2",
"PAN-OS 10.2.10-h1",
"PAN-OS 10.2.10",
"PAN-OS 10.2.9-h21",
"PAN-OS 10.2.9-h20",
"PAN-OS 10.2.9-h19",
"PAN-OS 10.2.9-h18",
"PAN-OS 10.2.9-h17",
"PAN-OS 10.2.9-h16",
"PAN-OS 10.2.9-h15",
"PAN-OS 10.2.9-h14",
"PAN-OS 10.2.9-h13",
"PAN-OS 10.2.9-h12",
"PAN-OS 10.2.9-h11",
"PAN-OS 10.2.9-h10",
"PAN-OS 10.2.9-h9",
"PAN-OS 10.2.9-h8",
"PAN-OS 10.2.9-h7",
"PAN-OS 10.2.9-h6",
"PAN-OS 10.2.9-h5",
"PAN-OS 10.2.9-h4",
"PAN-OS 10.2.9-h3",
"PAN-OS 10.2.9-h2",
"PAN-OS 10.2.9-h1",
"PAN-OS 10.2.9",
"PAN-OS 10.2.8-h21",
"PAN-OS 10.2.8-h20",
"PAN-OS 10.2.8-h19",
"PAN-OS 10.2.8-h18",
"PAN-OS 10.2.8-h17",
"PAN-OS 10.2.8-h16",
"PAN-OS 10.2.8-h15",
"PAN-OS 10.2.8-h14",
"PAN-OS 10.2.8-h13",
"PAN-OS 10.2.8-h12",
"PAN-OS 10.2.8-h11",
"PAN-OS 10.2.8-h10",
"PAN-OS 10.2.8-h9",
"PAN-OS 10.2.8-h8",
"PAN-OS 10.2.8-h7",
"PAN-OS 10.2.8-h6",
"PAN-OS 10.2.8-h5",
"PAN-OS 10.2.8-h4",
"PAN-OS 10.2.8-h3",
"PAN-OS 10.2.8-h2",
"PAN-OS 10.2.8-h1",
"PAN-OS 10.2.8",
"PAN-OS 10.2.7-h34",
"PAN-OS 10.2.7-h32",
"PAN-OS 10.2.7-h24",
"PAN-OS 10.2.7-h23",
"PAN-OS 10.2.7-h22",
"PAN-OS 10.2.7-h21",
"PAN-OS 10.2.7-h20",
"PAN-OS 10.2.7-h19",
"PAN-OS 10.2.7-h18",
"PAN-OS 10.2.7-h17",
"PAN-OS 10.2.7-h16",
"PAN-OS 10.2.7-h15",
"PAN-OS 10.2.7-h14",
"PAN-OS 10.2.7-h13",
"PAN-OS 10.2.7-h12",
"PAN-OS 10.2.7-h11",
"PAN-OS 10.2.7-h10",
"PAN-OS 10.2.7-h9",
"PAN-OS 10.2.7-h8",
"PAN-OS 10.2.7-h7",
"PAN-OS 10.2.7-h6",
"PAN-OS 10.2.7-h5",
"PAN-OS 10.2.7-h4",
"PAN-OS 10.2.7-h3",
"PAN-OS 10.2.7-h2",
"PAN-OS 10.2.7-h1",
"PAN-OS 10.2.7",
"PAN-OS 10.2.6-h6",
"PAN-OS 10.2.6-h5",
"PAN-OS 10.2.6-h4",
"PAN-OS 10.2.6-h3",
"PAN-OS 10.2.6-h2",
"PAN-OS 10.2.6-h1",
"PAN-OS 10.2.6",
"PAN-OS 10.2.5-h9",
"PAN-OS 10.2.5-h8",
"PAN-OS 10.2.5-h7",
"PAN-OS 10.2.5-h6",
"PAN-OS 10.2.5-h5",
"PAN-OS 10.2.5-h4",
"PAN-OS 10.2.5-h3",
"PAN-OS 10.2.5-h2",
"PAN-OS 10.2.5-h1",
"PAN-OS 10.2.5",
"PAN-OS 10.2.4-h32",
"PAN-OS 10.2.4-h31",
"PAN-OS 10.2.4-h30",
"PAN-OS 10.2.4-h29",
"PAN-OS 10.2.4-h28",
"PAN-OS 10.2.4-h27",
"PAN-OS 10.2.4-h26",
"PAN-OS 10.2.4-h25",
"PAN-OS 10.2.4-h24",
"PAN-OS 10.2.4-h23",
"PAN-OS 10.2.4-h22",
"PAN-OS 10.2.4-h21",
"PAN-OS 10.2.4-h20",
"PAN-OS 10.2.4-h19",
"PAN-OS 10.2.4-h18",
"PAN-OS 10.2.4-h17",
"PAN-OS 10.2.4-h16",
"PAN-OS 10.2.4-h15",
"PAN-OS 10.2.4-h14",
"PAN-OS 10.2.4-h13",
"PAN-OS 10.2.4-h12",
"PAN-OS 10.2.4-h11",
"PAN-OS 10.2.4-h10",
"PAN-OS 10.2.4-h9",
"PAN-OS 10.2.4-h8",
"PAN-OS 10.2.4-h7",
"PAN-OS 10.2.4-h6",
"PAN-OS 10.2.4-h5",
"PAN-OS 10.2.4-h4",
"PAN-OS 10.2.4-h3",
"PAN-OS 10.2.4-h2",
"PAN-OS 10.2.4-h1",
"PAN-OS 10.2.4",
"PAN-OS 10.2.3-h14",
"PAN-OS 10.2.3-h13",
"PAN-OS 10.2.3-h12",
"PAN-OS 10.2.3-h11",
"PAN-OS 10.2.3-h10",
"PAN-OS 10.2.3-h9",
"PAN-OS 10.2.3-h8",
"PAN-OS 10.2.3-h7",
"PAN-OS 10.2.3-h6",
"PAN-OS 10.2.3-h5",
"PAN-OS 10.2.3-h4",
"PAN-OS 10.2.3-h3",
"PAN-OS 10.2.3-h2",
"PAN-OS 10.2.3-h1",
"PAN-OS 10.2.3",
"PAN-OS 10.2.2-h6",
"PAN-OS 10.2.2-h5",
"PAN-OS 10.2.2-h4",
"PAN-OS 10.2.2-h3",
"PAN-OS 10.2.2-h2",
"PAN-OS 10.2.2-h1",
"PAN-OS 10.2.2",
"PAN-OS 10.2.1-h3",
"PAN-OS 10.2.1-h2",
"PAN-OS 10.2.1-h1",
"PAN-OS 10.2.1",
"PAN-OS 10.2.0-h4",
"PAN-OS 10.2.0-h3",
"PAN-OS 10.2.0-h2",
"PAN-OS 10.2.0-h1",
"PAN-OS 10.2.0"
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2026-0281",
"datePublished": "2026-07-09T19:03:44.381Z",
"dateReserved": "2025-11-03T20:44:40.071Z",
"dateUpdated": "2026-07-09T19:24:18.136Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-0282 (GCVE-0-2026-0282)
Vulnerability from cvelistv5 – Published: 2026-07-09 19:02 – Updated: 2026-07-09 19:24- CWE-20 - Improper Input Validation
| URL | Tags |
|---|---|
| https://security.paloaltonetworks.com/CVE-2026-0282 | vendor-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Palo Alto Networks | Cloud NGFW |
Unaffected:
All
(custom)
|
|
| Palo Alto Networks | PAN-OS |
Affected:
12.1.0 , < 12.1.8
(custom)
Affected: 11.2.0 , < 11.2.13 (custom) Affected: 11.1.0 , < 11.1.16 (custom) Affected: 10.2.0 , < 10.2.18-h8 (custom) cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.12:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.15:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.14:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:* |
|
| Palo Alto Networks | Prisma Access |
Unaffected:
All
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-0282",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-09T19:24:34.179840Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T19:24:40.688Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Cloud NGFW",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "unaffected",
"version": "All",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.12:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.15:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.14:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "PAN-OS",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "12.1.8",
"status": "unaffected"
}
],
"lessThan": "12.1.8",
"status": "affected",
"version": "12.1.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "11.2.13",
"status": "unaffected"
}
],
"lessThan": "11.2.13",
"status": "affected",
"version": "11.2.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "11.1.16",
"status": "unaffected"
}
],
"lessThan": "11.1.16",
"status": "affected",
"version": "11.1.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "10.2.18-h8",
"status": "unaffected"
},
{
"at": "10.2.16-h9",
"status": "unaffected"
},
{
"at": "10.2.13-h23",
"status": "unaffected"
},
{
"at": "10.2.10-h39",
"status": "unaffected"
},
{
"at": "10.2.7-h36",
"status": "unaffected"
}
],
"lessThan": "10.2.18-h8",
"status": "affected",
"version": "10.2.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Prisma Access",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "unaffected",
"version": "All",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "No special configuration is required to be affected by this issue."
}
],
"value": "No special configuration is required to be affected by this issue."
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "12.1.8",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.2.13",
"versionStartIncluding": "11.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.1.16",
"versionStartIncluding": "11.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "our internal security research teams"
}
],
"datePublic": "2026-07-08T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A file deletion vulnerability in Palo Alto Networks PAN-OS\u00ae software enables an unauthenticated attacker with network access to the management web interface to delete files from a temporary directory.\u003cbr\u003e\u003cbr\u003eThe security risk posed by this issue is minimized by restricting access to the management web interface to only trusted internal IP addresses according to our recommended \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"\u003ebest practice deployment guidelines\u003c/a\u003e.\u003cbr\u003e\u003cbr\u003eThis issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series).\u003cbr\u003e\u003cbr\u003eCloud NGFW and Prisma\u00ae Access are not impacted by this vulnerability."
}
],
"value": "A file deletion vulnerability in Palo Alto Networks PAN-OS\u00ae software enables an unauthenticated attacker with network access to the management web interface to delete files from a temporary directory.\n\nThe security risk posed by this issue is minimized by restricting access to the management web interface to only trusted internal IP addresses according to our recommended best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .\n\nThis issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series).\n\nCloud NGFW and Prisma\u00ae Access are not impacted by this vulnerability."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"impacts": [
{
"capecId": "CAPEC-165",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-165 File Manipulation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 2.7,
"baseSeverity": "LOW",
"exploitMaturity": "UNREPORTED",
"privilegesRequired": "NONE",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "The risk is highest when you allow access to the management interface from external IP addresses on the internet."
}
]
},
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 1.2,
"baseSeverity": "LOW",
"exploitMaturity": "UNREPORTED",
"privilegesRequired": "NONE",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "You can reduce the risk of exploitation by restricting management access to a jump box that is the only system allowed to access the management interface."
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T19:02:26.722Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2026-0282"
}
],
"solutions": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ctable\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eVersion\u003cbr\u003e\u003c/th\u003e\u003cth\u003eMinor Version Range\u003cbr\u003e\u003c/th\u003e\u003cth\u003eSuggested Solution\u003cbr\u003e\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eCloud NGFW All\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003ePAN-OS 12.1\u003cbr\u003e\u003c/td\u003e\n \u003ctd\u003e12.1.0 through 12.1.7-h*\u003c/td\u003e\n \u003ctd\u003eUpgrade to 12.1.8 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003ePAN-OS 11.2\u003cbr\u003e\u003c/td\u003e\n \u003ctd\u003e11.2.0 through 11.2.12\u003c/td\u003e\n \u003ctd\u003eUpgrade to 11.2.13 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003ePAN-OS 11.1\u003cbr\u003e\u003c/td\u003e\n \u003ctd\u003e11.1.0 through 11.1.15-h*\u003c/td\u003e\n \u003ctd\u003eUpgrade to 11.1.16 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 10.2\u003c/td\u003e\u003ctd\u003e10.2.0 through 10.2*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.16 or 11.2.13 or 12.1.8 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eAll older\u003cbr\u003eunsupported\u003cbr\u003ePAN-OS versions\u003c/td\u003e\u003ctd\u003e\u0026nbsp;\u003c/td\u003e\u003ctd\u003eUpgrade to a supported fixed version.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePrisma Access All\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e"
}
],
"value": "Version\nMinor Version Range\nSuggested Solution\nCloud NGFW All\nNo action needed.\n PAN-OS 12.1\n\n 12.1.0 through 12.1.7-h*\n Upgrade to 12.1.8 or later.\n \n PAN-OS 11.2\n\n 11.2.0 through 11.2.12\n Upgrade to 11.2.13 or later.\n \n PAN-OS 11.1\n\n 11.1.0 through 11.1.15-h*\n Upgrade to 11.1.16 or later.\n PAN-OS 10.210.2.0 through 10.2*Upgrade to 11.1.16 or 11.2.13 or 12.1.8 or later.All older\nunsupported\nPAN-OS versions\u00a0Upgrade to a supported fixed version.Prisma Access All\nNo action needed."
}
],
"source": {
"discovery": "INTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2026-07-08T16:00:00.000Z",
"value": "Initial publication"
}
],
"title": "PAN-OS: File Deletion Vulnerability in Management Web Interface",
"workarounds": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The vast majority of firewalls already follow Palo Alto Networks\u0027 and industry best practices. However, if you have not already, we strongly recommend that you secure access to your management interface according to our \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"\u003ebest practice deployment guidelines\u003c/a\u003e. Specifically, you should restrict management interface access to only trusted internal IP addresses.\u003cbr\u003e\u003cbr\u003eReview information about how to secure management access to your Palo Alto Networks firewalls:\u003cul\u003e\u003cli\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"\u003ePalo Alto Networks LIVEcommunity article\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices\"\u003ePalo Alto Networks official and detailed technical documentation\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "The vast majority of firewalls already follow Palo Alto Networks\u0027 and industry best practices. However, if you have not already, we strongly recommend that you secure access to your management interface according to our best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . Specifically, you should restrict management interface access to only trusted internal IP addresses.\n\nReview information about how to secure management access to your Palo Alto Networks firewalls: * Palo Alto Networks LIVEcommunity article https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 \n * Palo Alto Networks official and detailed technical documentation https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices"
}
],
"x_affectedList": [
"PAN-OS 12.1.7",
"PAN-OS 12.1.6",
"PAN-OS 12.1.5",
"PAN-OS 12.1.4-h6",
"PAN-OS 12.1.4-h5",
"PAN-OS 12.1.4-h3",
"PAN-OS 12.1.4-h2",
"PAN-OS 12.1.4",
"PAN-OS 12.1.3-h3",
"PAN-OS 12.1.3-h1",
"PAN-OS 12.1.3",
"PAN-OS 12.1.2",
"PAN-OS 11.2.12",
"PAN-OS 11.2.11",
"PAN-OS 11.2.10-h8",
"PAN-OS 11.2.10-h7",
"PAN-OS 11.2.10-h6",
"PAN-OS 11.2.10-h5",
"PAN-OS 11.2.10-h4",
"PAN-OS 11.2.10-h3",
"PAN-OS 11.2.10-h2",
"PAN-OS 11.2.10-h1",
"PAN-OS 11.2.10",
"PAN-OS 11.2.9",
"PAN-OS 11.2.8",
"PAN-OS 11.2.7-h15",
"PAN-OS 11.2.7-h14",
"PAN-OS 11.2.7-h13",
"PAN-OS 11.2.7-h12",
"PAN-OS 11.2.7-h11",
"PAN-OS 11.2.7-h10",
"PAN-OS 11.2.7-h8",
"PAN-OS 11.2.7-h7",
"PAN-OS 11.2.7-h4",
"PAN-OS 11.2.7-h3",
"PAN-OS 11.2.7-h2",
"PAN-OS 11.2.7-h1",
"PAN-OS 11.2.7",
"PAN-OS 11.2.6",
"PAN-OS 11.2.5",
"PAN-OS 11.2.4-h17",
"PAN-OS 11.2.4-h15",
"PAN-OS 11.2.4-h14",
"PAN-OS 11.2.4-h12",
"PAN-OS 11.2.4-h11",
"PAN-OS 11.2.4-h10",
"PAN-OS 11.2.4-h9",
"PAN-OS 11.2.4-h8",
"PAN-OS 11.2.4-h7",
"PAN-OS 11.2.4-h6",
"PAN-OS 11.2.4-h5",
"PAN-OS 11.2.4-h4",
"PAN-OS 11.2.4-h3",
"PAN-OS 11.2.4-h2",
"PAN-OS 11.2.4-h1",
"PAN-OS 11.2.4",
"PAN-OS 11.2.3-h5",
"PAN-OS 11.2.3-h4",
"PAN-OS 11.2.3-h3",
"PAN-OS 11.2.3-h2",
"PAN-OS 11.2.3-h1",
"PAN-OS 11.2.3",
"PAN-OS 11.2.2-h2",
"PAN-OS 11.2.2-h1",
"PAN-OS 11.2.1-h1",
"PAN-OS 11.2.1",
"PAN-OS 11.2.0-h1",
"PAN-OS 11.2.0",
"PAN-OS 11.1.15",
"PAN-OS 11.1.14",
"PAN-OS 11.1.13-h6",
"PAN-OS 11.1.13-h5",
"PAN-OS 11.1.13-h3",
"PAN-OS 11.1.13-h2",
"PAN-OS 11.1.13-h1",
"PAN-OS 11.1.13",
"PAN-OS 11.1.12",
"PAN-OS 11.1.11",
"PAN-OS 11.1.10-h26",
"PAN-OS 11.1.10-h25",
"PAN-OS 11.1.10-h21",
"PAN-OS 11.1.10-h12",
"PAN-OS 11.1.10-h10",
"PAN-OS 11.1.10-h9",
"PAN-OS 11.1.10-h7",
"PAN-OS 11.1.10-h5",
"PAN-OS 11.1.10-h4",
"PAN-OS 11.1.10-h1",
"PAN-OS 11.1.10",
"PAN-OS 11.1.9",
"PAN-OS 11.1.8",
"PAN-OS 11.1.6-h32",
"PAN-OS 11.1.6-h29",
"PAN-OS 11.1.6-h25",
"PAN-OS 11.1.6-h23",
"PAN-OS 11.1.6-h22",
"PAN-OS 11.1.6-h21",
"PAN-OS 11.1.6-h20",
"PAN-OS 11.1.6-h19",
"PAN-OS 11.1.6-h18",
"PAN-OS 11.1.6-h17",
"PAN-OS 11.1.6-h14",
"PAN-OS 11.1.6-h10",
"PAN-OS 11.1.6-h7",
"PAN-OS 11.1.6-h6",
"PAN-OS 11.1.6-h4",
"PAN-OS 11.1.6-h3",
"PAN-OS 11.1.6-h2",
"PAN-OS 11.1.6-h1",
"PAN-OS 11.1.6",
"PAN-OS 11.1.5-h1",
"PAN-OS 11.1.5",
"PAN-OS 11.1.4-h33",
"PAN-OS 11.1.4-h32",
"PAN-OS 11.1.4-h27",
"PAN-OS 11.1.4-h25",
"PAN-OS 11.1.4-h18",
"PAN-OS 11.1.4-h17",
"PAN-OS 11.1.4-h15",
"PAN-OS 11.1.4-h13",
"PAN-OS 11.1.4-h12",
"PAN-OS 11.1.4-h11",
"PAN-OS 11.1.4-h10",
"PAN-OS 11.1.4-h9",
"PAN-OS 11.1.4-h8",
"PAN-OS 11.1.4-h7",
"PAN-OS 11.1.4-h6",
"PAN-OS 11.1.4-h5",
"PAN-OS 11.1.4-h4",
"PAN-OS 11.1.4-h3",
"PAN-OS 11.1.4-h2",
"PAN-OS 11.1.4-h1",
"PAN-OS 11.1.4",
"PAN-OS 11.1.3-h13",
"PAN-OS 11.1.3-h12",
"PAN-OS 11.1.3-h11",
"PAN-OS 11.1.3-h10",
"PAN-OS 11.1.3-h9",
"PAN-OS 11.1.3-h8",
"PAN-OS 11.1.3-h7",
"PAN-OS 11.1.3-h6",
"PAN-OS 11.1.3-h5",
"PAN-OS 11.1.3-h4",
"PAN-OS 11.1.3-h3",
"PAN-OS 11.1.3-h2",
"PAN-OS 11.1.3-h1",
"PAN-OS 11.1.3",
"PAN-OS 11.1.2-h18",
"PAN-OS 11.1.2-h17",
"PAN-OS 11.1.2-h16",
"PAN-OS 11.1.2-h15",
"PAN-OS 11.1.2-h14",
"PAN-OS 11.1.2-h13",
"PAN-OS 11.1.2-h12",
"PAN-OS 11.1.2-h11",
"PAN-OS 11.1.2-h10",
"PAN-OS 11.1.2-h9",
"PAN-OS 11.1.2-h8",
"PAN-OS 11.1.2-h7",
"PAN-OS 11.1.2-h6",
"PAN-OS 11.1.2-h5",
"PAN-OS 11.1.2-h4",
"PAN-OS 11.1.2-h3",
"PAN-OS 11.1.2-h2",
"PAN-OS 11.1.2-h1",
"PAN-OS 11.1.2",
"PAN-OS 11.1.1-h2",
"PAN-OS 11.1.1-h1",
"PAN-OS 11.1.1",
"PAN-OS 11.1.0-h4",
"PAN-OS 11.1.0-h3",
"PAN-OS 11.1.0-h2",
"PAN-OS 11.1.0-h1",
"PAN-OS 11.1.0",
"PAN-OS 10.2.18-h6",
"PAN-OS 10.2.18-h5",
"PAN-OS 10.2.18-h1",
"PAN-OS 10.2.18",
"PAN-OS 10.2.17",
"PAN-OS 10.2.16-h7",
"PAN-OS 10.2.16-h6",
"PAN-OS 10.2.16-h4",
"PAN-OS 10.2.16-h1",
"PAN-OS 10.2.16",
"PAN-OS 10.2.15",
"PAN-OS 10.2.14-h1",
"PAN-OS 10.2.14",
"PAN-OS 10.2.13-h21",
"PAN-OS 10.2.13-h18",
"PAN-OS 10.2.13-h16",
"PAN-OS 10.2.13-h15",
"PAN-OS 10.2.13-h10",
"PAN-OS 10.2.13-h7",
"PAN-OS 10.2.13-h5",
"PAN-OS 10.2.13-h4",
"PAN-OS 10.2.13-h3",
"PAN-OS 10.2.13-h2",
"PAN-OS 10.2.13-h1",
"PAN-OS 10.2.13",
"PAN-OS 10.2.12-h6",
"PAN-OS 10.2.12-h5",
"PAN-OS 10.2.12-h4",
"PAN-OS 10.2.12-h3",
"PAN-OS 10.2.12-h2",
"PAN-OS 10.2.12-h1",
"PAN-OS 10.2.12",
"PAN-OS 10.2.11-h13",
"PAN-OS 10.2.11-h12",
"PAN-OS 10.2.11-h11",
"PAN-OS 10.2.11-h10",
"PAN-OS 10.2.11-h9",
"PAN-OS 10.2.11-h8",
"PAN-OS 10.2.11-h7",
"PAN-OS 10.2.11-h6",
"PAN-OS 10.2.11-h5",
"PAN-OS 10.2.11-h4",
"PAN-OS 10.2.11-h3",
"PAN-OS 10.2.11-h2",
"PAN-OS 10.2.11-h1",
"PAN-OS 10.2.11",
"PAN-OS 10.2.10-h36",
"PAN-OS 10.2.10-h31",
"PAN-OS 10.2.10-h30",
"PAN-OS 10.2.10-h27",
"PAN-OS 10.2.10-h26",
"PAN-OS 10.2.10-h23",
"PAN-OS 10.2.10-h21",
"PAN-OS 10.2.10-h18",
"PAN-OS 10.2.10-h17",
"PAN-OS 10.2.10-h14",
"PAN-OS 10.2.10-h13",
"PAN-OS 10.2.10-h12",
"PAN-OS 10.2.10-h11",
"PAN-OS 10.2.10-h10",
"PAN-OS 10.2.10-h9",
"PAN-OS 10.2.10-h8",
"PAN-OS 10.2.10-h7",
"PAN-OS 10.2.10-h6",
"PAN-OS 10.2.10-h5",
"PAN-OS 10.2.10-h4",
"PAN-OS 10.2.10-h3",
"PAN-OS 10.2.10-h2",
"PAN-OS 10.2.10-h1",
"PAN-OS 10.2.10",
"PAN-OS 10.2.9-h21",
"PAN-OS 10.2.9-h20",
"PAN-OS 10.2.9-h19",
"PAN-OS 10.2.9-h18",
"PAN-OS 10.2.9-h17",
"PAN-OS 10.2.9-h16",
"PAN-OS 10.2.9-h15",
"PAN-OS 10.2.9-h14",
"PAN-OS 10.2.9-h13",
"PAN-OS 10.2.9-h12",
"PAN-OS 10.2.9-h11",
"PAN-OS 10.2.9-h10",
"PAN-OS 10.2.9-h9",
"PAN-OS 10.2.9-h8",
"PAN-OS 10.2.9-h7",
"PAN-OS 10.2.9-h6",
"PAN-OS 10.2.9-h5",
"PAN-OS 10.2.9-h4",
"PAN-OS 10.2.9-h3",
"PAN-OS 10.2.9-h2",
"PAN-OS 10.2.9-h1",
"PAN-OS 10.2.9",
"PAN-OS 10.2.8-h21",
"PAN-OS 10.2.8-h20",
"PAN-OS 10.2.8-h19",
"PAN-OS 10.2.8-h18",
"PAN-OS 10.2.8-h17",
"PAN-OS 10.2.8-h16",
"PAN-OS 10.2.8-h15",
"PAN-OS 10.2.8-h14",
"PAN-OS 10.2.8-h13",
"PAN-OS 10.2.8-h12",
"PAN-OS 10.2.8-h11",
"PAN-OS 10.2.8-h10",
"PAN-OS 10.2.8-h9",
"PAN-OS 10.2.8-h8",
"PAN-OS 10.2.8-h7",
"PAN-OS 10.2.8-h6",
"PAN-OS 10.2.8-h5",
"PAN-OS 10.2.8-h4",
"PAN-OS 10.2.8-h3",
"PAN-OS 10.2.8-h2",
"PAN-OS 10.2.8-h1",
"PAN-OS 10.2.8",
"PAN-OS 10.2.7-h34",
"PAN-OS 10.2.7-h32",
"PAN-OS 10.2.7-h24",
"PAN-OS 10.2.7-h23",
"PAN-OS 10.2.7-h22",
"PAN-OS 10.2.7-h21",
"PAN-OS 10.2.7-h20",
"PAN-OS 10.2.7-h19",
"PAN-OS 10.2.7-h18",
"PAN-OS 10.2.7-h17",
"PAN-OS 10.2.7-h16",
"PAN-OS 10.2.7-h15",
"PAN-OS 10.2.7-h14",
"PAN-OS 10.2.7-h13",
"PAN-OS 10.2.7-h12",
"PAN-OS 10.2.7-h11",
"PAN-OS 10.2.7-h10",
"PAN-OS 10.2.7-h9",
"PAN-OS 10.2.7-h8",
"PAN-OS 10.2.7-h7",
"PAN-OS 10.2.7-h6",
"PAN-OS 10.2.7-h5",
"PAN-OS 10.2.7-h4",
"PAN-OS 10.2.7-h3",
"PAN-OS 10.2.7-h2",
"PAN-OS 10.2.7-h1",
"PAN-OS 10.2.7",
"PAN-OS 10.2.6-h6",
"PAN-OS 10.2.6-h5",
"PAN-OS 10.2.6-h4",
"PAN-OS 10.2.6-h3",
"PAN-OS 10.2.6-h2",
"PAN-OS 10.2.6-h1",
"PAN-OS 10.2.6",
"PAN-OS 10.2.5-h9",
"PAN-OS 10.2.5-h8",
"PAN-OS 10.2.5-h7",
"PAN-OS 10.2.5-h6",
"PAN-OS 10.2.5-h5",
"PAN-OS 10.2.5-h4",
"PAN-OS 10.2.5-h3",
"PAN-OS 10.2.5-h2",
"PAN-OS 10.2.5-h1",
"PAN-OS 10.2.5",
"PAN-OS 10.2.4-h32",
"PAN-OS 10.2.4-h31",
"PAN-OS 10.2.4-h30",
"PAN-OS 10.2.4-h29",
"PAN-OS 10.2.4-h28",
"PAN-OS 10.2.4-h27",
"PAN-OS 10.2.4-h26",
"PAN-OS 10.2.4-h25",
"PAN-OS 10.2.4-h24",
"PAN-OS 10.2.4-h23",
"PAN-OS 10.2.4-h22",
"PAN-OS 10.2.4-h21",
"PAN-OS 10.2.4-h20",
"PAN-OS 10.2.4-h19",
"PAN-OS 10.2.4-h18",
"PAN-OS 10.2.4-h17",
"PAN-OS 10.2.4-h16",
"PAN-OS 10.2.4-h15",
"PAN-OS 10.2.4-h14",
"PAN-OS 10.2.4-h13",
"PAN-OS 10.2.4-h12",
"PAN-OS 10.2.4-h11",
"PAN-OS 10.2.4-h10",
"PAN-OS 10.2.4-h9",
"PAN-OS 10.2.4-h8",
"PAN-OS 10.2.4-h7",
"PAN-OS 10.2.4-h6",
"PAN-OS 10.2.4-h5",
"PAN-OS 10.2.4-h4",
"PAN-OS 10.2.4-h3",
"PAN-OS 10.2.4-h2",
"PAN-OS 10.2.4-h1",
"PAN-OS 10.2.4",
"PAN-OS 10.2.3-h14",
"PAN-OS 10.2.3-h13",
"PAN-OS 10.2.3-h12",
"PAN-OS 10.2.3-h11",
"PAN-OS 10.2.3-h10",
"PAN-OS 10.2.3-h9",
"PAN-OS 10.2.3-h8",
"PAN-OS 10.2.3-h7",
"PAN-OS 10.2.3-h6",
"PAN-OS 10.2.3-h5",
"PAN-OS 10.2.3-h4",
"PAN-OS 10.2.3-h3",
"PAN-OS 10.2.3-h2",
"PAN-OS 10.2.3-h1",
"PAN-OS 10.2.3",
"PAN-OS 10.2.2-h6",
"PAN-OS 10.2.2-h5",
"PAN-OS 10.2.2-h4",
"PAN-OS 10.2.2-h3",
"PAN-OS 10.2.2-h2",
"PAN-OS 10.2.2-h1",
"PAN-OS 10.2.2",
"PAN-OS 10.2.1-h3",
"PAN-OS 10.2.1-h2",
"PAN-OS 10.2.1-h1",
"PAN-OS 10.2.1",
"PAN-OS 10.2.0-h4",
"PAN-OS 10.2.0-h3",
"PAN-OS 10.2.0-h2",
"PAN-OS 10.2.0-h1",
"PAN-OS 10.2.0"
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2026-0282",
"datePublished": "2026-07-09T19:02:26.722Z",
"dateReserved": "2025-11-03T20:44:41.184Z",
"dateUpdated": "2026-07-09T19:24:40.688Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-0283 (GCVE-0-2026-0283)
Vulnerability from cvelistv5 – Published: 2026-07-09 19:01 – Updated: 2026-07-09 19:25- CWE-306 - Missing Authentication for Critical Function
| URL | Tags |
|---|---|
| https://security.paloaltonetworks.com/CVE-2026-0283 | vendor-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Palo Alto Networks | Cloud NGFW |
Unaffected:
All
(custom)
|
|
| Palo Alto Networks | PAN-OS |
Affected:
12.1.0 , < 12.1.8
(custom)
Affected: 11.2.0 , < 11.2.13 (custom) Affected: 11.1.0 , < 11.1.16 (custom) Affected: 10.2.0 , < 10.2.18-h8 (custom) cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h6:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.12:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h10:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h9:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h8:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h6:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h17:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h16:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h15:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h14:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h13:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h12:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h11:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h10:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h8:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h18:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h17:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h15:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h14:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h12:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h11:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h10:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h9:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h8:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h6:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.15:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.14:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h8:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h6:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h28:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h27:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h26:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h25:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h21:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h12:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h10:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h9:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h34:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h33:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h32:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h29:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h25:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h23:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h22:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h21:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h20:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h19:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h18:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h17:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h14:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h10:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h6:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h34:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h33:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h32:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h27:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h25:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h18:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h17:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h15:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h13:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h12:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h11:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h10:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h9:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h8:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h6:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h6:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h8:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h6:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h22:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h21:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h18:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h16:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h15:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h10:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h37:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h36:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h31:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h30:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h27:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h26:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h23:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h21:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h18:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h17:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h14:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h13:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h12:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h11:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h10:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h9:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h8:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h6:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h35:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h34:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h32:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h24:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h23:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h22:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h21:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h20:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h19:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h18:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h17:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h16:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h15:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h14:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h13:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h12:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h11:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h10:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h9:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h8:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h6:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:* |
|
| Palo Alto Networks | Prisma Access |
Unaffected:
All
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-0283",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-09T19:24:57.850143Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T19:25:07.889Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Cloud NGFW",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "unaffected",
"version": "All",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.12:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h9:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h8:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h17:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h16:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h15:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h14:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h13:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h12:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h11:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h8:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h18:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h17:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h15:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h14:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h12:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h11:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h9:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h8:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.15:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.14:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h8:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h28:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h27:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h26:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h25:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h21:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h12:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h9:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h34:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h33:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h32:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h29:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h25:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h23:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h22:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h21:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h20:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h19:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h18:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h17:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h14:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h34:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h33:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h32:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h27:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h25:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h18:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h17:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h15:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h13:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h12:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h11:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h9:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h8:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h8:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h22:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h21:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h18:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h16:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h15:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h37:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h36:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h31:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h30:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h27:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h26:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h23:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h21:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h18:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h17:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h14:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h13:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h12:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h11:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h9:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h8:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h35:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h34:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h32:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h24:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h23:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h22:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h21:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h20:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h19:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h18:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h17:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h16:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h15:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h14:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h13:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h12:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h11:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h9:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h8:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "PAN-OS",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "12.1.8",
"status": "unaffected"
},
{
"at": "12.1.7-h2",
"status": "unaffected"
},
{
"at": "12.1.4-h8",
"status": "unaffected"
}
],
"lessThan": "12.1.8",
"status": "affected",
"version": "12.1.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "11.2.13",
"status": "unaffected"
},
{
"at": "11.2.10-h12",
"status": "unaffected"
},
{
"at": "11.2.7-h18",
"status": "unaffected"
},
{
"at": "11.2.4-h20",
"status": "unaffected"
}
],
"lessThan": "11.2.13",
"status": "affected",
"version": "11.2.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "11.1.16",
"status": "unaffected"
},
{
"at": "11.1.13-h9",
"status": "unaffected"
},
{
"at": "11.1.10-h30",
"status": "unaffected"
},
{
"at": "11.1.7-h8",
"status": "unaffected"
},
{
"at": "11.1.6-h35",
"status": "unaffected"
},
{
"at": "11.1.4-h35",
"status": "unaffected"
}
],
"lessThan": "11.1.16",
"status": "affected",
"version": "11.1.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "10.2.18-h8",
"status": "unaffected"
},
{
"at": "10.2.16-h9",
"status": "unaffected"
},
{
"at": "10.2.13-h23",
"status": "unaffected"
},
{
"at": "10.2.10-h39",
"status": "unaffected"
},
{
"at": "10.2.7-h36",
"status": "unaffected"
}
],
"lessThan": "10.2.18-h8",
"status": "affected",
"version": "10.2.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Prisma Access",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "unaffected",
"version": "All",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThis issue is applicable only to firewalls using Large Scale VPN (LSVPN) with configured satellites.\u003cbr\u003e\u003c/p\u003e\u003cp\u003eTo check if your firewall has LSVPN satellites configured, run the following from the PAN-OS CLI:\u003cbr\u003e\u003c/p\u003eshow config running | match satellite\u003cp\u003eIf output is returned, LSVPN is in use.\u003c/p\u003e\u003cp\u003eYou can also verify in the web interface by navigating to\u0026nbsp;\u003cb\u003eNetwork\u003c/b\u003e\u003cb\u003e \u0026gt; \u003c/b\u003e\u003cb\u003eGlobalProtect\u003c/b\u003e\u003cb\u003e \u0026gt; \u003c/b\u003e\u003cb\u003ePortals\u003c/b\u003e, selecting each portal, and checking whether the Satellite tab contains any\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/ngfw/administration/large-scale-vpn-lsvpn/configure-the-globalprotect-portal-for-lsvpn/define-the-satellite-configurations\"\u003econfigured satellites\u003c/a\u003e.\u003c/p\u003e"
}
],
"value": "This issue is applicable only to firewalls using Large Scale VPN (LSVPN) with configured satellites.\n\n\n\n\nTo check if your firewall has LSVPN satellites configured, run the following from the PAN-OS CLI:\n\n\nshow config running | match satellite\n\nIf output is returned, LSVPN is in use.\n\n\n\nYou can also verify in the web interface by navigating to\u00a0Network \u003e GlobalProtect \u003e Portals, selecting each portal, and checking whether the Satellite tab contains any\u00a0 configured satellites https://docs.paloaltonetworks.com/ngfw/administration/large-scale-vpn-lsvpn/configure-the-globalprotect-portal-for-lsvpn/define-the-satellite-configurations ."
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "12.1.8",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "12.1.7-h2",
"versionStartIncluding": "12.1.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "12.1.4-h8",
"versionStartIncluding": "12.1.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.2.13",
"versionStartIncluding": "11.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.2.10-h12",
"versionStartIncluding": "11.2.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.2.7-h18",
"versionStartIncluding": "11.2.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.2.4-h20",
"versionStartIncluding": "11.2.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.1.16",
"versionStartIncluding": "11.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.1.13-h9",
"versionStartIncluding": "11.1.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.1.10-h30",
"versionStartIncluding": "11.1.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.1.7-h8",
"versionStartIncluding": "11.1.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.1.6-h35",
"versionStartIncluding": "11.1.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.1.4-h35",
"versionStartIncluding": "11.1.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.2.18-h8",
"versionStartIncluding": "10.2.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.2.16-h9",
"versionStartIncluding": "10.2.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.2.13-h23",
"versionStartIncluding": "10.2.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.2.10-h39",
"versionStartIncluding": "10.2.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.2.7-h36",
"versionStartIncluding": "10.2.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Vaibhav Nagar (internal reporter) and our internal security research teams"
}
],
"datePublic": "2026-07-08T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An authentication bypass vulnerability in Large Scale VPN ( LSVPN) functionality of Palo Alto Networks PAN-OS software allows an attacker with network access to bypass security restrictions and establish an unauthorized site-to-site VPN connection.\u003cbr\u003e\u003cbr\u003ePanorama, Cloud NGFW, and Prisma\u00ae Access are not impacted by this vulnerability."
}
],
"value": "An authentication bypass vulnerability in Large Scale VPN ( LSVPN) functionality of Palo Alto Networks PAN-OS software allows an attacker with network access to bypass security restrictions and establish an unauthorized site-to-site VPN connection.\n\nPanorama, Cloud NGFW, and Prisma\u00ae Access are not impacted by this vulnerability."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"exploitMaturity": "UNREPORTED",
"privilegesRequired": "NONE",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:H/SI:L/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "The risk is highest when you allow access to the management interface from external IP addresses on the internet."
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T19:01:34.210Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2026-0283"
}
],
"solutions": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ctable\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eVersion\u003cbr\u003e\u003c/th\u003e\u003cth\u003eMinor Version\u003cbr\u003e\u003c/th\u003e\u003cth\u003eSuggested Solution\u003cbr\u003e\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eCloud NGFW All\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003ePAN-OS 12.1\u003cbr\u003e\u003c/td\u003e\n \u003ctd\u003e12.1.5 through 12.1.7-h*\u003c/td\u003e\n \u003ctd\u003eUpgrade to 12.1.7-h2 or 12.1.8 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd\u003e12.1.2 through 12.1.4-h*\u003c/td\u003e\n \u003ctd\u003eUpgrade to 12.1.4-h8 or 12.1.8 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003ePAN-OS 11.2\u003cbr\u003e\u003c/td\u003e\n \u003ctd\u003e11.2.11 through 11.2.12\u003c/td\u003e\n \u003ctd\u003eUpgrade to 11.2.13 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd\u003e11.2.8 through 11.2.10-h*\u003c/td\u003e\n \u003ctd\u003eUpgrade to 11.2.10-h12 or 11.2.13 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd\u003e11.2.5 through 11.2.7-h*\u003c/td\u003e\n \u003ctd\u003eUpgrade to 11.2.7-h18 or 11.2.13 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd\u003e11.2.0 through 11.2.4-h*\u003c/td\u003e\n \u003ctd\u003eUpgrade to 11.2.4-h20 or 11.2.13 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003ePAN-OS 11.1\u003cbr\u003e\u003c/td\u003e\n \u003ctd\u003e11.1.14 through 11.1.15\u003c/td\u003e\n \u003ctd\u003eUpgrade to 11.1.16 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd\u003e11.1.11 through 11.1.13-h*\u003c/td\u003e\n \u003ctd\u003eUpgrade to 11.1.13-h9 or 11.1.16 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd\u003e11.1.8 through 11.1.10-h*\u003c/td\u003e\n \u003ctd\u003eUpgrade to 11.1.10-h30 or 11.1.16 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd\u003e11.1.7 through 11.1.7-h*\u003c/td\u003e\n \u003ctd\u003eUpgrade to 11.1.7-h8 or 11.1.16 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd\u003e11.1.5 through 11.1.6-h*\u003c/td\u003e\n \u003ctd\u003eUpgrade to 11.1.6-h35 or 11.1.16 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd\u003e11.1.0 through 11.1.4-h*\u003c/td\u003e\n \u003ctd\u003eUpgrade to 11.1.4-h35 or 11.1.16 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003ePAN-OS 10.2\u003cbr\u003e\u003c/td\u003e\n \u003ctd\u003e10.2.17 through 10.2.18-h*\u003c/td\u003e\n \u003ctd\u003eUpgrade to 10.2.18-h8 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd\u003e10.2.14 through 10.2.16-h*\u003c/td\u003e\n \u003ctd\u003eUpgrade to 10.2.16-h9 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd\u003e10.2.11 through 10.2.13-h*\u003c/td\u003e\n \u003ctd\u003eUpgrade to 10.2.13-h23 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd\u003e10.2.8 through 10.2.10-h*\u003c/td\u003e\n \u003ctd\u003eUpgrade to 10.2.10-h39 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd\u003e10.2.0 through 10.2.7-h*\u003c/td\u003e\n \u003ctd\u003eUpgrade to 10.2.7-h36 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eAll older\u003cbr\u003eunsupported\u003cbr\u003ePAN-OS versions\u003c/td\u003e\u003ctd\u003e\u0026nbsp;\u003c/td\u003e\u003ctd\u003eUpgrade to a supported fixed version.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePrisma Access All\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e"
}
],
"value": "Version\nMinor Version\nSuggested Solution\nCloud NGFW All\nNo action needed.\n PAN-OS 12.1\n\n 12.1.5 through 12.1.7-h*\n Upgrade to 12.1.7-h2 or 12.1.8 or later.\n \n \n 12.1.2 through 12.1.4-h*\n Upgrade to 12.1.4-h8 or 12.1.8 or later.\n \n PAN-OS 11.2\n\n 11.2.11 through 11.2.12\n Upgrade to 11.2.13 or later.\n \n \n 11.2.8 through 11.2.10-h*\n Upgrade to 11.2.10-h12 or 11.2.13 or later.\n \n \n 11.2.5 through 11.2.7-h*\n Upgrade to 11.2.7-h18 or 11.2.13 or later.\n \n \n 11.2.0 through 11.2.4-h*\n Upgrade to 11.2.4-h20 or 11.2.13 or later.\n \n PAN-OS 11.1\n\n 11.1.14 through 11.1.15\n Upgrade to 11.1.16 or later.\n \n \n 11.1.11 through 11.1.13-h*\n Upgrade to 11.1.13-h9 or 11.1.16 or later.\n \n \n 11.1.8 through 11.1.10-h*\n Upgrade to 11.1.10-h30 or 11.1.16 or later.\n \n \n 11.1.7 through 11.1.7-h*\n Upgrade to 11.1.7-h8 or 11.1.16 or later.\n \n \n 11.1.5 through 11.1.6-h*\n Upgrade to 11.1.6-h35 or 11.1.16 or later.\n \n \n 11.1.0 through 11.1.4-h*\n Upgrade to 11.1.4-h35 or 11.1.16 or later.\n \n PAN-OS 10.2\n\n 10.2.17 through 10.2.18-h*\n Upgrade to 10.2.18-h8 or later.\n \n \n 10.2.14 through 10.2.16-h*\n Upgrade to 10.2.16-h9 or later.\n \n \n 10.2.11 through 10.2.13-h*\n Upgrade to 10.2.13-h23 or later.\n \n \n 10.2.8 through 10.2.10-h*\n Upgrade to 10.2.10-h39 or later.\n \n \n 10.2.0 through 10.2.7-h*\n Upgrade to 10.2.7-h36 or later.\n All older\nunsupported\nPAN-OS versions\u00a0Upgrade to a supported fixed version.Prisma Access All\nNo action needed."
}
],
"source": {
"discovery": "INTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2026-07-08T16:00:00.000Z",
"value": "Initial publication"
}
],
"title": "PAN-OS: Authentication Bypass Vulnerability in Large Scale VPN (LSVPN)",
"workarounds": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCustomers with a Threat Prevention subscription are provided with limited coverage against this vulnerability when enabling Threat ID 510032 (from Applications and Threats content version\u0026nbsp;9122-10145 and later).\u0026nbsp;\u003cbr\u003e\u003cbr\u003eTo ensure the Threat ID provides effective protection against this vulnerability, ensure that \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/globalprotect-articles/applying-vulnerability-protection-to-globalprotect-interfaces/ta-p/340184\"\u003evulnerability protection security profile is applied to your GlobalProtect interface\u003c/a\u003e.\u003c/p\u003e"
}
],
"value": "Customers with a Threat Prevention subscription are provided with limited coverage against this vulnerability when enabling Threat ID 510032 (from Applications and Threats content version\u00a09122-10145 and later).\u00a0\n\nTo ensure the Threat ID provides effective protection against this vulnerability, ensure that vulnerability protection security profile is applied to your GlobalProtect interface https://live.paloaltonetworks.com/t5/globalprotect-articles/applying-vulnerability-protection-to-globalprotect-interfaces/ta-p/340184 ."
}
],
"x_affectedList": [
"PAN-OS 12.1.7-h1",
"PAN-OS 12.1.7",
"PAN-OS 12.1.6",
"PAN-OS 12.1.5",
"PAN-OS 12.1.4-h7",
"PAN-OS 12.1.4-h6",
"PAN-OS 12.1.4-h5",
"PAN-OS 12.1.4-h3",
"PAN-OS 12.1.4-h2",
"PAN-OS 12.1.4",
"PAN-OS 12.1.3-h3",
"PAN-OS 12.1.3-h1",
"PAN-OS 12.1.3",
"PAN-OS 12.1.2",
"PAN-OS 11.2.12",
"PAN-OS 11.2.11",
"PAN-OS 11.2.10-h10",
"PAN-OS 11.2.10-h9",
"PAN-OS 11.2.10-h8",
"PAN-OS 11.2.10-h7",
"PAN-OS 11.2.10-h6",
"PAN-OS 11.2.10-h5",
"PAN-OS 11.2.10-h4",
"PAN-OS 11.2.10-h3",
"PAN-OS 11.2.10-h2",
"PAN-OS 11.2.10-h1",
"PAN-OS 11.2.10",
"PAN-OS 11.2.9",
"PAN-OS 11.2.8",
"PAN-OS 11.2.7-h17",
"PAN-OS 11.2.7-h16",
"PAN-OS 11.2.7-h15",
"PAN-OS 11.2.7-h14",
"PAN-OS 11.2.7-h13",
"PAN-OS 11.2.7-h12",
"PAN-OS 11.2.7-h11",
"PAN-OS 11.2.7-h10",
"PAN-OS 11.2.7-h8",
"PAN-OS 11.2.7-h7",
"PAN-OS 11.2.7-h4",
"PAN-OS 11.2.7-h3",
"PAN-OS 11.2.7-h2",
"PAN-OS 11.2.7-h1",
"PAN-OS 11.2.7",
"PAN-OS 11.2.6",
"PAN-OS 11.2.5",
"PAN-OS 11.2.4-h18",
"PAN-OS 11.2.4-h17",
"PAN-OS 11.2.4-h15",
"PAN-OS 11.2.4-h14",
"PAN-OS 11.2.4-h12",
"PAN-OS 11.2.4-h11",
"PAN-OS 11.2.4-h10",
"PAN-OS 11.2.4-h9",
"PAN-OS 11.2.4-h8",
"PAN-OS 11.2.4-h7",
"PAN-OS 11.2.4-h6",
"PAN-OS 11.2.4-h5",
"PAN-OS 11.2.4-h4",
"PAN-OS 11.2.4-h3",
"PAN-OS 11.2.4-h2",
"PAN-OS 11.2.4-h1",
"PAN-OS 11.2.4",
"PAN-OS 11.2.3-h5",
"PAN-OS 11.2.3-h4",
"PAN-OS 11.2.3-h3",
"PAN-OS 11.2.3-h2",
"PAN-OS 11.2.3-h1",
"PAN-OS 11.2.3",
"PAN-OS 11.2.2-h2",
"PAN-OS 11.2.2-h1",
"PAN-OS 11.2.1-h1",
"PAN-OS 11.2.1",
"PAN-OS 11.2.0-h1",
"PAN-OS 11.2.0",
"PAN-OS 11.1.15",
"PAN-OS 11.1.14",
"PAN-OS 11.1.13-h8",
"PAN-OS 11.1.13-h7",
"PAN-OS 11.1.13-h6",
"PAN-OS 11.1.13-h5",
"PAN-OS 11.1.13-h3",
"PAN-OS 11.1.13-h2",
"PAN-OS 11.1.13-h1",
"PAN-OS 11.1.13",
"PAN-OS 11.1.12",
"PAN-OS 11.1.11",
"PAN-OS 11.1.10-h28",
"PAN-OS 11.1.10-h27",
"PAN-OS 11.1.10-h26",
"PAN-OS 11.1.10-h25",
"PAN-OS 11.1.10-h21",
"PAN-OS 11.1.10-h12",
"PAN-OS 11.1.10-h10",
"PAN-OS 11.1.10-h9",
"PAN-OS 11.1.10-h7",
"PAN-OS 11.1.10-h5",
"PAN-OS 11.1.10-h4",
"PAN-OS 11.1.10-h1",
"PAN-OS 11.1.10",
"PAN-OS 11.1.9",
"PAN-OS 11.1.8",
"PAN-OS 11.1.6-h34",
"PAN-OS 11.1.6-h33",
"PAN-OS 11.1.6-h32",
"PAN-OS 11.1.6-h29",
"PAN-OS 11.1.6-h25",
"PAN-OS 11.1.6-h23",
"PAN-OS 11.1.6-h22",
"PAN-OS 11.1.6-h21",
"PAN-OS 11.1.6-h20",
"PAN-OS 11.1.6-h19",
"PAN-OS 11.1.6-h18",
"PAN-OS 11.1.6-h17",
"PAN-OS 11.1.6-h14",
"PAN-OS 11.1.6-h10",
"PAN-OS 11.1.6-h7",
"PAN-OS 11.1.6-h6",
"PAN-OS 11.1.6-h4",
"PAN-OS 11.1.6-h3",
"PAN-OS 11.1.6-h2",
"PAN-OS 11.1.6-h1",
"PAN-OS 11.1.6",
"PAN-OS 11.1.5-h1",
"PAN-OS 11.1.5",
"PAN-OS 11.1.4-h34",
"PAN-OS 11.1.4-h33",
"PAN-OS 11.1.4-h32",
"PAN-OS 11.1.4-h27",
"PAN-OS 11.1.4-h25",
"PAN-OS 11.1.4-h18",
"PAN-OS 11.1.4-h17",
"PAN-OS 11.1.4-h15",
"PAN-OS 11.1.4-h13",
"PAN-OS 11.1.4-h12",
"PAN-OS 11.1.4-h11",
"PAN-OS 11.1.4-h10",
"PAN-OS 11.1.4-h9",
"PAN-OS 11.1.4-h8",
"PAN-OS 11.1.4-h7",
"PAN-OS 11.1.4-h6",
"PAN-OS 11.1.4-h5",
"PAN-OS 11.1.4-h4",
"PAN-OS 11.1.4-h3",
"PAN-OS 11.1.4-h2",
"PAN-OS 11.1.4-h1",
"PAN-OS 11.1.4",
"PAN-OS 11.1.3-h13",
"PAN-OS 11.1.3-h12",
"PAN-OS 11.1.3-h11",
"PAN-OS 11.1.3-h10",
"PAN-OS 11.1.3-h9",
"PAN-OS 11.1.3-h8",
"PAN-OS 11.1.3-h7",
"PAN-OS 11.1.3-h6",
"PAN-OS 11.1.3-h5",
"PAN-OS 11.1.3-h4",
"PAN-OS 11.1.3-h3",
"PAN-OS 11.1.3-h2",
"PAN-OS 11.1.3-h1",
"PAN-OS 11.1.3",
"PAN-OS 11.1.2-h18",
"PAN-OS 11.1.2-h17",
"PAN-OS 11.1.2-h16",
"PAN-OS 11.1.2-h15",
"PAN-OS 11.1.2-h14",
"PAN-OS 11.1.2-h13",
"PAN-OS 11.1.2-h12",
"PAN-OS 11.1.2-h11",
"PAN-OS 11.1.2-h10",
"PAN-OS 11.1.2-h9",
"PAN-OS 11.1.2-h8",
"PAN-OS 11.1.2-h7",
"PAN-OS 11.1.2-h6",
"PAN-OS 11.1.2-h5",
"PAN-OS 11.1.2-h4",
"PAN-OS 11.1.2-h3",
"PAN-OS 11.1.2-h2",
"PAN-OS 11.1.2-h1",
"PAN-OS 11.1.2",
"PAN-OS 11.1.1-h2",
"PAN-OS 11.1.1-h1",
"PAN-OS 11.1.1",
"PAN-OS 11.1.0-h4",
"PAN-OS 11.1.0-h3",
"PAN-OS 11.1.0-h2",
"PAN-OS 11.1.0-h1",
"PAN-OS 11.1.0",
"PAN-OS 10.2.18-h7",
"PAN-OS 10.2.18-h6",
"PAN-OS 10.2.18-h5",
"PAN-OS 10.2.18-h1",
"PAN-OS 10.2.18",
"PAN-OS 10.2.17",
"PAN-OS 10.2.16-h8",
"PAN-OS 10.2.16-h7",
"PAN-OS 10.2.16-h6",
"PAN-OS 10.2.16-h4",
"PAN-OS 10.2.16-h1",
"PAN-OS 10.2.16",
"PAN-OS 10.2.15",
"PAN-OS 10.2.14-h1",
"PAN-OS 10.2.14",
"PAN-OS 10.2.13-h22",
"PAN-OS 10.2.13-h21",
"PAN-OS 10.2.13-h18",
"PAN-OS 10.2.13-h16",
"PAN-OS 10.2.13-h15",
"PAN-OS 10.2.13-h10",
"PAN-OS 10.2.13-h7",
"PAN-OS 10.2.13-h5",
"PAN-OS 10.2.13-h4",
"PAN-OS 10.2.13-h3",
"PAN-OS 10.2.13-h2",
"PAN-OS 10.2.13-h1",
"PAN-OS 10.2.13",
"PAN-OS 10.2.12-h6",
"PAN-OS 10.2.12-h5",
"PAN-OS 10.2.12-h4",
"PAN-OS 10.2.12-h3",
"PAN-OS 10.2.12-h2",
"PAN-OS 10.2.12-h1",
"PAN-OS 10.2.12",
"PAN-OS 10.2.11-h13",
"PAN-OS 10.2.11-h12",
"PAN-OS 10.2.11-h11",
"PAN-OS 10.2.11-h10",
"PAN-OS 10.2.11-h9",
"PAN-OS 10.2.11-h8",
"PAN-OS 10.2.11-h7",
"PAN-OS 10.2.11-h6",
"PAN-OS 10.2.11-h5",
"PAN-OS 10.2.11-h4",
"PAN-OS 10.2.11-h3",
"PAN-OS 10.2.11-h2",
"PAN-OS 10.2.11-h1",
"PAN-OS 10.2.11",
"PAN-OS 10.2.10-h37",
"PAN-OS 10.2.10-h36",
"PAN-OS 10.2.10-h31",
"PAN-OS 10.2.10-h30",
"PAN-OS 10.2.10-h27",
"PAN-OS 10.2.10-h26",
"PAN-OS 10.2.10-h23",
"PAN-OS 10.2.10-h21",
"PAN-OS 10.2.10-h18",
"PAN-OS 10.2.10-h17",
"PAN-OS 10.2.10-h14",
"PAN-OS 10.2.10-h13",
"PAN-OS 10.2.10-h12",
"PAN-OS 10.2.10-h11",
"PAN-OS 10.2.10-h10",
"PAN-OS 10.2.10-h9",
"PAN-OS 10.2.10-h8",
"PAN-OS 10.2.10-h7",
"PAN-OS 10.2.10-h6",
"PAN-OS 10.2.10-h5",
"PAN-OS 10.2.10-h4",
"PAN-OS 10.2.10-h3",
"PAN-OS 10.2.10-h2",
"PAN-OS 10.2.10-h1",
"PAN-OS 10.2.10",
"PAN-OS 10.2.9-h21",
"PAN-OS 10.2.9-h20",
"PAN-OS 10.2.9-h19",
"PAN-OS 10.2.9-h18",
"PAN-OS 10.2.9-h17",
"PAN-OS 10.2.9-h16",
"PAN-OS 10.2.9-h15",
"PAN-OS 10.2.9-h14",
"PAN-OS 10.2.9-h13",
"PAN-OS 10.2.9-h12",
"PAN-OS 10.2.9-h11",
"PAN-OS 10.2.9-h10",
"PAN-OS 10.2.9-h9",
"PAN-OS 10.2.9-h8",
"PAN-OS 10.2.9-h7",
"PAN-OS 10.2.9-h6",
"PAN-OS 10.2.9-h5",
"PAN-OS 10.2.9-h4",
"PAN-OS 10.2.9-h3",
"PAN-OS 10.2.9-h2",
"PAN-OS 10.2.9-h1",
"PAN-OS 10.2.9",
"PAN-OS 10.2.8-h21",
"PAN-OS 10.2.8-h20",
"PAN-OS 10.2.8-h19",
"PAN-OS 10.2.8-h18",
"PAN-OS 10.2.8-h17",
"PAN-OS 10.2.8-h16",
"PAN-OS 10.2.8-h15",
"PAN-OS 10.2.8-h14",
"PAN-OS 10.2.8-h13",
"PAN-OS 10.2.8-h12",
"PAN-OS 10.2.8-h11",
"PAN-OS 10.2.8-h10",
"PAN-OS 10.2.8-h9",
"PAN-OS 10.2.8-h8",
"PAN-OS 10.2.8-h7",
"PAN-OS 10.2.8-h6",
"PAN-OS 10.2.8-h5",
"PAN-OS 10.2.8-h4",
"PAN-OS 10.2.8-h3",
"PAN-OS 10.2.8-h2",
"PAN-OS 10.2.8-h1",
"PAN-OS 10.2.8",
"PAN-OS 10.2.7-h35",
"PAN-OS 10.2.7-h34",
"PAN-OS 10.2.7-h32",
"PAN-OS 10.2.7-h24",
"PAN-OS 10.2.7-h23",
"PAN-OS 10.2.7-h22",
"PAN-OS 10.2.7-h21",
"PAN-OS 10.2.7-h20",
"PAN-OS 10.2.7-h19",
"PAN-OS 10.2.7-h18",
"PAN-OS 10.2.7-h17",
"PAN-OS 10.2.7-h16",
"PAN-OS 10.2.7-h15",
"PAN-OS 10.2.7-h14",
"PAN-OS 10.2.7-h13",
"PAN-OS 10.2.7-h12",
"PAN-OS 10.2.7-h11",
"PAN-OS 10.2.7-h10",
"PAN-OS 10.2.7-h9",
"PAN-OS 10.2.7-h8",
"PAN-OS 10.2.7-h7",
"PAN-OS 10.2.7-h6",
"PAN-OS 10.2.7-h5",
"PAN-OS 10.2.7-h4",
"PAN-OS 10.2.7-h3",
"PAN-OS 10.2.7-h2",
"PAN-OS 10.2.7-h1",
"PAN-OS 10.2.7",
"PAN-OS 10.2.6-h6",
"PAN-OS 10.2.6-h5",
"PAN-OS 10.2.6-h4",
"PAN-OS 10.2.6-h3",
"PAN-OS 10.2.6-h2",
"PAN-OS 10.2.6-h1",
"PAN-OS 10.2.6",
"PAN-OS 10.2.5-h9",
"PAN-OS 10.2.5-h8",
"PAN-OS 10.2.5-h7",
"PAN-OS 10.2.5-h6",
"PAN-OS 10.2.5-h5",
"PAN-OS 10.2.5-h4",
"PAN-OS 10.2.5-h3",
"PAN-OS 10.2.5-h2",
"PAN-OS 10.2.5-h1",
"PAN-OS 10.2.5",
"PAN-OS 10.2.4-h32",
"PAN-OS 10.2.4-h31",
"PAN-OS 10.2.4-h30",
"PAN-OS 10.2.4-h29",
"PAN-OS 10.2.4-h28",
"PAN-OS 10.2.4-h27",
"PAN-OS 10.2.4-h26",
"PAN-OS 10.2.4-h25",
"PAN-OS 10.2.4-h24",
"PAN-OS 10.2.4-h23",
"PAN-OS 10.2.4-h22",
"PAN-OS 10.2.4-h21",
"PAN-OS 10.2.4-h20",
"PAN-OS 10.2.4-h19",
"PAN-OS 10.2.4-h18",
"PAN-OS 10.2.4-h17",
"PAN-OS 10.2.4-h16",
"PAN-OS 10.2.4-h15",
"PAN-OS 10.2.4-h14",
"PAN-OS 10.2.4-h13",
"PAN-OS 10.2.4-h12",
"PAN-OS 10.2.4-h11",
"PAN-OS 10.2.4-h10",
"PAN-OS 10.2.4-h9",
"PAN-OS 10.2.4-h8",
"PAN-OS 10.2.4-h7",
"PAN-OS 10.2.4-h6",
"PAN-OS 10.2.4-h5",
"PAN-OS 10.2.4-h4",
"PAN-OS 10.2.4-h3",
"PAN-OS 10.2.4-h2",
"PAN-OS 10.2.4-h1",
"PAN-OS 10.2.4",
"PAN-OS 10.2.3-h14",
"PAN-OS 10.2.3-h13",
"PAN-OS 10.2.3-h12",
"PAN-OS 10.2.3-h11",
"PAN-OS 10.2.3-h10",
"PAN-OS 10.2.3-h9",
"PAN-OS 10.2.3-h8",
"PAN-OS 10.2.3-h7",
"PAN-OS 10.2.3-h6",
"PAN-OS 10.2.3-h5",
"PAN-OS 10.2.3-h4",
"PAN-OS 10.2.3-h3",
"PAN-OS 10.2.3-h2",
"PAN-OS 10.2.3-h1",
"PAN-OS 10.2.3",
"PAN-OS 10.2.2-h6",
"PAN-OS 10.2.2-h5",
"PAN-OS 10.2.2-h4",
"PAN-OS 10.2.2-h3",
"PAN-OS 10.2.2-h2",
"PAN-OS 10.2.2-h1",
"PAN-OS 10.2.2",
"PAN-OS 10.2.1-h3",
"PAN-OS 10.2.1-h2",
"PAN-OS 10.2.1-h1",
"PAN-OS 10.2.1",
"PAN-OS 10.2.0-h4",
"PAN-OS 10.2.0-h3",
"PAN-OS 10.2.0-h2",
"PAN-OS 10.2.0-h1",
"PAN-OS 10.2.0"
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2026-0283",
"datePublished": "2026-07-09T19:01:34.210Z",
"dateReserved": "2025-11-03T20:44:41.929Z",
"dateUpdated": "2026-07-09T19:25:07.889Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-0284 (GCVE-0-2026-0284)
Vulnerability from cvelistv5 – Published: 2026-07-09 18:59 – Updated: 2026-07-09 19:25- CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
| URL | Tags |
|---|---|
| https://security.paloaltonetworks.com/CVE-2026-0284 | vendor-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Palo Alto Networks | Cloud NGFW |
Unaffected:
All
(custom)
|
|
| Palo Alto Networks | PAN-OS |
Affected:
12.1.0 , < 12.1.4-h8
(custom)
Affected: 11.2.0 , < 11.2.4-h20 (custom) Affected: 11.1.0 , < 11.1.4-h35 (custom) Affected: 10.2.0 , < 10.2.7-h36 (custom) cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h6:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.12:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h8:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h6:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h15:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h14:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h13:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h12:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h11:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h10:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h8:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h17:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h15:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h14:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h12:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h11:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h10:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h9:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h8:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h6:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.15:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.14:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h6:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h26:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h25:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h21:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h12:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h10:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h9:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h32:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h29:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h25:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h23:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h22:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h21:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h20:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h19:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h18:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h17:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h14:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h10:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h6:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h33:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h32:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h27:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h25:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h18:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h17:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h15:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h13:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h12:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h11:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h10:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h9:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h8:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h6:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h6:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h6:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h21:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h18:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h16:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h15:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h10:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h36:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h31:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h30:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h27:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h26:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h23:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h21:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h18:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h17:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h14:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h13:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h12:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h11:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h10:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h9:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h8:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h6:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h34:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h32:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h24:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h23:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h22:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h21:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h20:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h19:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h18:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h17:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h16:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h15:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h14:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h13:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h12:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h11:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h10:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h9:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h8:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h6:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:* |
|
| Palo Alto Networks | Prisma Access |
Unaffected:
All
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-0284",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-09T19:25:21.473868Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T19:25:27.319Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Cloud NGFW",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "unaffected",
"version": "All",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.12:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h8:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h15:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h14:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h13:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h12:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h11:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h8:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h17:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h15:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h14:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h12:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h11:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h9:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h8:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.15:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.14:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h26:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h25:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h21:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h12:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h9:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h32:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h29:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h25:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h23:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h22:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h21:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h20:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h19:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h18:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h17:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h14:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h33:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h32:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h27:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h25:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h18:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h17:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h15:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h13:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h12:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h11:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h9:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h8:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h21:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h18:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h16:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h15:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h36:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h31:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h30:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h27:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h26:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h23:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h21:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h18:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h17:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h14:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h13:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h12:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h11:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h9:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h8:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h34:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h32:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h24:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h23:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h22:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h21:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h20:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h19:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h18:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h17:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h16:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h15:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h14:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h13:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h12:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h11:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h9:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h8:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "PAN-OS",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "12.1.4-h8",
"status": "unaffected"
},
{
"at": "12.1.7-h2",
"status": "unaffected"
},
{
"at": "12.1.8",
"status": "unaffected"
}
],
"lessThan": "12.1.4-h8",
"status": "affected",
"version": "12.1.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "11.2.4-h20",
"status": "unaffected"
},
{
"at": "11.2.7-h18",
"status": "unaffected"
},
{
"at": "11.2.10-h12",
"status": "unaffected"
},
{
"at": "11.2.13",
"status": "unaffected"
}
],
"lessThan": "11.2.4-h20",
"status": "affected",
"version": "11.2.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "11.1.4-h35",
"status": "unaffected"
},
{
"at": "11.1.6-h35",
"status": "unaffected"
},
{
"at": "11.1.7-h8",
"status": "unaffected"
},
{
"at": "11.1.10-h30",
"status": "unaffected"
},
{
"at": "11.1.13-h9",
"status": "unaffected"
},
{
"at": "11.1.16",
"status": "unaffected"
}
],
"lessThan": "11.1.4-h35",
"status": "affected",
"version": "11.1.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "10.2.7-h36",
"status": "unaffected"
},
{
"at": "10.2.10-h39",
"status": "unaffected"
},
{
"at": "10.2.13-h23",
"status": "unaffected"
},
{
"at": "10.2.16-h9",
"status": "unaffected"
},
{
"at": "10.2.18-h8",
"status": "unaffected"
}
],
"lessThan": "10.2.7-h36",
"status": "affected",
"version": "10.2.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Prisma Access",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "unaffected",
"version": "All",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue is applicable only to firewalls using Large Scale VPN (LSVPN) with configured satellites.\u003cbr\u003e\u003cbr\u003eTo check if your firewall has LSVPN satellites configured, run the following from the PAN-OS CLI:\u003cbr\u003e\u003ccode\u003eshow config running | match satellite\u003c/code\u003e\u003cbr\u003e\u003cbr\u003eIf output is returned, LSVPN is in use.\u003cbr\u003e\u003cp\u003eYou can also verify in the web interface by navigating to \u003cb\u003eNetwork \u0026gt; GlobalProtect \u0026gt; Portals\u003c/b\u003e, selecting each portal, and checking whether the \u003cb\u003eSatellite\u003c/b\u003e tab contains any \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/ngfw/administration/large-scale-vpn-lsvpn/configure-the-globalprotect-portal-for-lsvpn/define-the-satellite-configurations\"\u003econfigured satellites\u003c/a\u003e.\u003c/p\u003e"
}
],
"value": "This issue is applicable only to firewalls using Large Scale VPN (LSVPN) with configured satellites.\n\nTo check if your firewall has LSVPN satellites configured, run the following from the PAN-OS CLI:\nshow config running | match satellite\n\nIf output is returned, LSVPN is in use.\n\n\nYou can also verify in the web interface by navigating to Network \u003e GlobalProtect \u003e Portals, selecting each portal, and checking whether the Satellite tab contains any configured satellites https://docs.paloaltonetworks.com/ngfw/administration/large-scale-vpn-lsvpn/configure-the-globalprotect-portal-for-lsvpn/define-the-satellite-configurations ."
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "12.1.4-h8",
"versionStartIncluding": "12.1.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "12.1.7-h2",
"versionStartIncluding": "12.1.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "12.1.8",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.2.4-h20",
"versionStartIncluding": "11.2.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.2.7-h18",
"versionStartIncluding": "11.2.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.2.10-h12",
"versionStartIncluding": "11.2.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.2.13",
"versionStartIncluding": "11.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.1.4-h35",
"versionStartIncluding": "11.1.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.1.6-h35",
"versionStartIncluding": "11.1.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.1.7-h8",
"versionStartIncluding": "11.1.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.1.10-h30",
"versionStartIncluding": "11.1.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.1.13-h9",
"versionStartIncluding": "11.1.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.1.16",
"versionStartIncluding": "11.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.2.7-h36",
"versionStartIncluding": "10.2.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.2.10-h39",
"versionStartIncluding": "10.2.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.2.13-h23",
"versionStartIncluding": "10.2.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.2.16-h9",
"versionStartIncluding": "10.2.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.2.18-h8",
"versionStartIncluding": "10.2.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "our internal security research teams"
}
],
"datePublic": "2026-07-08T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An XML injection vulnerability in the Large Scale VPN (LSVPN) functionality of Palo Alto Networks PAN-OS\u00ae software enables an unauthenticated attacker with network access to inject malicious XML content, potentially leading to information disclosure or corruption of internal LSVPN satellite data.\u003cbr\u003e\u003cbr\u003ePanorama, Cloud NGFW, and Prisma\u00ae Access are not impacted by this vulnerability."
}
],
"value": "An XML injection vulnerability in the Large Scale VPN (LSVPN) functionality of Palo Alto Networks PAN-OS\u00ae software enables an unauthenticated attacker with network access to inject malicious XML content, potentially leading to information disclosure or corruption of internal LSVPN satellite data.\n\nPanorama, Cloud NGFW, and Prisma\u00ae Access are not impacted by this vulnerability."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"impacts": [
{
"capecId": "CAPEC-250",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-250 XML Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "AUTOMATIC",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"exploitMaturity": "UNREPORTED",
"privilegesRequired": "NONE",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:H/SI:L/SA:L/E:U/AU:N/R:A/V:D/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T18:59:57.586Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2026-0284"
}
],
"solutions": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ctable\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eVersion\u003c/th\u003e\u003cth\u003eMinor Version Range\u003c/th\u003e\u003cth\u003eSuggested Solution\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eCloud NGFW\u003c/td\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 12.1\u003c/td\u003e\u003ctd\u003e12.1.5 through 12.1.7-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 12.1.7-h2 or 12.1.8 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e12.1.2 through 12.1.4-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 12.1.4-h8 or 12.1.8 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 11.2\u003c/td\u003e\u003ctd\u003e11.2.11 through 11.2.12\u003c/td\u003e\u003ctd\u003eUpgrade to 11.2.13 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.2.8 through 11.2.10-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.2.10-h12 or 11.2.13 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.2.5 through 11.2.7-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.2.7-h18 or 11.2.13 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.2.0 through 11.2.4-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.2.4-h20 or 11.2.13 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 11.1\u003c/td\u003e\u003ctd\u003e11.1.14 through 11.1.15\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.16 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.1.11 through 11.1.13-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.13-h9 or 11.1.16 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.1.8 through 11.1.10-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.10-h30 or 11.1.16 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.1.7 through 11.1.7-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.7-h8 or 11.1.16 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.1.5 through 11.1.6-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.6-h35 or 11.1.16 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.1.0 through 11.1.4-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.4-h35 or 11.1.16 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 10.2\u003c/td\u003e\u003ctd\u003e10.2.17 through 10.2.18-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 10.2.18-h8 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e10.2.14 through 10.2.16-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 10.2.16-h9 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e10.2.11 through 10.2.13-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 10.2.13-h23 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e10.2.8 through 10.2.10-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 10.2.10-h39 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e10.2.0 through 10.2.7-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 10.2.7-h36 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eAll other older\u003cbr\u003eunsupported\u003cbr\u003ePAN-OS versions\u003c/td\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003eUpgrade to a supported fixed version.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePrisma Access\u003c/td\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e"
}
],
"value": "VersionMinor Version RangeSuggested SolutionCloud NGFW\nNo action needed.PAN-OS 12.112.1.5 through 12.1.7-h*Upgrade to 12.1.7-h2 or 12.1.8 or later.\n12.1.2 through 12.1.4-h*Upgrade to 12.1.4-h8 or 12.1.8 or later.PAN-OS 11.211.2.11 through 11.2.12Upgrade to 11.2.13 or later.\n11.2.8 through 11.2.10-h*Upgrade to 11.2.10-h12 or 11.2.13 or later.\n11.2.5 through 11.2.7-h*Upgrade to 11.2.7-h18 or 11.2.13 or later.\n11.2.0 through 11.2.4-h*Upgrade to 11.2.4-h20 or 11.2.13 or later.PAN-OS 11.111.1.14 through 11.1.15Upgrade to 11.1.16 or later.\n11.1.11 through 11.1.13-h*Upgrade to 11.1.13-h9 or 11.1.16 or later.\n11.1.8 through 11.1.10-h*Upgrade to 11.1.10-h30 or 11.1.16 or later.\n11.1.7 through 11.1.7-h*Upgrade to 11.1.7-h8 or 11.1.16 or later.\n11.1.5 through 11.1.6-h*Upgrade to 11.1.6-h35 or 11.1.16 or later.\n11.1.0 through 11.1.4-h*Upgrade to 11.1.4-h35 or 11.1.16 or later.PAN-OS 10.210.2.17 through 10.2.18-h*Upgrade to 10.2.18-h8 or later.\n10.2.14 through 10.2.16-h*Upgrade to 10.2.16-h9 or later.\n10.2.11 through 10.2.13-h*Upgrade to 10.2.13-h23 or later.\n10.2.8 through 10.2.10-h*Upgrade to 10.2.10-h39 or later.\n10.2.0 through 10.2.7-h*Upgrade to 10.2.7-h36 or later.All other older\nunsupported\nPAN-OS versions\nUpgrade to a supported fixed version.Prisma Access\nNo action needed."
}
],
"source": {
"discovery": "INTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2026-07-08T16:00:00.000Z",
"value": "Initial publication"
}
],
"title": "PAN-OS: XML Injection Vulnerability in Large Scale VPN (LSVPN)",
"workarounds": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "No known workarounds exist for this issue.\u003cbr\u003e\u003cbr\u003eCustomers with a Threat Prevention subscription are provided with limited coverage against this vulnerability by enabling Threat ID 510031 (from Applications and Threats content version\u0026nbsp;9122-10145 and later).\u003cbr\u003e\u003cp\u003eTo ensure the Threat ID provides effective protection against this vulnerability, ensure that \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/globalprotect-articles/applying-vulnerability-protection-to-globalprotect-interfaces/ta-p/340184\"\u003evulnerability protection security profile is applied to your GlobalProtect interface\u003c/a\u003e.\u003c/p\u003e"
}
],
"value": "No known workarounds exist for this issue.\n\nCustomers with a Threat Prevention subscription are provided with limited coverage against this vulnerability by enabling Threat ID 510031 (from Applications and Threats content version\u00a09122-10145 and later).\n\n\nTo ensure the Threat ID provides effective protection against this vulnerability, ensure that vulnerability protection security profile is applied to your GlobalProtect interface https://live.paloaltonetworks.com/t5/globalprotect-articles/applying-vulnerability-protection-to-globalprotect-interfaces/ta-p/340184 ."
}
],
"x_affectedList": [
"PAN-OS 12.1.7",
"PAN-OS 12.1.6",
"PAN-OS 12.1.5",
"PAN-OS 12.1.4-h6",
"PAN-OS 12.1.4-h5",
"PAN-OS 12.1.4-h3",
"PAN-OS 12.1.4-h2",
"PAN-OS 12.1.4",
"PAN-OS 12.1.3-h3",
"PAN-OS 12.1.3-h1",
"PAN-OS 12.1.3",
"PAN-OS 12.1.2",
"PAN-OS 11.2.12",
"PAN-OS 11.2.11",
"PAN-OS 11.2.10-h8",
"PAN-OS 11.2.10-h7",
"PAN-OS 11.2.10-h6",
"PAN-OS 11.2.10-h5",
"PAN-OS 11.2.10-h4",
"PAN-OS 11.2.10-h3",
"PAN-OS 11.2.10-h2",
"PAN-OS 11.2.10-h1",
"PAN-OS 11.2.10",
"PAN-OS 11.2.9",
"PAN-OS 11.2.8",
"PAN-OS 11.2.7-h15",
"PAN-OS 11.2.7-h14",
"PAN-OS 11.2.7-h13",
"PAN-OS 11.2.7-h12",
"PAN-OS 11.2.7-h11",
"PAN-OS 11.2.7-h10",
"PAN-OS 11.2.7-h8",
"PAN-OS 11.2.7-h7",
"PAN-OS 11.2.7-h4",
"PAN-OS 11.2.7-h3",
"PAN-OS 11.2.7-h2",
"PAN-OS 11.2.7-h1",
"PAN-OS 11.2.7",
"PAN-OS 11.2.6",
"PAN-OS 11.2.5",
"PAN-OS 11.2.4-h17",
"PAN-OS 11.2.4-h15",
"PAN-OS 11.2.4-h14",
"PAN-OS 11.2.4-h12",
"PAN-OS 11.2.4-h11",
"PAN-OS 11.2.4-h10",
"PAN-OS 11.2.4-h9",
"PAN-OS 11.2.4-h8",
"PAN-OS 11.2.4-h7",
"PAN-OS 11.2.4-h6",
"PAN-OS 11.2.4-h5",
"PAN-OS 11.2.4-h4",
"PAN-OS 11.2.4-h3",
"PAN-OS 11.2.4-h2",
"PAN-OS 11.2.4-h1",
"PAN-OS 11.2.4",
"PAN-OS 11.2.3-h5",
"PAN-OS 11.2.3-h4",
"PAN-OS 11.2.3-h3",
"PAN-OS 11.2.3-h2",
"PAN-OS 11.2.3-h1",
"PAN-OS 11.2.3",
"PAN-OS 11.2.2-h2",
"PAN-OS 11.2.2-h1",
"PAN-OS 11.2.1-h1",
"PAN-OS 11.2.1",
"PAN-OS 11.2.0-h1",
"PAN-OS 11.2.0",
"PAN-OS 11.1.15",
"PAN-OS 11.1.14",
"PAN-OS 11.1.13-h6",
"PAN-OS 11.1.13-h5",
"PAN-OS 11.1.13-h3",
"PAN-OS 11.1.13-h2",
"PAN-OS 11.1.13-h1",
"PAN-OS 11.1.13",
"PAN-OS 11.1.12",
"PAN-OS 11.1.11",
"PAN-OS 11.1.10-h26",
"PAN-OS 11.1.10-h25",
"PAN-OS 11.1.10-h21",
"PAN-OS 11.1.10-h12",
"PAN-OS 11.1.10-h10",
"PAN-OS 11.1.10-h9",
"PAN-OS 11.1.10-h7",
"PAN-OS 11.1.10-h5",
"PAN-OS 11.1.10-h4",
"PAN-OS 11.1.10-h1",
"PAN-OS 11.1.10",
"PAN-OS 11.1.9",
"PAN-OS 11.1.8",
"PAN-OS 11.1.6-h32",
"PAN-OS 11.1.6-h29",
"PAN-OS 11.1.6-h25",
"PAN-OS 11.1.6-h23",
"PAN-OS 11.1.6-h22",
"PAN-OS 11.1.6-h21",
"PAN-OS 11.1.6-h20",
"PAN-OS 11.1.6-h19",
"PAN-OS 11.1.6-h18",
"PAN-OS 11.1.6-h17",
"PAN-OS 11.1.6-h14",
"PAN-OS 11.1.6-h10",
"PAN-OS 11.1.6-h7",
"PAN-OS 11.1.6-h6",
"PAN-OS 11.1.6-h4",
"PAN-OS 11.1.6-h3",
"PAN-OS 11.1.6-h2",
"PAN-OS 11.1.6-h1",
"PAN-OS 11.1.6",
"PAN-OS 11.1.5-h1",
"PAN-OS 11.1.5",
"PAN-OS 11.1.4-h33",
"PAN-OS 11.1.4-h32",
"PAN-OS 11.1.4-h27",
"PAN-OS 11.1.4-h25",
"PAN-OS 11.1.4-h18",
"PAN-OS 11.1.4-h17",
"PAN-OS 11.1.4-h15",
"PAN-OS 11.1.4-h13",
"PAN-OS 11.1.4-h12",
"PAN-OS 11.1.4-h11",
"PAN-OS 11.1.4-h10",
"PAN-OS 11.1.4-h9",
"PAN-OS 11.1.4-h8",
"PAN-OS 11.1.4-h7",
"PAN-OS 11.1.4-h6",
"PAN-OS 11.1.4-h5",
"PAN-OS 11.1.4-h4",
"PAN-OS 11.1.4-h3",
"PAN-OS 11.1.4-h2",
"PAN-OS 11.1.4-h1",
"PAN-OS 11.1.4",
"PAN-OS 11.1.3-h13",
"PAN-OS 11.1.3-h12",
"PAN-OS 11.1.3-h11",
"PAN-OS 11.1.3-h10",
"PAN-OS 11.1.3-h9",
"PAN-OS 11.1.3-h8",
"PAN-OS 11.1.3-h7",
"PAN-OS 11.1.3-h6",
"PAN-OS 11.1.3-h5",
"PAN-OS 11.1.3-h4",
"PAN-OS 11.1.3-h3",
"PAN-OS 11.1.3-h2",
"PAN-OS 11.1.3-h1",
"PAN-OS 11.1.3",
"PAN-OS 11.1.2-h18",
"PAN-OS 11.1.2-h17",
"PAN-OS 11.1.2-h16",
"PAN-OS 11.1.2-h15",
"PAN-OS 11.1.2-h14",
"PAN-OS 11.1.2-h13",
"PAN-OS 11.1.2-h12",
"PAN-OS 11.1.2-h11",
"PAN-OS 11.1.2-h10",
"PAN-OS 11.1.2-h9",
"PAN-OS 11.1.2-h8",
"PAN-OS 11.1.2-h7",
"PAN-OS 11.1.2-h6",
"PAN-OS 11.1.2-h5",
"PAN-OS 11.1.2-h4",
"PAN-OS 11.1.2-h3",
"PAN-OS 11.1.2-h2",
"PAN-OS 11.1.2-h1",
"PAN-OS 11.1.2",
"PAN-OS 11.1.1-h2",
"PAN-OS 11.1.1-h1",
"PAN-OS 11.1.1",
"PAN-OS 11.1.0-h4",
"PAN-OS 11.1.0-h3",
"PAN-OS 11.1.0-h2",
"PAN-OS 11.1.0-h1",
"PAN-OS 11.1.0",
"PAN-OS 10.2.18-h6",
"PAN-OS 10.2.18-h5",
"PAN-OS 10.2.18-h1",
"PAN-OS 10.2.18",
"PAN-OS 10.2.17",
"PAN-OS 10.2.16-h7",
"PAN-OS 10.2.16-h6",
"PAN-OS 10.2.16-h4",
"PAN-OS 10.2.16-h1",
"PAN-OS 10.2.16",
"PAN-OS 10.2.15",
"PAN-OS 10.2.14-h1",
"PAN-OS 10.2.14",
"PAN-OS 10.2.13-h21",
"PAN-OS 10.2.13-h18",
"PAN-OS 10.2.13-h16",
"PAN-OS 10.2.13-h15",
"PAN-OS 10.2.13-h10",
"PAN-OS 10.2.13-h7",
"PAN-OS 10.2.13-h5",
"PAN-OS 10.2.13-h4",
"PAN-OS 10.2.13-h3",
"PAN-OS 10.2.13-h2",
"PAN-OS 10.2.13-h1",
"PAN-OS 10.2.13",
"PAN-OS 10.2.12-h6",
"PAN-OS 10.2.12-h5",
"PAN-OS 10.2.12-h4",
"PAN-OS 10.2.12-h3",
"PAN-OS 10.2.12-h2",
"PAN-OS 10.2.12-h1",
"PAN-OS 10.2.12",
"PAN-OS 10.2.11-h13",
"PAN-OS 10.2.11-h12",
"PAN-OS 10.2.11-h11",
"PAN-OS 10.2.11-h10",
"PAN-OS 10.2.11-h9",
"PAN-OS 10.2.11-h8",
"PAN-OS 10.2.11-h7",
"PAN-OS 10.2.11-h6",
"PAN-OS 10.2.11-h5",
"PAN-OS 10.2.11-h4",
"PAN-OS 10.2.11-h3",
"PAN-OS 10.2.11-h2",
"PAN-OS 10.2.11-h1",
"PAN-OS 10.2.11",
"PAN-OS 10.2.10-h36",
"PAN-OS 10.2.10-h31",
"PAN-OS 10.2.10-h30",
"PAN-OS 10.2.10-h27",
"PAN-OS 10.2.10-h26",
"PAN-OS 10.2.10-h23",
"PAN-OS 10.2.10-h21",
"PAN-OS 10.2.10-h18",
"PAN-OS 10.2.10-h17",
"PAN-OS 10.2.10-h14",
"PAN-OS 10.2.10-h13",
"PAN-OS 10.2.10-h12",
"PAN-OS 10.2.10-h11",
"PAN-OS 10.2.10-h10",
"PAN-OS 10.2.10-h9",
"PAN-OS 10.2.10-h8",
"PAN-OS 10.2.10-h7",
"PAN-OS 10.2.10-h6",
"PAN-OS 10.2.10-h5",
"PAN-OS 10.2.10-h4",
"PAN-OS 10.2.10-h3",
"PAN-OS 10.2.10-h2",
"PAN-OS 10.2.10-h1",
"PAN-OS 10.2.10",
"PAN-OS 10.2.9-h21",
"PAN-OS 10.2.9-h20",
"PAN-OS 10.2.9-h19",
"PAN-OS 10.2.9-h18",
"PAN-OS 10.2.9-h17",
"PAN-OS 10.2.9-h16",
"PAN-OS 10.2.9-h15",
"PAN-OS 10.2.9-h14",
"PAN-OS 10.2.9-h13",
"PAN-OS 10.2.9-h12",
"PAN-OS 10.2.9-h11",
"PAN-OS 10.2.9-h10",
"PAN-OS 10.2.9-h9",
"PAN-OS 10.2.9-h8",
"PAN-OS 10.2.9-h7",
"PAN-OS 10.2.9-h6",
"PAN-OS 10.2.9-h5",
"PAN-OS 10.2.9-h4",
"PAN-OS 10.2.9-h3",
"PAN-OS 10.2.9-h2",
"PAN-OS 10.2.9-h1",
"PAN-OS 10.2.9",
"PAN-OS 10.2.8-h21",
"PAN-OS 10.2.8-h20",
"PAN-OS 10.2.8-h19",
"PAN-OS 10.2.8-h18",
"PAN-OS 10.2.8-h17",
"PAN-OS 10.2.8-h16",
"PAN-OS 10.2.8-h15",
"PAN-OS 10.2.8-h14",
"PAN-OS 10.2.8-h13",
"PAN-OS 10.2.8-h12",
"PAN-OS 10.2.8-h11",
"PAN-OS 10.2.8-h10",
"PAN-OS 10.2.8-h9",
"PAN-OS 10.2.8-h8",
"PAN-OS 10.2.8-h7",
"PAN-OS 10.2.8-h6",
"PAN-OS 10.2.8-h5",
"PAN-OS 10.2.8-h4",
"PAN-OS 10.2.8-h3",
"PAN-OS 10.2.8-h2",
"PAN-OS 10.2.8-h1",
"PAN-OS 10.2.8",
"PAN-OS 10.2.7-h34",
"PAN-OS 10.2.7-h32",
"PAN-OS 10.2.7-h24",
"PAN-OS 10.2.7-h23",
"PAN-OS 10.2.7-h22",
"PAN-OS 10.2.7-h21",
"PAN-OS 10.2.7-h20",
"PAN-OS 10.2.7-h19",
"PAN-OS 10.2.7-h18",
"PAN-OS 10.2.7-h17",
"PAN-OS 10.2.7-h16",
"PAN-OS 10.2.7-h15",
"PAN-OS 10.2.7-h14",
"PAN-OS 10.2.7-h13",
"PAN-OS 10.2.7-h12",
"PAN-OS 10.2.7-h11",
"PAN-OS 10.2.7-h10",
"PAN-OS 10.2.7-h9",
"PAN-OS 10.2.7-h8",
"PAN-OS 10.2.7-h7",
"PAN-OS 10.2.7-h6",
"PAN-OS 10.2.7-h5",
"PAN-OS 10.2.7-h4",
"PAN-OS 10.2.7-h3",
"PAN-OS 10.2.7-h2",
"PAN-OS 10.2.7-h1",
"PAN-OS 10.2.7",
"PAN-OS 10.2.6-h6",
"PAN-OS 10.2.6-h5",
"PAN-OS 10.2.6-h4",
"PAN-OS 10.2.6-h3",
"PAN-OS 10.2.6-h2",
"PAN-OS 10.2.6-h1",
"PAN-OS 10.2.6",
"PAN-OS 10.2.5-h9",
"PAN-OS 10.2.5-h8",
"PAN-OS 10.2.5-h7",
"PAN-OS 10.2.5-h6",
"PAN-OS 10.2.5-h5",
"PAN-OS 10.2.5-h4",
"PAN-OS 10.2.5-h3",
"PAN-OS 10.2.5-h2",
"PAN-OS 10.2.5-h1",
"PAN-OS 10.2.5",
"PAN-OS 10.2.4-h32",
"PAN-OS 10.2.4-h31",
"PAN-OS 10.2.4-h30",
"PAN-OS 10.2.4-h29",
"PAN-OS 10.2.4-h28",
"PAN-OS 10.2.4-h27",
"PAN-OS 10.2.4-h26",
"PAN-OS 10.2.4-h25",
"PAN-OS 10.2.4-h24",
"PAN-OS 10.2.4-h23",
"PAN-OS 10.2.4-h22",
"PAN-OS 10.2.4-h21",
"PAN-OS 10.2.4-h20",
"PAN-OS 10.2.4-h19",
"PAN-OS 10.2.4-h18",
"PAN-OS 10.2.4-h17",
"PAN-OS 10.2.4-h16",
"PAN-OS 10.2.4-h15",
"PAN-OS 10.2.4-h14",
"PAN-OS 10.2.4-h13",
"PAN-OS 10.2.4-h12",
"PAN-OS 10.2.4-h11",
"PAN-OS 10.2.4-h10",
"PAN-OS 10.2.4-h9",
"PAN-OS 10.2.4-h8",
"PAN-OS 10.2.4-h7",
"PAN-OS 10.2.4-h6",
"PAN-OS 10.2.4-h5",
"PAN-OS 10.2.4-h4",
"PAN-OS 10.2.4-h3",
"PAN-OS 10.2.4-h2",
"PAN-OS 10.2.4-h1",
"PAN-OS 10.2.4",
"PAN-OS 10.2.3-h14",
"PAN-OS 10.2.3-h13",
"PAN-OS 10.2.3-h12",
"PAN-OS 10.2.3-h11",
"PAN-OS 10.2.3-h10",
"PAN-OS 10.2.3-h9",
"PAN-OS 10.2.3-h8",
"PAN-OS 10.2.3-h7",
"PAN-OS 10.2.3-h6",
"PAN-OS 10.2.3-h5",
"PAN-OS 10.2.3-h4",
"PAN-OS 10.2.3-h3",
"PAN-OS 10.2.3-h2",
"PAN-OS 10.2.3-h1",
"PAN-OS 10.2.3",
"PAN-OS 10.2.2-h6",
"PAN-OS 10.2.2-h5",
"PAN-OS 10.2.2-h4",
"PAN-OS 10.2.2-h3",
"PAN-OS 10.2.2-h2",
"PAN-OS 10.2.2-h1",
"PAN-OS 10.2.2",
"PAN-OS 10.2.1-h3",
"PAN-OS 10.2.1-h2",
"PAN-OS 10.2.1-h1",
"PAN-OS 10.2.1",
"PAN-OS 10.2.0-h4",
"PAN-OS 10.2.0-h3",
"PAN-OS 10.2.0-h2",
"PAN-OS 10.2.0-h1",
"PAN-OS 10.2.0"
],
"x_faq": [
{
"answer": "Limited coverage in Threat Prevention means that while known attack patterns can be identified using the current Threat ID, variations may exist that cannot currently be detected. If this CVE and Required Configuration for Exposure impact your environment, we recommend upgrading to an unaffected version.",
"question": "Why do Threat Prevention signatures provide limited coverage?"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2026-0284",
"datePublished": "2026-07-09T18:59:57.586Z",
"dateReserved": "2025-11-03T20:44:42.748Z",
"dateUpdated": "2026-07-09T19:25:27.319Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-0285 (GCVE-0-2026-0285)
Vulnerability from cvelistv5 – Published: 2026-07-09 18:58 – Updated: 2026-07-09 19:25- CWE-918 - Server-Side Request Forgery (SSRF)
| URL | Tags |
|---|---|
| https://security.paloaltonetworks.com/CVE-2026-0285 | vendor-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Palo Alto Networks | Cloud NGFW |
Unaffected:
All
(custom)
|
|
| Palo Alto Networks | PAN-OS |
Affected:
12.1.0 , < 12.1.8
(custom)
Affected: 11.2.0 , < 11.2.13 (custom) Affected: 11.1.0 , < 11.1.16 (custom) Affected: 10.2.0 , < 10.2.18-h8 (custom) cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h6:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.12:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h8:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h6:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h15:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h14:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h13:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h12:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h11:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h10:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h8:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h17:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h15:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h14:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h12:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h11:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h10:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h9:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h8:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h6:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.15:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.14:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h6:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h26:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h25:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h21:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h12:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h10:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h9:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h32:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h29:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h25:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h23:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h22:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h21:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h20:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h19:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h18:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h17:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h14:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h10:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h6:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h33:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h32:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h27:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h25:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h18:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h17:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h15:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h13:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h12:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h11:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h10:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h9:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h8:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h6:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h6:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h6:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h21:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h18:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h16:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h15:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h10:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h36:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h31:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h30:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h27:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h26:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h23:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h21:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h18:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h17:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h14:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h13:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h12:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h11:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h10:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h9:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h8:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h6:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h34:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h32:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h24:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h23:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h22:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h21:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h20:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h19:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h18:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h17:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h16:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h15:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h14:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h13:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h12:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h11:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h10:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h9:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h8:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h6:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:* |
|
| Palo Alto Networks | Prisma Access |
Unaffected:
All
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-0285",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-09T19:25:38.612302Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T19:25:44.255Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Cloud NGFW",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "unaffected",
"version": "All",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.12:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h8:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h15:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h14:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h13:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h12:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h11:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h8:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h17:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h15:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h14:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h12:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h11:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h9:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h8:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.15:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.14:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h26:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h25:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h21:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h12:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h9:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h32:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h29:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h25:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h23:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h22:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h21:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h20:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h19:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h18:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h17:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h14:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h33:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h32:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h27:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h25:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h18:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h17:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h15:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h13:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h12:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h11:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h9:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h8:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h21:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h18:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h16:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h15:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h36:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h31:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h30:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h27:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h26:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h23:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h21:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h18:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h17:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h14:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h13:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h12:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h11:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h9:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h8:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h34:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h32:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h24:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h23:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h22:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h21:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h20:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h19:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h18:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h17:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h16:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h15:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h14:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h13:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h12:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h11:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h9:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h8:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "PAN-OS",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "12.1.8",
"status": "unaffected"
},
{
"at": "12.1.7-h2",
"status": "unaffected"
},
{
"at": "12.1.4-h8",
"status": "unaffected"
}
],
"lessThan": "12.1.8",
"status": "affected",
"version": "12.1.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "11.2.13",
"status": "unaffected"
},
{
"at": "11.2.10-h11",
"status": "unaffected"
},
{
"at": "11.2.7-h18",
"status": "unaffected"
},
{
"at": "11.2.4-h20",
"status": "unaffected"
}
],
"lessThan": "11.2.13",
"status": "affected",
"version": "11.2.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "11.1.16",
"status": "unaffected"
},
{
"at": "11.1.13-h9",
"status": "unaffected"
},
{
"at": "11.1.10-h30",
"status": "unaffected"
},
{
"at": "11.1.7-h8",
"status": "unaffected"
},
{
"at": "11.1.6-h35",
"status": "unaffected"
},
{
"at": "11.1.4-h35",
"status": "unaffected"
}
],
"lessThan": "11.1.16",
"status": "affected",
"version": "11.1.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "10.2.18-h8",
"status": "unaffected"
},
{
"at": "10.2.16-h9",
"status": "unaffected"
},
{
"at": "10.2.13-h23",
"status": "unaffected"
},
{
"at": "10.2.10-h39",
"status": "unaffected"
},
{
"at": "10.2.7-h36",
"status": "unaffected"
}
],
"lessThan": "10.2.18-h8",
"status": "affected",
"version": "10.2.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Prisma Access",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "unaffected",
"version": "All",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003c/p\u003e\u003cp\u003eThe risk is greatest if you enabled access to the management interface from the internet or any untrusted network either:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003col\u003e\u003cli\u003eDirectly; or\u003c/li\u003e\u003cli\u003eThrough a dataplane interface that includes a management interface profile.\u003c/li\u003e\u003c/ol\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eYou reduce the risk if you ensure that you allow only trusted internal IP addresses to access the management interface.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "The risk is greatest if you enabled access to the management interface from the internet or any untrusted network either:\n\n\n\n\n\n * Directly; or\n * Through a dataplane interface that includes a management interface profile.\n\n\n\n\n\n\nYou reduce the risk if you ensure that you allow only trusted internal IP addresses to access the management interface."
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "12.1.4-h8",
"versionStartIncluding": "12.1.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "12.1.7-h2",
"versionStartIncluding": "12.1.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "12.1.8",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.2.4-h20",
"versionStartIncluding": "11.2.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.2.7-h18",
"versionStartIncluding": "11.2.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.2.10-h11",
"versionStartIncluding": "11.2.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.2.13",
"versionStartIncluding": "11.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.1.4-h35",
"versionStartIncluding": "11.1.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.1.6-h35",
"versionStartIncluding": "11.1.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.1.7-h8",
"versionStartIncluding": "11.1.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.1.10-h30",
"versionStartIncluding": "11.1.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.1.13-h9",
"versionStartIncluding": "11.1.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.1.16",
"versionStartIncluding": "11.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.2.7-h36",
"versionStartIncluding": "10.2.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.2.10-h39",
"versionStartIncluding": "10.2.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.2.13-h23",
"versionStartIncluding": "10.2.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.2.16-h9",
"versionStartIncluding": "10.2.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.2.18-h8",
"versionStartIncluding": "10.2.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "our internal security research teams"
}
],
"datePublic": "2026-07-08T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003cspan\u003eA server-side request forgery (SSRF) vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator with network access to the management web interface to make unauthorized requests from the firewall to internal services.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan\u003eThe security risk posed by this issue is minimized when the management interface is restricted to only trusted internal IP addresses according to our recommended\u0026nbsp;\u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"\u003e\u003cspan\u003ebest practice deployment guidelines\u003c/span\u003e\u003c/a\u003e\u003cspan\u003e.\u0026nbsp;\u003cbr\u003e\u003c/span\u003e\u003cspan\u003e\u003cbr\u003ePanorama, Cloud NGFW, and Prisma\u00ae Access are not impacted by this vulnerability.\u003c/span\u003e\u003c/p\u003e"
}
],
"value": "A server-side request forgery (SSRF) vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator with network access to the management web interface to make unauthorized requests from the firewall to internal services.\n\n\n\nThe security risk posed by this issue is minimized when the management interface is restricted to only trusted internal IP addresses according to our recommended\u00a0 best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .\u00a0\n\nPanorama, Cloud NGFW, and Prisma\u00ae Access are not impacted by this vulnerability."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"impacts": [
{
"capecId": "CAPEC-664",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-664 Server-Side Request Forgery"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"exploitMaturity": "UNREPORTED",
"privilegesRequired": "HIGH",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "The risk is highest when you allow access to the management interface from external IP addresses on the internet."
}
]
},
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"exploitMaturity": "UNREPORTED",
"privilegesRequired": "HIGH",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "You can reduce the risk of exploitation by restricting access to a jump box that is the only system allowed to access the management interface."
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T18:58:14.563Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2026-0285"
}
],
"solutions": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ctable class=\"tbl\"\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eVersion\u003cbr\u003e\u003c/th\u003e\u003cth\u003eMinor Version\u003cbr\u003e\u003c/th\u003e\u003cth\u003eSuggested Solution\u003cbr\u003e\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eCloud NGFW\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003ePAN-OS 12.1\u003cbr\u003e\u003c/td\u003e\n \u003ctd\u003e12.1.5 through 12.1.7\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n \u003ctd\u003eUpgrade to 12.1.7-h2 or 12.1.8 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd\u003e12.1.2 through 12.1.4\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n \u003ctd\u003eUpgrade to 12.1.4-h8 or 12.1.8 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003ePAN-OS 11.2\u003cbr\u003e\u003c/td\u003e\n \u003ctd\u003e11.2.11 through 11.2.12\u003c/td\u003e\n \u003ctd\u003eUpgrade to 11.2.13 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd\u003e11.2.8 through 11.2.10\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n \u003ctd\u003eUpgrade to 11.2.10-h11 or 11.2.13 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd\u003e11.2.5 through 11.2.7\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n \u003ctd\u003eUpgrade to 11.2.7-h18 or 11.2.13 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd\u003e11.2.0 through 11.2.4\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n \u003ctd\u003eUpgrade to 11.2.4-h20 or 11.2.13 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003ePAN-OS 11.1\u003cbr\u003e\u003c/td\u003e\n \u003ctd\u003e11.1.14 through 11.1.15\u003c/td\u003e\n \u003ctd\u003eUpgrade to 11.1.16 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd\u003e11.1.11 through 11.1.13\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n \u003ctd\u003eUpgrade to 11.1.13-h9 or 11.1.16 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd\u003e11.1.8 through 11.1.10\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n \u003ctd\u003eUpgrade to 11.1.10-h30 or 11.1.16 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd\u003e11.1.7 through 11.1.7\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n \u003ctd\u003eUpgrade to 11.1.7-h8 or 11.1.16 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd\u003e11.1.5 through 11.1.6\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n \u003ctd\u003eUpgrade to 11.1.6-h35 or 11.1.16 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd\u003e11.1.0 through 11.1.4\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n \u003ctd\u003eUpgrade to 11.1.4-h35 or 11.1.16 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003ePAN-OS 10.2\u003cbr\u003e\u003c/td\u003e\n \u003ctd\u003e10.2.17 through 10.2.18\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n \u003ctd\u003eUpgrade to 10.2.18-h8 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd\u003e10.2.14 through 10.2.16\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n \u003ctd\u003eUpgrade to 10.2.16-h9 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd\u003e10.2.11 through 10.2.13\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n \u003ctd\u003eUpgrade to 10.2.13-h23 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd\u003e10.2.8 through 10.2.10\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n \u003ctd\u003eUpgrade to 10.2.10-h39 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd\u003e10.2.0 through 10.2.7\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n \u003ctd\u003eUpgrade to 10.2.7-h36 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eAll older\u003cbr\u003eunsupported\u003cbr\u003ePAN-OS versions\u003c/td\u003e\u003ctd\u003e\u0026nbsp;\u003c/td\u003e\u003ctd\u003eUpgrade to a supported fixed version.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePrisma Access\u0026nbsp;\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e"
}
],
"value": "Version\nMinor Version\nSuggested Solution\nCloud NGFW\nNo action needed.\n PAN-OS 12.1\n\n 12.1.5 through 12.1.7-h*\n Upgrade to 12.1.7-h2 or 12.1.8 or later.\n \n \n 12.1.2 through 12.1.4-h*\n Upgrade to 12.1.4-h8 or 12.1.8 or later.\n \n PAN-OS 11.2\n\n 11.2.11 through 11.2.12\n Upgrade to 11.2.13 or later.\n \n \n 11.2.8 through 11.2.10-h*\n Upgrade to 11.2.10-h11 or 11.2.13 or later.\n \n \n 11.2.5 through 11.2.7-h*\n Upgrade to 11.2.7-h18 or 11.2.13 or later.\n \n \n 11.2.0 through 11.2.4-h*\n Upgrade to 11.2.4-h20 or 11.2.13 or later.\n \n PAN-OS 11.1\n\n 11.1.14 through 11.1.15\n Upgrade to 11.1.16 or later.\n \n \n 11.1.11 through 11.1.13-h*\n Upgrade to 11.1.13-h9 or 11.1.16 or later.\n \n \n 11.1.8 through 11.1.10-h*\n Upgrade to 11.1.10-h30 or 11.1.16 or later.\n \n \n 11.1.7 through 11.1.7-h*\n Upgrade to 11.1.7-h8 or 11.1.16 or later.\n \n \n 11.1.5 through 11.1.6-h*\n Upgrade to 11.1.6-h35 or 11.1.16 or later.\n \n \n 11.1.0 through 11.1.4-h*\n Upgrade to 11.1.4-h35 or 11.1.16 or later.\n \n PAN-OS 10.2\n\n 10.2.17 through 10.2.18-h*\n Upgrade to 10.2.18-h8 or later.\n \n \n 10.2.14 through 10.2.16-h*\n Upgrade to 10.2.16-h9 or later.\n \n \n 10.2.11 through 10.2.13-h*\n Upgrade to 10.2.13-h23 or later.\n \n \n 10.2.8 through 10.2.10-h*\n Upgrade to 10.2.10-h39 or later.\n \n \n 10.2.0 through 10.2.7-h*\n Upgrade to 10.2.7-h36 or later.\n All older\nunsupported\nPAN-OS versions\u00a0Upgrade to a supported fixed version.Prisma Access\u00a0\nNo action needed."
}
],
"source": {
"discovery": "INTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2026-07-08T16:00:00.000Z",
"value": "Initial publication"
}
],
"title": "PAN-OS: Server-Side Request Forgery Vulnerability in Management Web Interface",
"workarounds": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003c/p\u003e\u003cp\u003eThe vast majority of firewalls already follow Palo Alto Networks\u0027 and industry best practices. However, if you have not already, we strongly recommend that you secure access to your management interface according to our \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"\u003ebest practice deployment guidelines\u003c/a\u003e. Specifically, you should restrict management interface access to only trusted internal IP addresses.\u003c/p\u003e\u003cp\u003eReview information about how to secure management access to your Palo Alto Networks firewalls:\u003c/p\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"\u003e\u003c/a\u003e\u003cul\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"\u003e\u003c/a\u003e\u003cli\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"\u003e\u003c/a\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"\u003ePalo Alto Networks LIVEcommunity article\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices\"\u003ePalo Alto Networks official and detailed technical documentation\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eCustomers with a Threat Prevention subscription can block attacks for this vulnerability by enabling Threat ID 510030 (from Applications and Threats content version 9122-10145 and later). For these Threat IDs to protect against attacks for this vulnerability:\u003c/p\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#id59206398-3dab-4b2f-9b4b-7ea500d036ba\"\u003e\u003c/a\u003e\u003cul\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#id59206398-3dab-4b2f-9b4b-7ea500d036ba\"\u003e\u003c/a\u003e\u003cli\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#id59206398-3dab-4b2f-9b4b-7ea500d036ba\"\u003e\u003c/a\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#id59206398-3dab-4b2f-9b4b-7ea500d036ba\"\u003eRoute incoming traffic for the MGT port through a DP port\u003c/a\u003e\u0026nbsp;e.g., enabling management profile on a DP interface for management access\u003c/li\u003e\u003cli\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#id112f7714-8995-4496-bbf9-781e63dec71c\"\u003eReplace the Certificate for Inbound Traffic Management\u003c/a\u003e.\u003c/li\u003e\u003cli\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#idbbd82587-17a2-42b4-9245-d3714e1e13a2\"\u003eDecrypt inbound traffic to the management interface\u003c/a\u003e\u0026nbsp;so the firewall can inspect it.\u003c/li\u003e\u003cli\u003eEnable threat prevention on the inbound traffic to management services.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003ePlease note that this Threat ID requires SSL Decryption.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "The vast majority of firewalls already follow Palo Alto Networks\u0027 and industry best practices. However, if you have not already, we strongly recommend that you secure access to your management interface according to our best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . Specifically, you should restrict management interface access to only trusted internal IP addresses.\n\n\n\nReview information about how to secure management access to your Palo Alto Networks firewalls:\n\n https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 * https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 Palo Alto Networks LIVEcommunity article https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 \n * Palo Alto Networks official and detailed technical documentation https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices \n\n\n\n\nCustomers with a Threat Prevention subscription can block attacks for this vulnerability by enabling Threat ID 510030 (from Applications and Threats content version 9122-10145 and later). For these Threat IDs to protect against attacks for this vulnerability:\n\n https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#id59206398-3dab-4b2f-9b4b-7ea500d036ba https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#id59206398-3dab-4b2f-9b4b-7ea500d036ba * https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#id59206398-3dab-4b2f-9b4b-7ea500d036ba Route incoming traffic for the MGT port through a DP port https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#id59206398-3dab-4b2f-9b4b-7ea500d036ba \u00a0e.g., enabling management profile on a DP interface for management access\n * Replace the Certificate for Inbound Traffic Management https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#id112f7714-8995-4496-bbf9-781e63dec71c .\n * Decrypt inbound traffic to the management interface https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#idbbd82587-17a2-42b4-9245-d3714e1e13a2 \u00a0so the firewall can inspect it.\n * Enable threat prevention on the inbound traffic to management services.\n\n\n\n\nPlease note that this Threat ID requires SSL Decryption."
}
],
"x_affectedList": [
"PAN-OS 12.1.7",
"PAN-OS 12.1.6",
"PAN-OS 12.1.5",
"PAN-OS 12.1.4-h6",
"PAN-OS 12.1.4-h5",
"PAN-OS 12.1.4-h3",
"PAN-OS 12.1.4-h2",
"PAN-OS 12.1.4",
"PAN-OS 12.1.3-h3",
"PAN-OS 12.1.3-h1",
"PAN-OS 12.1.3",
"PAN-OS 12.1.2",
"PAN-OS 11.2.12",
"PAN-OS 11.2.11",
"PAN-OS 11.2.10-h8",
"PAN-OS 11.2.10-h7",
"PAN-OS 11.2.10-h6",
"PAN-OS 11.2.10-h5",
"PAN-OS 11.2.10-h4",
"PAN-OS 11.2.10-h3",
"PAN-OS 11.2.10-h2",
"PAN-OS 11.2.10-h1",
"PAN-OS 11.2.10",
"PAN-OS 11.2.9",
"PAN-OS 11.2.8",
"PAN-OS 11.2.7-h15",
"PAN-OS 11.2.7-h14",
"PAN-OS 11.2.7-h13",
"PAN-OS 11.2.7-h12",
"PAN-OS 11.2.7-h11",
"PAN-OS 11.2.7-h10",
"PAN-OS 11.2.7-h8",
"PAN-OS 11.2.7-h7",
"PAN-OS 11.2.7-h4",
"PAN-OS 11.2.7-h3",
"PAN-OS 11.2.7-h2",
"PAN-OS 11.2.7-h1",
"PAN-OS 11.2.7",
"PAN-OS 11.2.6",
"PAN-OS 11.2.5",
"PAN-OS 11.2.4-h17",
"PAN-OS 11.2.4-h15",
"PAN-OS 11.2.4-h14",
"PAN-OS 11.2.4-h12",
"PAN-OS 11.2.4-h11",
"PAN-OS 11.2.4-h10",
"PAN-OS 11.2.4-h9",
"PAN-OS 11.2.4-h8",
"PAN-OS 11.2.4-h7",
"PAN-OS 11.2.4-h6",
"PAN-OS 11.2.4-h5",
"PAN-OS 11.2.4-h4",
"PAN-OS 11.2.4-h3",
"PAN-OS 11.2.4-h2",
"PAN-OS 11.2.4-h1",
"PAN-OS 11.2.4",
"PAN-OS 11.2.3-h5",
"PAN-OS 11.2.3-h4",
"PAN-OS 11.2.3-h3",
"PAN-OS 11.2.3-h2",
"PAN-OS 11.2.3-h1",
"PAN-OS 11.2.3",
"PAN-OS 11.2.2-h2",
"PAN-OS 11.2.2-h1",
"PAN-OS 11.2.1-h1",
"PAN-OS 11.2.1",
"PAN-OS 11.2.0-h1",
"PAN-OS 11.2.0",
"PAN-OS 11.1.15",
"PAN-OS 11.1.14",
"PAN-OS 11.1.13-h6",
"PAN-OS 11.1.13-h5",
"PAN-OS 11.1.13-h3",
"PAN-OS 11.1.13-h2",
"PAN-OS 11.1.13-h1",
"PAN-OS 11.1.13",
"PAN-OS 11.1.12",
"PAN-OS 11.1.11",
"PAN-OS 11.1.10-h26",
"PAN-OS 11.1.10-h25",
"PAN-OS 11.1.10-h21",
"PAN-OS 11.1.10-h12",
"PAN-OS 11.1.10-h10",
"PAN-OS 11.1.10-h9",
"PAN-OS 11.1.10-h7",
"PAN-OS 11.1.10-h5",
"PAN-OS 11.1.10-h4",
"PAN-OS 11.1.10-h1",
"PAN-OS 11.1.10",
"PAN-OS 11.1.9",
"PAN-OS 11.1.8",
"PAN-OS 11.1.6-h32",
"PAN-OS 11.1.6-h29",
"PAN-OS 11.1.6-h25",
"PAN-OS 11.1.6-h23",
"PAN-OS 11.1.6-h22",
"PAN-OS 11.1.6-h21",
"PAN-OS 11.1.6-h20",
"PAN-OS 11.1.6-h19",
"PAN-OS 11.1.6-h18",
"PAN-OS 11.1.6-h17",
"PAN-OS 11.1.6-h14",
"PAN-OS 11.1.6-h10",
"PAN-OS 11.1.6-h7",
"PAN-OS 11.1.6-h6",
"PAN-OS 11.1.6-h4",
"PAN-OS 11.1.6-h3",
"PAN-OS 11.1.6-h2",
"PAN-OS 11.1.6-h1",
"PAN-OS 11.1.6",
"PAN-OS 11.1.5-h1",
"PAN-OS 11.1.5",
"PAN-OS 11.1.4-h33",
"PAN-OS 11.1.4-h32",
"PAN-OS 11.1.4-h27",
"PAN-OS 11.1.4-h25",
"PAN-OS 11.1.4-h18",
"PAN-OS 11.1.4-h17",
"PAN-OS 11.1.4-h15",
"PAN-OS 11.1.4-h13",
"PAN-OS 11.1.4-h12",
"PAN-OS 11.1.4-h11",
"PAN-OS 11.1.4-h10",
"PAN-OS 11.1.4-h9",
"PAN-OS 11.1.4-h8",
"PAN-OS 11.1.4-h7",
"PAN-OS 11.1.4-h6",
"PAN-OS 11.1.4-h5",
"PAN-OS 11.1.4-h4",
"PAN-OS 11.1.4-h3",
"PAN-OS 11.1.4-h2",
"PAN-OS 11.1.4-h1",
"PAN-OS 11.1.4",
"PAN-OS 11.1.3-h13",
"PAN-OS 11.1.3-h12",
"PAN-OS 11.1.3-h11",
"PAN-OS 11.1.3-h10",
"PAN-OS 11.1.3-h9",
"PAN-OS 11.1.3-h8",
"PAN-OS 11.1.3-h7",
"PAN-OS 11.1.3-h6",
"PAN-OS 11.1.3-h5",
"PAN-OS 11.1.3-h4",
"PAN-OS 11.1.3-h3",
"PAN-OS 11.1.3-h2",
"PAN-OS 11.1.3-h1",
"PAN-OS 11.1.3",
"PAN-OS 11.1.2-h18",
"PAN-OS 11.1.2-h17",
"PAN-OS 11.1.2-h16",
"PAN-OS 11.1.2-h15",
"PAN-OS 11.1.2-h14",
"PAN-OS 11.1.2-h13",
"PAN-OS 11.1.2-h12",
"PAN-OS 11.1.2-h11",
"PAN-OS 11.1.2-h10",
"PAN-OS 11.1.2-h9",
"PAN-OS 11.1.2-h8",
"PAN-OS 11.1.2-h7",
"PAN-OS 11.1.2-h6",
"PAN-OS 11.1.2-h5",
"PAN-OS 11.1.2-h4",
"PAN-OS 11.1.2-h3",
"PAN-OS 11.1.2-h2",
"PAN-OS 11.1.2-h1",
"PAN-OS 11.1.2",
"PAN-OS 11.1.1-h2",
"PAN-OS 11.1.1-h1",
"PAN-OS 11.1.1",
"PAN-OS 11.1.0-h4",
"PAN-OS 11.1.0-h3",
"PAN-OS 11.1.0-h2",
"PAN-OS 11.1.0-h1",
"PAN-OS 11.1.0",
"PAN-OS 10.2.18-h6",
"PAN-OS 10.2.18-h5",
"PAN-OS 10.2.18-h1",
"PAN-OS 10.2.18",
"PAN-OS 10.2.17",
"PAN-OS 10.2.16-h7",
"PAN-OS 10.2.16-h6",
"PAN-OS 10.2.16-h4",
"PAN-OS 10.2.16-h1",
"PAN-OS 10.2.16",
"PAN-OS 10.2.15",
"PAN-OS 10.2.14-h1",
"PAN-OS 10.2.14",
"PAN-OS 10.2.13-h21",
"PAN-OS 10.2.13-h18",
"PAN-OS 10.2.13-h16",
"PAN-OS 10.2.13-h15",
"PAN-OS 10.2.13-h10",
"PAN-OS 10.2.13-h7",
"PAN-OS 10.2.13-h5",
"PAN-OS 10.2.13-h4",
"PAN-OS 10.2.13-h3",
"PAN-OS 10.2.13-h2",
"PAN-OS 10.2.13-h1",
"PAN-OS 10.2.13",
"PAN-OS 10.2.12-h6",
"PAN-OS 10.2.12-h5",
"PAN-OS 10.2.12-h4",
"PAN-OS 10.2.12-h3",
"PAN-OS 10.2.12-h2",
"PAN-OS 10.2.12-h1",
"PAN-OS 10.2.12",
"PAN-OS 10.2.11-h13",
"PAN-OS 10.2.11-h12",
"PAN-OS 10.2.11-h11",
"PAN-OS 10.2.11-h10",
"PAN-OS 10.2.11-h9",
"PAN-OS 10.2.11-h8",
"PAN-OS 10.2.11-h7",
"PAN-OS 10.2.11-h6",
"PAN-OS 10.2.11-h5",
"PAN-OS 10.2.11-h4",
"PAN-OS 10.2.11-h3",
"PAN-OS 10.2.11-h2",
"PAN-OS 10.2.11-h1",
"PAN-OS 10.2.11",
"PAN-OS 10.2.10-h36",
"PAN-OS 10.2.10-h31",
"PAN-OS 10.2.10-h30",
"PAN-OS 10.2.10-h27",
"PAN-OS 10.2.10-h26",
"PAN-OS 10.2.10-h23",
"PAN-OS 10.2.10-h21",
"PAN-OS 10.2.10-h18",
"PAN-OS 10.2.10-h17",
"PAN-OS 10.2.10-h14",
"PAN-OS 10.2.10-h13",
"PAN-OS 10.2.10-h12",
"PAN-OS 10.2.10-h11",
"PAN-OS 10.2.10-h10",
"PAN-OS 10.2.10-h9",
"PAN-OS 10.2.10-h8",
"PAN-OS 10.2.10-h7",
"PAN-OS 10.2.10-h6",
"PAN-OS 10.2.10-h5",
"PAN-OS 10.2.10-h4",
"PAN-OS 10.2.10-h3",
"PAN-OS 10.2.10-h2",
"PAN-OS 10.2.10-h1",
"PAN-OS 10.2.10",
"PAN-OS 10.2.9-h21",
"PAN-OS 10.2.9-h20",
"PAN-OS 10.2.9-h19",
"PAN-OS 10.2.9-h18",
"PAN-OS 10.2.9-h17",
"PAN-OS 10.2.9-h16",
"PAN-OS 10.2.9-h15",
"PAN-OS 10.2.9-h14",
"PAN-OS 10.2.9-h13",
"PAN-OS 10.2.9-h12",
"PAN-OS 10.2.9-h11",
"PAN-OS 10.2.9-h10",
"PAN-OS 10.2.9-h9",
"PAN-OS 10.2.9-h8",
"PAN-OS 10.2.9-h7",
"PAN-OS 10.2.9-h6",
"PAN-OS 10.2.9-h5",
"PAN-OS 10.2.9-h4",
"PAN-OS 10.2.9-h3",
"PAN-OS 10.2.9-h2",
"PAN-OS 10.2.9-h1",
"PAN-OS 10.2.9",
"PAN-OS 10.2.8-h21",
"PAN-OS 10.2.8-h20",
"PAN-OS 10.2.8-h19",
"PAN-OS 10.2.8-h18",
"PAN-OS 10.2.8-h17",
"PAN-OS 10.2.8-h16",
"PAN-OS 10.2.8-h15",
"PAN-OS 10.2.8-h14",
"PAN-OS 10.2.8-h13",
"PAN-OS 10.2.8-h12",
"PAN-OS 10.2.8-h11",
"PAN-OS 10.2.8-h10",
"PAN-OS 10.2.8-h9",
"PAN-OS 10.2.8-h8",
"PAN-OS 10.2.8-h7",
"PAN-OS 10.2.8-h6",
"PAN-OS 10.2.8-h5",
"PAN-OS 10.2.8-h4",
"PAN-OS 10.2.8-h3",
"PAN-OS 10.2.8-h2",
"PAN-OS 10.2.8-h1",
"PAN-OS 10.2.8",
"PAN-OS 10.2.7-h34",
"PAN-OS 10.2.7-h32",
"PAN-OS 10.2.7-h24",
"PAN-OS 10.2.7-h23",
"PAN-OS 10.2.7-h22",
"PAN-OS 10.2.7-h21",
"PAN-OS 10.2.7-h20",
"PAN-OS 10.2.7-h19",
"PAN-OS 10.2.7-h18",
"PAN-OS 10.2.7-h17",
"PAN-OS 10.2.7-h16",
"PAN-OS 10.2.7-h15",
"PAN-OS 10.2.7-h14",
"PAN-OS 10.2.7-h13",
"PAN-OS 10.2.7-h12",
"PAN-OS 10.2.7-h11",
"PAN-OS 10.2.7-h10",
"PAN-OS 10.2.7-h9",
"PAN-OS 10.2.7-h8",
"PAN-OS 10.2.7-h7",
"PAN-OS 10.2.7-h6",
"PAN-OS 10.2.7-h5",
"PAN-OS 10.2.7-h4",
"PAN-OS 10.2.7-h3",
"PAN-OS 10.2.7-h2",
"PAN-OS 10.2.7-h1",
"PAN-OS 10.2.7",
"PAN-OS 10.2.6-h6",
"PAN-OS 10.2.6-h5",
"PAN-OS 10.2.6-h4",
"PAN-OS 10.2.6-h3",
"PAN-OS 10.2.6-h2",
"PAN-OS 10.2.6-h1",
"PAN-OS 10.2.6",
"PAN-OS 10.2.5-h9",
"PAN-OS 10.2.5-h8",
"PAN-OS 10.2.5-h7",
"PAN-OS 10.2.5-h6",
"PAN-OS 10.2.5-h5",
"PAN-OS 10.2.5-h4",
"PAN-OS 10.2.5-h3",
"PAN-OS 10.2.5-h2",
"PAN-OS 10.2.5-h1",
"PAN-OS 10.2.5",
"PAN-OS 10.2.4-h32",
"PAN-OS 10.2.4-h31",
"PAN-OS 10.2.4-h30",
"PAN-OS 10.2.4-h29",
"PAN-OS 10.2.4-h28",
"PAN-OS 10.2.4-h27",
"PAN-OS 10.2.4-h26",
"PAN-OS 10.2.4-h25",
"PAN-OS 10.2.4-h24",
"PAN-OS 10.2.4-h23",
"PAN-OS 10.2.4-h22",
"PAN-OS 10.2.4-h21",
"PAN-OS 10.2.4-h20",
"PAN-OS 10.2.4-h19",
"PAN-OS 10.2.4-h18",
"PAN-OS 10.2.4-h17",
"PAN-OS 10.2.4-h16",
"PAN-OS 10.2.4-h15",
"PAN-OS 10.2.4-h14",
"PAN-OS 10.2.4-h13",
"PAN-OS 10.2.4-h12",
"PAN-OS 10.2.4-h11",
"PAN-OS 10.2.4-h10",
"PAN-OS 10.2.4-h9",
"PAN-OS 10.2.4-h8",
"PAN-OS 10.2.4-h7",
"PAN-OS 10.2.4-h6",
"PAN-OS 10.2.4-h5",
"PAN-OS 10.2.4-h4",
"PAN-OS 10.2.4-h3",
"PAN-OS 10.2.4-h2",
"PAN-OS 10.2.4-h1",
"PAN-OS 10.2.4",
"PAN-OS 10.2.3-h14",
"PAN-OS 10.2.3-h13",
"PAN-OS 10.2.3-h12",
"PAN-OS 10.2.3-h11",
"PAN-OS 10.2.3-h10",
"PAN-OS 10.2.3-h9",
"PAN-OS 10.2.3-h8",
"PAN-OS 10.2.3-h7",
"PAN-OS 10.2.3-h6",
"PAN-OS 10.2.3-h5",
"PAN-OS 10.2.3-h4",
"PAN-OS 10.2.3-h3",
"PAN-OS 10.2.3-h2",
"PAN-OS 10.2.3-h1",
"PAN-OS 10.2.3",
"PAN-OS 10.2.2-h6",
"PAN-OS 10.2.2-h5",
"PAN-OS 10.2.2-h4",
"PAN-OS 10.2.2-h3",
"PAN-OS 10.2.2-h2",
"PAN-OS 10.2.2-h1",
"PAN-OS 10.2.2",
"PAN-OS 10.2.1-h3",
"PAN-OS 10.2.1-h2",
"PAN-OS 10.2.1-h1",
"PAN-OS 10.2.1",
"PAN-OS 10.2.0-h4",
"PAN-OS 10.2.0-h3",
"PAN-OS 10.2.0-h2",
"PAN-OS 10.2.0-h1",
"PAN-OS 10.2.0"
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2026-0285",
"datePublished": "2026-07-09T18:58:14.563Z",
"dateReserved": "2025-11-03T20:44:43.620Z",
"dateUpdated": "2026-07-09T19:25:44.255Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-0286 (GCVE-0-2026-0286)
Vulnerability from cvelistv5 – Published: 2026-07-09 18:56 – Updated: 2026-07-09 19:26- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| URL | Tags |
|---|---|
| https://security.paloaltonetworks.com/CVE-2026-0286 | vendor-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Palo Alto Networks | Cloud NGFW |
Unaffected:
All
(custom)
|
|
| Palo Alto Networks | PAN-OS |
Affected:
12.1.0 , < 12.1.8
(custom)
Affected: 11.2.0 , < 11.2.13 (custom) Affected: 11.1.0 , < 11.1.16 (custom) Affected: 10.2.0 , < 10.2.18-h8 (custom) cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h6:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.12:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h8:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h6:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h15:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h14:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h13:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h12:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h11:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h10:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h8:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h17:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h15:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h14:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h12:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h11:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h10:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h9:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h8:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h6:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.15:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.14:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h6:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h26:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h25:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h21:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h12:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h10:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h9:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h32:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h29:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h25:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h23:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h22:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h21:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h20:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h19:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h18:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h17:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h14:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h10:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h6:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h33:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h32:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h27:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h25:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h18:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h17:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h15:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h13:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h12:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h11:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h10:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h9:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h8:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h6:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h6:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h6:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h21:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h18:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h16:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h15:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h10:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h36:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h31:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h30:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h27:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h26:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h23:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h21:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h18:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h17:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h14:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h13:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h12:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h11:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h10:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h9:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h8:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h6:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h34:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h32:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h24:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h23:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h22:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h21:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h20:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h19:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h18:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h17:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h16:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h15:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h14:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h13:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h12:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h11:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h10:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h9:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h8:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h6:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:* |
|
| Palo Alto Networks | Prisma Access |
Unaffected:
All
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-0286",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-09T19:25:55.330135Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T19:26:01.748Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Cloud NGFW",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "unaffected",
"version": "All",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.12:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h8:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h15:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h14:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h13:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h12:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h11:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h8:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h17:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h15:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h14:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h12:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h11:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h9:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h8:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.15:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.14:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h26:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h25:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h21:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h12:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h9:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h32:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h29:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h25:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h23:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h22:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h21:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h20:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h19:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h18:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h17:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h14:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h33:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h32:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h27:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h25:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h18:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h17:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h15:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h13:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h12:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h11:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h9:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h8:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h21:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h18:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h16:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h15:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h36:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h31:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h30:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h27:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h26:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h23:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h21:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h18:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h17:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h14:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h13:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h12:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h11:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h9:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h8:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h34:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h32:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h24:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h23:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h22:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h21:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h20:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h19:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h18:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h17:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h16:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h15:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h14:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h13:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h12:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h11:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h9:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h8:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "PAN-OS",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "12.1.8",
"status": "unaffected"
},
{
"at": "12.1.7-h2",
"status": "unaffected"
},
{
"at": "12.1.4-h8",
"status": "unaffected"
}
],
"lessThan": "12.1.8",
"status": "affected",
"version": "12.1.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "11.2.13",
"status": "unaffected"
},
{
"at": "11.2.10-h11",
"status": "unaffected"
},
{
"at": "11.2.7-h18",
"status": "unaffected"
},
{
"at": "11.2.4-h20",
"status": "unaffected"
}
],
"lessThan": "11.2.13",
"status": "affected",
"version": "11.2.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "11.1.16",
"status": "unaffected"
},
{
"at": "11.1.13-h9",
"status": "unaffected"
},
{
"at": "11.1.10-h30",
"status": "unaffected"
},
{
"at": "11.1.7-h8",
"status": "unaffected"
},
{
"at": "11.1.6-h35",
"status": "unaffected"
},
{
"at": "11.1.4-h35",
"status": "unaffected"
}
],
"lessThan": "11.1.16",
"status": "affected",
"version": "11.1.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "10.2.18-h8",
"status": "unaffected"
},
{
"at": "10.2.16-h9",
"status": "unaffected"
},
{
"at": "10.2.13-h23",
"status": "unaffected"
},
{
"at": "10.2.10-h39",
"status": "unaffected"
},
{
"at": "10.2.7-h36",
"status": "unaffected"
}
],
"lessThan": "10.2.18-h8",
"status": "affected",
"version": "10.2.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Prisma Access",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "unaffected",
"version": "All",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "No special configuration is required to be affected by this issue."
}
],
"value": "No special configuration is required to be affected by this issue."
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "12.1.8",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "12.1.7-h2",
"versionStartIncluding": "12.1.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "12.1.4-h8",
"versionStartIncluding": "12.1.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.2.13",
"versionStartIncluding": "11.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.2.10-h11",
"versionStartIncluding": "11.2.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.2.7-h18",
"versionStartIncluding": "11.2.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.2.4-h20",
"versionStartIncluding": "11.2.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.1.16",
"versionStartIncluding": "11.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.1.13-h9",
"versionStartIncluding": "11.1.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.1.10-h30",
"versionStartIncluding": "11.1.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.1.7-h8",
"versionStartIncluding": "11.1.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.1.6-h35",
"versionStartIncluding": "11.1.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.1.4-h35",
"versionStartIncluding": "11.1.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.2.18-h8",
"versionStartIncluding": "10.2.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.2.16-h9",
"versionStartIncluding": "10.2.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.2.13-h23",
"versionStartIncluding": "10.2.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.2.10-h39",
"versionStartIncluding": "10.2.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.2.7-h36",
"versionStartIncluding": "10.2.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Curious of TRAPA Security"
},
{
"lang": "en",
"type": "finder",
"value": "our internal security research teams"
}
],
"datePublic": "2026-07-08T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA command injection vulnerability in the management plane of Palo Alto Networks PAN-OS\u00ae software enables an authenticated administrator to execute arbitrary OS commands as root.\u003c/p\u003e\u003cp\u003eThe security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators.\u003c/p\u003e\u003cp\u003eThis issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series).\u003c/p\u003e\u003cp\u003eCloud NGFW and Prisma Access\u00ae are not impacted by this vulnerability.\u003c/p\u003e"
}
],
"value": "A command injection vulnerability in the management plane of Palo Alto Networks PAN-OS\u00ae software enables an authenticated administrator to execute arbitrary OS commands as root.\n\n\n\nThe security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators.\n\n\n\nThis issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series).\n\n\n\nCloud NGFW and Prisma Access\u00ae are not impacted by this vulnerability."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"exploitMaturity": "UNREPORTED",
"privilegesRequired": "HIGH",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T18:56:29.289Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2026-0286"
}
],
"solutions": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ctable class=\"tbl\"\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eVersion\u003cbr\u003e\u003c/th\u003e\u003cth\u003eMinor Version\u003cbr\u003e\u003c/th\u003e\u003cth\u003eSuggested Solution\u003cbr\u003e\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eCloud NGFW All\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003ePAN-OS 12.1\u003cbr\u003e\u003c/td\u003e\n \u003ctd\u003e12.1.5 through 12.1.7\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n \u003ctd\u003eUpgrade to 12.1.7-h2 or 12.1.8 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd\u003e12.1.2 through 12.1.4\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n \u003ctd\u003eUpgrade to 12.1.4-h8 or 12.1.8 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003ePAN-OS 11.2\u003cbr\u003e\u003c/td\u003e\n \u003ctd\u003e11.2.11 through 11.2.12\u003c/td\u003e\n \u003ctd\u003eUpgrade to 11.2.13 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd\u003e11.2.8 through 11.2.10\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n \u003ctd\u003eUpgrade to 11.2.10-h11 or 11.2.13 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd\u003e11.2.5 through 11.2.7\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n \u003ctd\u003eUpgrade to 11.2.7-h18 or 11.2.13 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd\u003e11.2.0 through 11.2.4\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n \u003ctd\u003eUpgrade to 11.2.4-h20 or 11.2.13 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003ePAN-OS 11.1\u003cbr\u003e\u003c/td\u003e\n \u003ctd\u003e11.1.14 through 11.1.15\u003c/td\u003e\n \u003ctd\u003eUpgrade to 11.1.16 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd\u003e11.1.11 through 11.1.13\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n \u003ctd\u003eUpgrade to 11.1.13-h9 or 11.1.16 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd\u003e11.1.8 through 11.1.10\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n \u003ctd\u003eUpgrade to 11.1.10-h30 or 11.1.16 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd\u003e11.1.7 through 11.1.7\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n \u003ctd\u003eUpgrade to 11.1.7-h8 or 11.1.16 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd\u003e11.1.5 through 11.1.6\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n \u003ctd\u003eUpgrade to 11.1.6-h35 or 11.1.16 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd\u003e11.1.0 through 11.1.4\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n \u003ctd\u003eUpgrade to 11.1.4-h35 or 11.1.16 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003ePAN-OS 10.2\u003cbr\u003e\u003c/td\u003e\n \u003ctd\u003e10.2.17 through 10.2.18\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n \u003ctd\u003eUpgrade to 10.2.18-h8 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd\u003e10.2.14 through 10.2.16\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n \u003ctd\u003eUpgrade to 10.2.16-h9 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd\u003e10.2.11 through 10.2.13\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n \u003ctd\u003eUpgrade to 10.2.13-h23 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd\u003e10.2.8 through 10.2.10\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n \u003ctd\u003eUpgrade to 10.2.10-h39 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd\u003e10.2.0 through 10.2.7\u003cb\u003e-\u003c/b\u003eh*\u003c/td\u003e\n \u003ctd\u003eUpgrade to 10.2.7-h36 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eAll older\u003cbr\u003eunsupported\u003cbr\u003ePAN-OS versions\u003c/td\u003e\u003ctd\u003e\u0026nbsp;\u003c/td\u003e\u003ctd\u003eUpgrade to a supported fixed version.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePrisma Access\u0026nbsp;\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e"
}
],
"value": "Version\nMinor Version\nSuggested Solution\nCloud NGFW All\nNo action needed.\n PAN-OS 12.1\n\n 12.1.5 through 12.1.7-h*\n Upgrade to 12.1.7-h2 or 12.1.8 or later.\n \n \n 12.1.2 through 12.1.4-h*\n Upgrade to 12.1.4-h8 or 12.1.8 or later.\n \n PAN-OS 11.2\n\n 11.2.11 through 11.2.12\n Upgrade to 11.2.13 or later.\n \n \n 11.2.8 through 11.2.10-h*\n Upgrade to 11.2.10-h11 or 11.2.13 or later.\n \n \n 11.2.5 through 11.2.7-h*\n Upgrade to 11.2.7-h18 or 11.2.13 or later.\n \n \n 11.2.0 through 11.2.4-h*\n Upgrade to 11.2.4-h20 or 11.2.13 or later.\n \n PAN-OS 11.1\n\n 11.1.14 through 11.1.15\n Upgrade to 11.1.16 or later.\n \n \n 11.1.11 through 11.1.13-h*\n Upgrade to 11.1.13-h9 or 11.1.16 or later.\n \n \n 11.1.8 through 11.1.10-h*\n Upgrade to 11.1.10-h30 or 11.1.16 or later.\n \n \n 11.1.7 through 11.1.7-h*\n Upgrade to 11.1.7-h8 or 11.1.16 or later.\n \n \n 11.1.5 through 11.1.6-h*\n Upgrade to 11.1.6-h35 or 11.1.16 or later.\n \n \n 11.1.0 through 11.1.4-h*\n Upgrade to 11.1.4-h35 or 11.1.16 or later.\n \n PAN-OS 10.2\n\n 10.2.17 through 10.2.18-h*\n Upgrade to 10.2.18-h8 or later.\n \n \n 10.2.14 through 10.2.16-h*\n Upgrade to 10.2.16-h9 or later.\n \n \n 10.2.11 through 10.2.13-h*\n Upgrade to 10.2.13-h23 or later.\n \n \n 10.2.8 through 10.2.10-h*\n Upgrade to 10.2.10-h39 or later.\n \n \n 10.2.0 through 10.2.7-h*\n Upgrade to 10.2.7-h36 or later.\n All older\nunsupported\nPAN-OS versions\u00a0Upgrade to a supported fixed version.Prisma Access\u00a0\n\nNo action needed."
}
],
"source": {
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2026-07-08T16:00:00.000Z",
"value": "Initial Publication"
}
],
"title": "PAN-OS: Authenticated Command Injection in CLI",
"workarounds": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003c/p\u003e\u003cp\u003eCustomers with a Threat Prevention subscription are provided with limited coverage against this vulnerability by enabling Threat ID 510036 (from Applications and Threats content version 9122-10145 and later). For these Threat IDs to protect against attacks for this vulnerability:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#id59206398-3dab-4b2f-9b4b-7ea500d036ba\"\u003eRoute incoming traffic for the MGT port through a DP port\u003c/a\u003e, e.g., enabling management profile on a DP interface for management access.\u003c/li\u003e\u003cli\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#id112f7714-8995-4496-bbf9-781e63dec71c\"\u003eReplace the Certificate for Inbound Traffic Management\u003c/a\u003e.\u0026nbsp;\u003c/li\u003e\u003cli\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#idbbd82587-17a2-42b4-9245-d3714e1e13a2\"\u003eDecrypt inbound traffic to the management\u0026nbsp;interface\u0026nbsp;so the firewall can inspect it.\u003c/a\u003e\u003c/li\u003e\u003cli\u003eEnable threat prevention on the inbound traffic to management services.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003ePlease note that this Threat ID requires SSL Decryption.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "Customers with a Threat Prevention subscription are provided with limited coverage against this vulnerability by enabling Threat ID 510036 (from Applications and Threats content version 9122-10145 and later). For these Threat IDs to protect against attacks for this vulnerability:\n\n\n\n\n\n * Route incoming traffic for the MGT port through a DP port https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#id59206398-3dab-4b2f-9b4b-7ea500d036ba , e.g., enabling management profile on a DP interface for management access.\n * Replace the Certificate for Inbound Traffic Management https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#id112f7714-8995-4496-bbf9-781e63dec71c .\u00a0\n * Decrypt inbound traffic to the management\u00a0interface\u00a0so the firewall can inspect it. https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices#idbbd82587-17a2-42b4-9245-d3714e1e13a2 \n * Enable threat prevention on the inbound traffic to management services.\n\n\n\n\n\n\n\n\nPlease note that this Threat ID requires SSL Decryption."
}
],
"x_affectedList": [
"PAN-OS 12.1.7",
"PAN-OS 12.1.6",
"PAN-OS 12.1.5",
"PAN-OS 12.1.4-h6",
"PAN-OS 12.1.4-h5",
"PAN-OS 12.1.4-h3",
"PAN-OS 12.1.4-h2",
"PAN-OS 12.1.4",
"PAN-OS 12.1.3-h3",
"PAN-OS 12.1.3-h1",
"PAN-OS 12.1.3",
"PAN-OS 12.1.2",
"PAN-OS 11.2.12",
"PAN-OS 11.2.11",
"PAN-OS 11.2.10-h8",
"PAN-OS 11.2.10-h7",
"PAN-OS 11.2.10-h6",
"PAN-OS 11.2.10-h5",
"PAN-OS 11.2.10-h4",
"PAN-OS 11.2.10-h3",
"PAN-OS 11.2.10-h2",
"PAN-OS 11.2.10-h1",
"PAN-OS 11.2.10",
"PAN-OS 11.2.9",
"PAN-OS 11.2.8",
"PAN-OS 11.2.7-h15",
"PAN-OS 11.2.7-h14",
"PAN-OS 11.2.7-h13",
"PAN-OS 11.2.7-h12",
"PAN-OS 11.2.7-h11",
"PAN-OS 11.2.7-h10",
"PAN-OS 11.2.7-h8",
"PAN-OS 11.2.7-h7",
"PAN-OS 11.2.7-h4",
"PAN-OS 11.2.7-h3",
"PAN-OS 11.2.7-h2",
"PAN-OS 11.2.7-h1",
"PAN-OS 11.2.7",
"PAN-OS 11.2.6",
"PAN-OS 11.2.5",
"PAN-OS 11.2.4-h17",
"PAN-OS 11.2.4-h15",
"PAN-OS 11.2.4-h14",
"PAN-OS 11.2.4-h12",
"PAN-OS 11.2.4-h11",
"PAN-OS 11.2.4-h10",
"PAN-OS 11.2.4-h9",
"PAN-OS 11.2.4-h8",
"PAN-OS 11.2.4-h7",
"PAN-OS 11.2.4-h6",
"PAN-OS 11.2.4-h5",
"PAN-OS 11.2.4-h4",
"PAN-OS 11.2.4-h3",
"PAN-OS 11.2.4-h2",
"PAN-OS 11.2.4-h1",
"PAN-OS 11.2.4",
"PAN-OS 11.2.3-h5",
"PAN-OS 11.2.3-h4",
"PAN-OS 11.2.3-h3",
"PAN-OS 11.2.3-h2",
"PAN-OS 11.2.3-h1",
"PAN-OS 11.2.3",
"PAN-OS 11.2.2-h2",
"PAN-OS 11.2.2-h1",
"PAN-OS 11.2.1-h1",
"PAN-OS 11.2.1",
"PAN-OS 11.2.0-h1",
"PAN-OS 11.2.0",
"PAN-OS 11.1.15",
"PAN-OS 11.1.14",
"PAN-OS 11.1.13-h6",
"PAN-OS 11.1.13-h5",
"PAN-OS 11.1.13-h3",
"PAN-OS 11.1.13-h2",
"PAN-OS 11.1.13-h1",
"PAN-OS 11.1.13",
"PAN-OS 11.1.12",
"PAN-OS 11.1.11",
"PAN-OS 11.1.10-h26",
"PAN-OS 11.1.10-h25",
"PAN-OS 11.1.10-h21",
"PAN-OS 11.1.10-h12",
"PAN-OS 11.1.10-h10",
"PAN-OS 11.1.10-h9",
"PAN-OS 11.1.10-h7",
"PAN-OS 11.1.10-h5",
"PAN-OS 11.1.10-h4",
"PAN-OS 11.1.10-h1",
"PAN-OS 11.1.10",
"PAN-OS 11.1.9",
"PAN-OS 11.1.8",
"PAN-OS 11.1.6-h32",
"PAN-OS 11.1.6-h29",
"PAN-OS 11.1.6-h25",
"PAN-OS 11.1.6-h23",
"PAN-OS 11.1.6-h22",
"PAN-OS 11.1.6-h21",
"PAN-OS 11.1.6-h20",
"PAN-OS 11.1.6-h19",
"PAN-OS 11.1.6-h18",
"PAN-OS 11.1.6-h17",
"PAN-OS 11.1.6-h14",
"PAN-OS 11.1.6-h10",
"PAN-OS 11.1.6-h7",
"PAN-OS 11.1.6-h6",
"PAN-OS 11.1.6-h4",
"PAN-OS 11.1.6-h3",
"PAN-OS 11.1.6-h2",
"PAN-OS 11.1.6-h1",
"PAN-OS 11.1.6",
"PAN-OS 11.1.5-h1",
"PAN-OS 11.1.5",
"PAN-OS 11.1.4-h33",
"PAN-OS 11.1.4-h32",
"PAN-OS 11.1.4-h27",
"PAN-OS 11.1.4-h25",
"PAN-OS 11.1.4-h18",
"PAN-OS 11.1.4-h17",
"PAN-OS 11.1.4-h15",
"PAN-OS 11.1.4-h13",
"PAN-OS 11.1.4-h12",
"PAN-OS 11.1.4-h11",
"PAN-OS 11.1.4-h10",
"PAN-OS 11.1.4-h9",
"PAN-OS 11.1.4-h8",
"PAN-OS 11.1.4-h7",
"PAN-OS 11.1.4-h6",
"PAN-OS 11.1.4-h5",
"PAN-OS 11.1.4-h4",
"PAN-OS 11.1.4-h3",
"PAN-OS 11.1.4-h2",
"PAN-OS 11.1.4-h1",
"PAN-OS 11.1.4",
"PAN-OS 11.1.3-h13",
"PAN-OS 11.1.3-h12",
"PAN-OS 11.1.3-h11",
"PAN-OS 11.1.3-h10",
"PAN-OS 11.1.3-h9",
"PAN-OS 11.1.3-h8",
"PAN-OS 11.1.3-h7",
"PAN-OS 11.1.3-h6",
"PAN-OS 11.1.3-h5",
"PAN-OS 11.1.3-h4",
"PAN-OS 11.1.3-h3",
"PAN-OS 11.1.3-h2",
"PAN-OS 11.1.3-h1",
"PAN-OS 11.1.3",
"PAN-OS 11.1.2-h18",
"PAN-OS 11.1.2-h17",
"PAN-OS 11.1.2-h16",
"PAN-OS 11.1.2-h15",
"PAN-OS 11.1.2-h14",
"PAN-OS 11.1.2-h13",
"PAN-OS 11.1.2-h12",
"PAN-OS 11.1.2-h11",
"PAN-OS 11.1.2-h10",
"PAN-OS 11.1.2-h9",
"PAN-OS 11.1.2-h8",
"PAN-OS 11.1.2-h7",
"PAN-OS 11.1.2-h6",
"PAN-OS 11.1.2-h5",
"PAN-OS 11.1.2-h4",
"PAN-OS 11.1.2-h3",
"PAN-OS 11.1.2-h2",
"PAN-OS 11.1.2-h1",
"PAN-OS 11.1.2",
"PAN-OS 11.1.1-h2",
"PAN-OS 11.1.1-h1",
"PAN-OS 11.1.1",
"PAN-OS 11.1.0-h4",
"PAN-OS 11.1.0-h3",
"PAN-OS 11.1.0-h2",
"PAN-OS 11.1.0-h1",
"PAN-OS 11.1.0",
"PAN-OS 10.2.18-h6",
"PAN-OS 10.2.18-h5",
"PAN-OS 10.2.18-h1",
"PAN-OS 10.2.18",
"PAN-OS 10.2.17",
"PAN-OS 10.2.16-h7",
"PAN-OS 10.2.16-h6",
"PAN-OS 10.2.16-h4",
"PAN-OS 10.2.16-h1",
"PAN-OS 10.2.16",
"PAN-OS 10.2.15",
"PAN-OS 10.2.14-h1",
"PAN-OS 10.2.14",
"PAN-OS 10.2.13-h21",
"PAN-OS 10.2.13-h18",
"PAN-OS 10.2.13-h16",
"PAN-OS 10.2.13-h15",
"PAN-OS 10.2.13-h10",
"PAN-OS 10.2.13-h7",
"PAN-OS 10.2.13-h5",
"PAN-OS 10.2.13-h4",
"PAN-OS 10.2.13-h3",
"PAN-OS 10.2.13-h2",
"PAN-OS 10.2.13-h1",
"PAN-OS 10.2.13",
"PAN-OS 10.2.12-h6",
"PAN-OS 10.2.12-h5",
"PAN-OS 10.2.12-h4",
"PAN-OS 10.2.12-h3",
"PAN-OS 10.2.12-h2",
"PAN-OS 10.2.12-h1",
"PAN-OS 10.2.12",
"PAN-OS 10.2.11-h13",
"PAN-OS 10.2.11-h12",
"PAN-OS 10.2.11-h11",
"PAN-OS 10.2.11-h10",
"PAN-OS 10.2.11-h9",
"PAN-OS 10.2.11-h8",
"PAN-OS 10.2.11-h7",
"PAN-OS 10.2.11-h6",
"PAN-OS 10.2.11-h5",
"PAN-OS 10.2.11-h4",
"PAN-OS 10.2.11-h3",
"PAN-OS 10.2.11-h2",
"PAN-OS 10.2.11-h1",
"PAN-OS 10.2.11",
"PAN-OS 10.2.10-h36",
"PAN-OS 10.2.10-h31",
"PAN-OS 10.2.10-h30",
"PAN-OS 10.2.10-h27",
"PAN-OS 10.2.10-h26",
"PAN-OS 10.2.10-h23",
"PAN-OS 10.2.10-h21",
"PAN-OS 10.2.10-h18",
"PAN-OS 10.2.10-h17",
"PAN-OS 10.2.10-h14",
"PAN-OS 10.2.10-h13",
"PAN-OS 10.2.10-h12",
"PAN-OS 10.2.10-h11",
"PAN-OS 10.2.10-h10",
"PAN-OS 10.2.10-h9",
"PAN-OS 10.2.10-h8",
"PAN-OS 10.2.10-h7",
"PAN-OS 10.2.10-h6",
"PAN-OS 10.2.10-h5",
"PAN-OS 10.2.10-h4",
"PAN-OS 10.2.10-h3",
"PAN-OS 10.2.10-h2",
"PAN-OS 10.2.10-h1",
"PAN-OS 10.2.10",
"PAN-OS 10.2.9-h21",
"PAN-OS 10.2.9-h20",
"PAN-OS 10.2.9-h19",
"PAN-OS 10.2.9-h18",
"PAN-OS 10.2.9-h17",
"PAN-OS 10.2.9-h16",
"PAN-OS 10.2.9-h15",
"PAN-OS 10.2.9-h14",
"PAN-OS 10.2.9-h13",
"PAN-OS 10.2.9-h12",
"PAN-OS 10.2.9-h11",
"PAN-OS 10.2.9-h10",
"PAN-OS 10.2.9-h9",
"PAN-OS 10.2.9-h8",
"PAN-OS 10.2.9-h7",
"PAN-OS 10.2.9-h6",
"PAN-OS 10.2.9-h5",
"PAN-OS 10.2.9-h4",
"PAN-OS 10.2.9-h3",
"PAN-OS 10.2.9-h2",
"PAN-OS 10.2.9-h1",
"PAN-OS 10.2.9",
"PAN-OS 10.2.8-h21",
"PAN-OS 10.2.8-h20",
"PAN-OS 10.2.8-h19",
"PAN-OS 10.2.8-h18",
"PAN-OS 10.2.8-h17",
"PAN-OS 10.2.8-h16",
"PAN-OS 10.2.8-h15",
"PAN-OS 10.2.8-h14",
"PAN-OS 10.2.8-h13",
"PAN-OS 10.2.8-h12",
"PAN-OS 10.2.8-h11",
"PAN-OS 10.2.8-h10",
"PAN-OS 10.2.8-h9",
"PAN-OS 10.2.8-h8",
"PAN-OS 10.2.8-h7",
"PAN-OS 10.2.8-h6",
"PAN-OS 10.2.8-h5",
"PAN-OS 10.2.8-h4",
"PAN-OS 10.2.8-h3",
"PAN-OS 10.2.8-h2",
"PAN-OS 10.2.8-h1",
"PAN-OS 10.2.8",
"PAN-OS 10.2.7-h34",
"PAN-OS 10.2.7-h32",
"PAN-OS 10.2.7-h24",
"PAN-OS 10.2.7-h23",
"PAN-OS 10.2.7-h22",
"PAN-OS 10.2.7-h21",
"PAN-OS 10.2.7-h20",
"PAN-OS 10.2.7-h19",
"PAN-OS 10.2.7-h18",
"PAN-OS 10.2.7-h17",
"PAN-OS 10.2.7-h16",
"PAN-OS 10.2.7-h15",
"PAN-OS 10.2.7-h14",
"PAN-OS 10.2.7-h13",
"PAN-OS 10.2.7-h12",
"PAN-OS 10.2.7-h11",
"PAN-OS 10.2.7-h10",
"PAN-OS 10.2.7-h9",
"PAN-OS 10.2.7-h8",
"PAN-OS 10.2.7-h7",
"PAN-OS 10.2.7-h6",
"PAN-OS 10.2.7-h5",
"PAN-OS 10.2.7-h4",
"PAN-OS 10.2.7-h3",
"PAN-OS 10.2.7-h2",
"PAN-OS 10.2.7-h1",
"PAN-OS 10.2.7",
"PAN-OS 10.2.6-h6",
"PAN-OS 10.2.6-h5",
"PAN-OS 10.2.6-h4",
"PAN-OS 10.2.6-h3",
"PAN-OS 10.2.6-h2",
"PAN-OS 10.2.6-h1",
"PAN-OS 10.2.6",
"PAN-OS 10.2.5-h9",
"PAN-OS 10.2.5-h8",
"PAN-OS 10.2.5-h7",
"PAN-OS 10.2.5-h6",
"PAN-OS 10.2.5-h5",
"PAN-OS 10.2.5-h4",
"PAN-OS 10.2.5-h3",
"PAN-OS 10.2.5-h2",
"PAN-OS 10.2.5-h1",
"PAN-OS 10.2.5",
"PAN-OS 10.2.4-h32",
"PAN-OS 10.2.4-h31",
"PAN-OS 10.2.4-h30",
"PAN-OS 10.2.4-h29",
"PAN-OS 10.2.4-h28",
"PAN-OS 10.2.4-h27",
"PAN-OS 10.2.4-h26",
"PAN-OS 10.2.4-h25",
"PAN-OS 10.2.4-h24",
"PAN-OS 10.2.4-h23",
"PAN-OS 10.2.4-h22",
"PAN-OS 10.2.4-h21",
"PAN-OS 10.2.4-h20",
"PAN-OS 10.2.4-h19",
"PAN-OS 10.2.4-h18",
"PAN-OS 10.2.4-h17",
"PAN-OS 10.2.4-h16",
"PAN-OS 10.2.4-h15",
"PAN-OS 10.2.4-h14",
"PAN-OS 10.2.4-h13",
"PAN-OS 10.2.4-h12",
"PAN-OS 10.2.4-h11",
"PAN-OS 10.2.4-h10",
"PAN-OS 10.2.4-h9",
"PAN-OS 10.2.4-h8",
"PAN-OS 10.2.4-h7",
"PAN-OS 10.2.4-h6",
"PAN-OS 10.2.4-h5",
"PAN-OS 10.2.4-h4",
"PAN-OS 10.2.4-h3",
"PAN-OS 10.2.4-h2",
"PAN-OS 10.2.4-h1",
"PAN-OS 10.2.4",
"PAN-OS 10.2.3-h14",
"PAN-OS 10.2.3-h13",
"PAN-OS 10.2.3-h12",
"PAN-OS 10.2.3-h11",
"PAN-OS 10.2.3-h10",
"PAN-OS 10.2.3-h9",
"PAN-OS 10.2.3-h8",
"PAN-OS 10.2.3-h7",
"PAN-OS 10.2.3-h6",
"PAN-OS 10.2.3-h5",
"PAN-OS 10.2.3-h4",
"PAN-OS 10.2.3-h3",
"PAN-OS 10.2.3-h2",
"PAN-OS 10.2.3-h1",
"PAN-OS 10.2.3",
"PAN-OS 10.2.2-h6",
"PAN-OS 10.2.2-h5",
"PAN-OS 10.2.2-h4",
"PAN-OS 10.2.2-h3",
"PAN-OS 10.2.2-h2",
"PAN-OS 10.2.2-h1",
"PAN-OS 10.2.2",
"PAN-OS 10.2.1-h3",
"PAN-OS 10.2.1-h2",
"PAN-OS 10.2.1-h1",
"PAN-OS 10.2.1",
"PAN-OS 10.2.0-h4",
"PAN-OS 10.2.0-h3",
"PAN-OS 10.2.0-h2",
"PAN-OS 10.2.0-h1",
"PAN-OS 10.2.0"
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2026-0286",
"datePublished": "2026-07-09T18:56:29.289Z",
"dateReserved": "2025-11-03T20:44:44.429Z",
"dateUpdated": "2026-07-09T19:26:01.748Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-0287 (GCVE-0-2026-0287)
Vulnerability from cvelistv5 – Published: 2026-07-09 18:51 – Updated: 2026-07-09 19:26- CWE-754 - Improper Check for Unusual or Exceptional Conditions
| URL | Tags |
|---|---|
| https://security.paloaltonetworks.com/CVE-2026-0287 | vendor-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Palo Alto Networks | Cloud NGFW |
Affected:
All
(custom)
|
|
| Palo Alto Networks | PAN-OS |
Affected:
12.1.0 , < 12.1.4-h8
(custom)
Affected: 11.2.0 , < 11.2.4-h20 (custom) Affected: 11.1.0 , < 11.1.4-h35 (custom) Affected: 10.2.0 , < 10.2.7-h36 (custom) cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h6:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.12:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h10:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h9:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h8:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h6:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h17:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h16:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h15:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h14:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h13:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h12:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h11:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h10:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h8:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h18:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h17:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h15:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h14:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h12:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h11:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h10:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h9:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h8:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h6:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.15:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.14:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h8:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h6:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h28:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h27:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h26:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h25:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h21:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h12:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h10:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h9:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h34:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h33:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h32:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h29:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h25:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h23:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h22:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h21:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h20:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h19:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h18:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h17:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h14:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h10:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h6:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h34:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h33:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h32:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h27:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h25:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h18:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h17:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h15:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h13:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h12:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h11:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h10:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h9:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h8:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h6:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h6:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h8:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h6:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h22:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h21:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h18:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h16:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h15:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h10:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h37:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h36:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h31:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h30:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h27:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h26:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h23:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h21:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h18:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h17:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h14:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h13:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h12:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h11:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h10:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h9:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h8:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h6:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h35:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h34:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h32:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h24:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h23:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h22:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h21:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h20:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h19:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h18:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h17:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h16:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h15:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h14:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h13:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h12:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h11:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h10:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h9:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h8:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h6:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:* |
|
| Palo Alto Networks | Prisma Access |
Affected:
11.2.0 , < 11.2.7-h18
(custom)
Affected: 10.2.0 , < 10.2.10-h39 (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-0287",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-09T19:26:14.381516Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T19:26:20.257Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"platforms": [
"AWS",
"Azure"
],
"product": "Cloud NGFW",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.12:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h9:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h8:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h17:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h16:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h15:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h14:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h13:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h12:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h11:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h8:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h18:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h17:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h15:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h14:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h12:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h11:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h9:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h8:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.15:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.14:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h8:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h28:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h27:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h26:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h25:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h21:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h12:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h9:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h34:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h33:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h32:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h29:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h25:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h23:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h22:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h21:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h20:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h19:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h18:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h17:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h14:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h34:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h33:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h32:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h27:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h25:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h18:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h17:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h15:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h13:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h12:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h11:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h9:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h8:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h8:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h22:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h21:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h18:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h16:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h15:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h37:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h36:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h31:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h30:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h27:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h26:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h23:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h21:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h18:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h17:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h14:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h13:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h12:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h11:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h9:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h8:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h35:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h34:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h32:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h24:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h23:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h22:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h21:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h20:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h19:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h18:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h17:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h16:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h15:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h14:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h13:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h12:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h11:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h9:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h8:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "PAN-OS",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "12.1.4-h8",
"status": "unaffected"
},
{
"at": "12.1.7-h2",
"status": "unaffected"
},
{
"at": "12.1.8",
"status": "unaffected"
}
],
"lessThan": "12.1.4-h8",
"status": "affected",
"version": "12.1.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "11.2.4-h20",
"status": "unaffected"
},
{
"at": "11.2.7-h18",
"status": "unaffected"
},
{
"at": "11.2.10-h12",
"status": "unaffected"
},
{
"at": "11.2.13",
"status": "unaffected"
}
],
"lessThan": "11.2.4-h20",
"status": "affected",
"version": "11.2.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "11.1.4-h35",
"status": "unaffected"
},
{
"at": "11.1.6-h35",
"status": "unaffected"
},
{
"at": "11.1.7-h8",
"status": "unaffected"
},
{
"at": "11.1.10-h30",
"status": "unaffected"
},
{
"at": "11.1.13-h9",
"status": "unaffected"
},
{
"at": "11.1.16",
"status": "unaffected"
}
],
"lessThan": "11.1.4-h35",
"status": "affected",
"version": "11.1.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "10.2.7-h36",
"status": "unaffected"
},
{
"at": "10.2.10-h39",
"status": "unaffected"
},
{
"at": "10.2.13-h23",
"status": "unaffected"
},
{
"at": "10.2.16-h9",
"status": "unaffected"
},
{
"at": "10.2.18-h8",
"status": "unaffected"
}
],
"lessThan": "10.2.7-h36",
"status": "affected",
"version": "10.2.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Prisma Access",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "11.2.7-h18",
"status": "unaffected"
}
],
"lessThan": "11.2.7-h18",
"status": "affected",
"version": "11.2.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "10.2.10-h39",
"status": "unaffected"
}
],
"lessThan": "10.2.10-h39",
"status": "affected",
"version": "10.2.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "No special configuration is required to be affected by this issue."
}
],
"value": "No special configuration is required to be affected by this issue."
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:palo_alto_networks:cloud_ngfw:*:*:*:*:*:AWS:*:*",
"versionStartIncluding": "all",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:cloud_ngfw:*:*:*:*:*:Azure:*:*",
"versionStartIncluding": "all",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "12.1.4-h8",
"versionStartIncluding": "12.1.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "12.1.7-h2",
"versionStartIncluding": "12.1.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "12.1.8",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.2.4-h20",
"versionStartIncluding": "11.2.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.2.7-h18",
"versionStartIncluding": "11.2.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.2.10-h12",
"versionStartIncluding": "11.2.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.2.13",
"versionStartIncluding": "11.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.1.4-h35",
"versionStartIncluding": "11.1.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.1.6-h35",
"versionStartIncluding": "11.1.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.1.7-h8",
"versionStartIncluding": "11.1.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.1.10-h30",
"versionStartIncluding": "11.1.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.1.13-h9",
"versionStartIncluding": "11.1.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.1.16",
"versionStartIncluding": "11.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.2.7-h36",
"versionStartIncluding": "10.2.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.2.10-h39",
"versionStartIncluding": "10.2.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.2.13-h23",
"versionStartIncluding": "10.2.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.2.16-h9",
"versionStartIncluding": "10.2.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.2.18-h8",
"versionStartIncluding": "10.2.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:palo_alto_networks:prisma_access:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.2.7-h18",
"versionStartIncluding": "11.2.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:prisma_access:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.2.10-h39",
"versionStartIncluding": "10.2.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "our internal security research teams"
}
],
"datePublic": "2026-07-08T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Multiple denial of service vulnerabilities in Palo Alto Networks PAN-OS\u00ae software allow an unauthenticated attacker with network access to cause a denial of service (DoS) condition by sending specially crafted network traffic to or through a dataplane interface. Repeated attempts to trigger this condition result in the firewall entering maintenance mode.\u003cbr\u003e\u003cbr\u003ePanorama is not impacted by these vulnerabilities."
}
],
"value": "Multiple denial of service vulnerabilities in Palo Alto Networks PAN-OS\u00ae software allow an unauthenticated attacker with network access to cause a denial of service (DoS) condition by sending specially crafted network traffic to or through a dataplane interface. Repeated attempts to trigger this condition result in the firewall entering maintenance mode.\n\nPanorama is not impacted by these vulnerabilities."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"impacts": [
{
"capecId": "CAPEC-153",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-153 Input Data Manipulation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"exploitMaturity": "UNREPORTED",
"privilegesRequired": "NONE",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:C/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"exploitMaturity": "UNREPORTED",
"privilegesRequired": "LOW",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:C/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "The risk of exploitation is lower for Prisma Access as it requires an authenticated user and the external network access to the dataplane interface is restricted."
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T18:51:42.539Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"name": "https://security.paloaltonetworks.com/CVE-2026-PAN-323400",
"tags": [
"vendor-advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2026-0287"
}
],
"solutions": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ctable\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eVersion\u003c/th\u003e\u003cth\u003eMinor Version Range\u003c/th\u003e\u003cth\u003eSuggested Solution\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eCloud NGFW\u003c/td\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003eCustomers who prefer to upgrade can work with Palo Alto Networks support to schedule an on-demand software upgrade.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 12.1\u003c/td\u003e\u003ctd\u003e12.1.5 through 12.1.7-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 12.1.7-h2 or 12.1.8 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e12.1.2 through 12.1.4-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 12.1.4-h8 or 12.1.8 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 11.2\u003c/td\u003e\u003ctd\u003e11.2.11 through 11.2.12\u003c/td\u003e\u003ctd\u003eUpgrade to 11.2.13 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.2.8 through 11.2.10-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.2.10-h12 or 11.2.13 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.2.5 through 11.2.7-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.2.7-h18 or 11.2.13 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.2.0 through 11.2.4-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.2.4-h20 or 11.2.13 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 11.1\u003c/td\u003e\u003ctd\u003e11.1.14 through 11.1.15\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.16 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.1.11 through 11.1.13-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.13-h9 or 11.1.16 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.1.8 through 11.1.10-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.10-h30 or 11.1.16 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.1.7 through 11.1.7-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.7-h8 or 11.1.16 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.1.5 through 11.1.6-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.6-h35 or 11.1.16 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.1.0 through 11.1.4-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.4-h35 or 11.1.16 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 10.2\u003c/td\u003e\u003ctd\u003e10.2.17 through 10.2.18-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 10.2.18-h8 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e10.2.14 through 10.2.16-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 10.2.16-h9 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e10.2.11 through 10.2.13-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 10.2.13-h23 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e10.2.8 through 10.2.10-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 10.2.10-h39 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e10.2.0 through 10.2.7-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 10.2.7-h36 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eAll other older\u003cbr\u003eunsupported\u003cbr\u003ePAN-OS versions\u003c/td\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003eUpgrade to a supported fixed version.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePrisma Access 11.2\u003c/td\u003e\u003ctd\u003e11.2.0 through 11.2.7\u003c/td\u003e\u003ctd\u003eUpgrade to 11.2.7-h18 or later.*\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePrisma Access 10.2\u003c/td\u003e\u003ctd\u003e10.2.0 through 10.2.10\u003c/td\u003e\u003ctd\u003eUpgrade to 10.2.10-h39 or later.*\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cbr\u003e* See the note under Product Status for information regarding Cloud NGFW and Prisma Access upgrades."
}
],
"value": "VersionMinor Version RangeSuggested SolutionCloud NGFW\nCustomers who prefer to upgrade can work with Palo Alto Networks support to schedule an on-demand software upgrade.PAN-OS 12.112.1.5 through 12.1.7-h*Upgrade to 12.1.7-h2 or 12.1.8 or later.\n12.1.2 through 12.1.4-h*Upgrade to 12.1.4-h8 or 12.1.8 or later.PAN-OS 11.211.2.11 through 11.2.12Upgrade to 11.2.13 or later.\n11.2.8 through 11.2.10-h*Upgrade to 11.2.10-h12 or 11.2.13 or later.\n11.2.5 through 11.2.7-h*Upgrade to 11.2.7-h18 or 11.2.13 or later.\n11.2.0 through 11.2.4-h*Upgrade to 11.2.4-h20 or 11.2.13 or later.PAN-OS 11.111.1.14 through 11.1.15Upgrade to 11.1.16 or later.\n11.1.11 through 11.1.13-h*Upgrade to 11.1.13-h9 or 11.1.16 or later.\n11.1.8 through 11.1.10-h*Upgrade to 11.1.10-h30 or 11.1.16 or later.\n11.1.7 through 11.1.7-h*Upgrade to 11.1.7-h8 or 11.1.16 or later.\n11.1.5 through 11.1.6-h*Upgrade to 11.1.6-h35 or 11.1.16 or later.\n11.1.0 through 11.1.4-h*Upgrade to 11.1.4-h35 or 11.1.16 or later.PAN-OS 10.210.2.17 through 10.2.18-h*Upgrade to 10.2.18-h8 or later.\n10.2.14 through 10.2.16-h*Upgrade to 10.2.16-h9 or later.\n10.2.11 through 10.2.13-h*Upgrade to 10.2.13-h23 or later.\n10.2.8 through 10.2.10-h*Upgrade to 10.2.10-h39 or later.\n10.2.0 through 10.2.7-h*Upgrade to 10.2.7-h36 or later.All other older\nunsupported\nPAN-OS versions\nUpgrade to a supported fixed version.Prisma Access 11.211.2.0 through 11.2.7Upgrade to 11.2.7-h18 or later.*Prisma Access 10.210.2.0 through 10.2.10Upgrade to 10.2.10-h39 or later.*\n* See the note under Product Status for information regarding Cloud NGFW and Prisma Access upgrades."
}
],
"source": {
"discovery": "INTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2026-07-08T16:00:00.000Z",
"value": "Initial publication"
}
],
"title": "PAN-OS: Denial of Service Vulnerabilities in Network Traffic Processing",
"workarounds": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "No known workarounds exist for this issue."
}
],
"value": "No known workarounds exist for this issue."
}
],
"x_affectedList": [
"PAN-OS 12.1.7-h1",
"PAN-OS 12.1.7",
"PAN-OS 12.1.6",
"PAN-OS 12.1.5",
"PAN-OS 12.1.4-h7",
"PAN-OS 12.1.4-h6",
"PAN-OS 12.1.4-h5",
"PAN-OS 12.1.4-h3",
"PAN-OS 12.1.4-h2",
"PAN-OS 12.1.4",
"PAN-OS 12.1.3-h3",
"PAN-OS 12.1.3-h1",
"PAN-OS 12.1.3",
"PAN-OS 12.1.2",
"PAN-OS 11.2.12",
"PAN-OS 11.2.11",
"PAN-OS 11.2.10-h10",
"PAN-OS 11.2.10-h9",
"PAN-OS 11.2.10-h8",
"PAN-OS 11.2.10-h7",
"PAN-OS 11.2.10-h6",
"PAN-OS 11.2.10-h5",
"PAN-OS 11.2.10-h4",
"PAN-OS 11.2.10-h3",
"PAN-OS 11.2.10-h2",
"PAN-OS 11.2.10-h1",
"PAN-OS 11.2.10",
"PAN-OS 11.2.9",
"PAN-OS 11.2.8",
"PAN-OS 11.2.7-h17",
"PAN-OS 11.2.7-h16",
"PAN-OS 11.2.7-h15",
"PAN-OS 11.2.7-h14",
"PAN-OS 11.2.7-h13",
"PAN-OS 11.2.7-h12",
"PAN-OS 11.2.7-h11",
"PAN-OS 11.2.7-h10",
"PAN-OS 11.2.7-h8",
"PAN-OS 11.2.7-h7",
"PAN-OS 11.2.7-h4",
"PAN-OS 11.2.7-h3",
"PAN-OS 11.2.7-h2",
"PAN-OS 11.2.7-h1",
"PAN-OS 11.2.7",
"PAN-OS 11.2.6",
"PAN-OS 11.2.5",
"PAN-OS 11.2.4-h18",
"PAN-OS 11.2.4-h17",
"PAN-OS 11.2.4-h15",
"PAN-OS 11.2.4-h14",
"PAN-OS 11.2.4-h12",
"PAN-OS 11.2.4-h11",
"PAN-OS 11.2.4-h10",
"PAN-OS 11.2.4-h9",
"PAN-OS 11.2.4-h8",
"PAN-OS 11.2.4-h7",
"PAN-OS 11.2.4-h6",
"PAN-OS 11.2.4-h5",
"PAN-OS 11.2.4-h4",
"PAN-OS 11.2.4-h3",
"PAN-OS 11.2.4-h2",
"PAN-OS 11.2.4-h1",
"PAN-OS 11.2.4",
"PAN-OS 11.2.3-h5",
"PAN-OS 11.2.3-h4",
"PAN-OS 11.2.3-h3",
"PAN-OS 11.2.3-h2",
"PAN-OS 11.2.3-h1",
"PAN-OS 11.2.3",
"PAN-OS 11.2.2-h2",
"PAN-OS 11.2.2-h1",
"PAN-OS 11.2.1-h1",
"PAN-OS 11.2.1",
"PAN-OS 11.2.0-h1",
"PAN-OS 11.2.0",
"PAN-OS 11.1.15",
"PAN-OS 11.1.14",
"PAN-OS 11.1.13-h8",
"PAN-OS 11.1.13-h7",
"PAN-OS 11.1.13-h6",
"PAN-OS 11.1.13-h5",
"PAN-OS 11.1.13-h3",
"PAN-OS 11.1.13-h2",
"PAN-OS 11.1.13-h1",
"PAN-OS 11.1.13",
"PAN-OS 11.1.12",
"PAN-OS 11.1.11",
"PAN-OS 11.1.10-h28",
"PAN-OS 11.1.10-h27",
"PAN-OS 11.1.10-h26",
"PAN-OS 11.1.10-h25",
"PAN-OS 11.1.10-h21",
"PAN-OS 11.1.10-h12",
"PAN-OS 11.1.10-h10",
"PAN-OS 11.1.10-h9",
"PAN-OS 11.1.10-h7",
"PAN-OS 11.1.10-h5",
"PAN-OS 11.1.10-h4",
"PAN-OS 11.1.10-h1",
"PAN-OS 11.1.10",
"PAN-OS 11.1.9",
"PAN-OS 11.1.8",
"PAN-OS 11.1.6-h34",
"PAN-OS 11.1.6-h33",
"PAN-OS 11.1.6-h32",
"PAN-OS 11.1.6-h29",
"PAN-OS 11.1.6-h25",
"PAN-OS 11.1.6-h23",
"PAN-OS 11.1.6-h22",
"PAN-OS 11.1.6-h21",
"PAN-OS 11.1.6-h20",
"PAN-OS 11.1.6-h19",
"PAN-OS 11.1.6-h18",
"PAN-OS 11.1.6-h17",
"PAN-OS 11.1.6-h14",
"PAN-OS 11.1.6-h10",
"PAN-OS 11.1.6-h7",
"PAN-OS 11.1.6-h6",
"PAN-OS 11.1.6-h4",
"PAN-OS 11.1.6-h3",
"PAN-OS 11.1.6-h2",
"PAN-OS 11.1.6-h1",
"PAN-OS 11.1.6",
"PAN-OS 11.1.5-h1",
"PAN-OS 11.1.5",
"PAN-OS 11.1.4-h34",
"PAN-OS 11.1.4-h33",
"PAN-OS 11.1.4-h32",
"PAN-OS 11.1.4-h27",
"PAN-OS 11.1.4-h25",
"PAN-OS 11.1.4-h18",
"PAN-OS 11.1.4-h17",
"PAN-OS 11.1.4-h15",
"PAN-OS 11.1.4-h13",
"PAN-OS 11.1.4-h12",
"PAN-OS 11.1.4-h11",
"PAN-OS 11.1.4-h10",
"PAN-OS 11.1.4-h9",
"PAN-OS 11.1.4-h8",
"PAN-OS 11.1.4-h7",
"PAN-OS 11.1.4-h6",
"PAN-OS 11.1.4-h5",
"PAN-OS 11.1.4-h4",
"PAN-OS 11.1.4-h3",
"PAN-OS 11.1.4-h2",
"PAN-OS 11.1.4-h1",
"PAN-OS 11.1.4",
"PAN-OS 11.1.3-h13",
"PAN-OS 11.1.3-h12",
"PAN-OS 11.1.3-h11",
"PAN-OS 11.1.3-h10",
"PAN-OS 11.1.3-h9",
"PAN-OS 11.1.3-h8",
"PAN-OS 11.1.3-h7",
"PAN-OS 11.1.3-h6",
"PAN-OS 11.1.3-h5",
"PAN-OS 11.1.3-h4",
"PAN-OS 11.1.3-h3",
"PAN-OS 11.1.3-h2",
"PAN-OS 11.1.3-h1",
"PAN-OS 11.1.3",
"PAN-OS 11.1.2-h18",
"PAN-OS 11.1.2-h17",
"PAN-OS 11.1.2-h16",
"PAN-OS 11.1.2-h15",
"PAN-OS 11.1.2-h14",
"PAN-OS 11.1.2-h13",
"PAN-OS 11.1.2-h12",
"PAN-OS 11.1.2-h11",
"PAN-OS 11.1.2-h10",
"PAN-OS 11.1.2-h9",
"PAN-OS 11.1.2-h8",
"PAN-OS 11.1.2-h7",
"PAN-OS 11.1.2-h6",
"PAN-OS 11.1.2-h5",
"PAN-OS 11.1.2-h4",
"PAN-OS 11.1.2-h3",
"PAN-OS 11.1.2-h2",
"PAN-OS 11.1.2-h1",
"PAN-OS 11.1.2",
"PAN-OS 11.1.1-h2",
"PAN-OS 11.1.1-h1",
"PAN-OS 11.1.1",
"PAN-OS 11.1.0-h4",
"PAN-OS 11.1.0-h3",
"PAN-OS 11.1.0-h2",
"PAN-OS 11.1.0-h1",
"PAN-OS 11.1.0",
"PAN-OS 10.2.18-h7",
"PAN-OS 10.2.18-h6",
"PAN-OS 10.2.18-h5",
"PAN-OS 10.2.18-h1",
"PAN-OS 10.2.18",
"PAN-OS 10.2.17",
"PAN-OS 10.2.16-h8",
"PAN-OS 10.2.16-h7",
"PAN-OS 10.2.16-h6",
"PAN-OS 10.2.16-h4",
"PAN-OS 10.2.16-h1",
"PAN-OS 10.2.16",
"PAN-OS 10.2.15",
"PAN-OS 10.2.14-h1",
"PAN-OS 10.2.14",
"PAN-OS 10.2.13-h22",
"PAN-OS 10.2.13-h21",
"PAN-OS 10.2.13-h18",
"PAN-OS 10.2.13-h16",
"PAN-OS 10.2.13-h15",
"PAN-OS 10.2.13-h10",
"PAN-OS 10.2.13-h7",
"PAN-OS 10.2.13-h5",
"PAN-OS 10.2.13-h4",
"PAN-OS 10.2.13-h3",
"PAN-OS 10.2.13-h2",
"PAN-OS 10.2.13-h1",
"PAN-OS 10.2.13",
"PAN-OS 10.2.12-h6",
"PAN-OS 10.2.12-h5",
"PAN-OS 10.2.12-h4",
"PAN-OS 10.2.12-h3",
"PAN-OS 10.2.12-h2",
"PAN-OS 10.2.12-h1",
"PAN-OS 10.2.12",
"PAN-OS 10.2.11-h13",
"PAN-OS 10.2.11-h12",
"PAN-OS 10.2.11-h11",
"PAN-OS 10.2.11-h10",
"PAN-OS 10.2.11-h9",
"PAN-OS 10.2.11-h8",
"PAN-OS 10.2.11-h7",
"PAN-OS 10.2.11-h6",
"PAN-OS 10.2.11-h5",
"PAN-OS 10.2.11-h4",
"PAN-OS 10.2.11-h3",
"PAN-OS 10.2.11-h2",
"PAN-OS 10.2.11-h1",
"PAN-OS 10.2.11",
"PAN-OS 10.2.10-h37",
"PAN-OS 10.2.10-h36",
"PAN-OS 10.2.10-h31",
"PAN-OS 10.2.10-h30",
"PAN-OS 10.2.10-h27",
"PAN-OS 10.2.10-h26",
"PAN-OS 10.2.10-h23",
"PAN-OS 10.2.10-h21",
"PAN-OS 10.2.10-h18",
"PAN-OS 10.2.10-h17",
"PAN-OS 10.2.10-h14",
"PAN-OS 10.2.10-h13",
"PAN-OS 10.2.10-h12",
"PAN-OS 10.2.10-h11",
"PAN-OS 10.2.10-h10",
"PAN-OS 10.2.10-h9",
"PAN-OS 10.2.10-h8",
"PAN-OS 10.2.10-h7",
"PAN-OS 10.2.10-h6",
"PAN-OS 10.2.10-h5",
"PAN-OS 10.2.10-h4",
"PAN-OS 10.2.10-h3",
"PAN-OS 10.2.10-h2",
"PAN-OS 10.2.10-h1",
"PAN-OS 10.2.10",
"PAN-OS 10.2.9-h21",
"PAN-OS 10.2.9-h20",
"PAN-OS 10.2.9-h19",
"PAN-OS 10.2.9-h18",
"PAN-OS 10.2.9-h17",
"PAN-OS 10.2.9-h16",
"PAN-OS 10.2.9-h15",
"PAN-OS 10.2.9-h14",
"PAN-OS 10.2.9-h13",
"PAN-OS 10.2.9-h12",
"PAN-OS 10.2.9-h11",
"PAN-OS 10.2.9-h10",
"PAN-OS 10.2.9-h9",
"PAN-OS 10.2.9-h8",
"PAN-OS 10.2.9-h7",
"PAN-OS 10.2.9-h6",
"PAN-OS 10.2.9-h5",
"PAN-OS 10.2.9-h4",
"PAN-OS 10.2.9-h3",
"PAN-OS 10.2.9-h2",
"PAN-OS 10.2.9-h1",
"PAN-OS 10.2.9",
"PAN-OS 10.2.8-h21",
"PAN-OS 10.2.8-h20",
"PAN-OS 10.2.8-h19",
"PAN-OS 10.2.8-h18",
"PAN-OS 10.2.8-h17",
"PAN-OS 10.2.8-h16",
"PAN-OS 10.2.8-h15",
"PAN-OS 10.2.8-h14",
"PAN-OS 10.2.8-h13",
"PAN-OS 10.2.8-h12",
"PAN-OS 10.2.8-h11",
"PAN-OS 10.2.8-h10",
"PAN-OS 10.2.8-h9",
"PAN-OS 10.2.8-h8",
"PAN-OS 10.2.8-h7",
"PAN-OS 10.2.8-h6",
"PAN-OS 10.2.8-h5",
"PAN-OS 10.2.8-h4",
"PAN-OS 10.2.8-h3",
"PAN-OS 10.2.8-h2",
"PAN-OS 10.2.8-h1",
"PAN-OS 10.2.8",
"PAN-OS 10.2.7-h35",
"PAN-OS 10.2.7-h34",
"PAN-OS 10.2.7-h32",
"PAN-OS 10.2.7-h24",
"PAN-OS 10.2.7-h23",
"PAN-OS 10.2.7-h22",
"PAN-OS 10.2.7-h21",
"PAN-OS 10.2.7-h20",
"PAN-OS 10.2.7-h19",
"PAN-OS 10.2.7-h18",
"PAN-OS 10.2.7-h17",
"PAN-OS 10.2.7-h16",
"PAN-OS 10.2.7-h15",
"PAN-OS 10.2.7-h14",
"PAN-OS 10.2.7-h13",
"PAN-OS 10.2.7-h12",
"PAN-OS 10.2.7-h11",
"PAN-OS 10.2.7-h10",
"PAN-OS 10.2.7-h9",
"PAN-OS 10.2.7-h8",
"PAN-OS 10.2.7-h7",
"PAN-OS 10.2.7-h6",
"PAN-OS 10.2.7-h5",
"PAN-OS 10.2.7-h4",
"PAN-OS 10.2.7-h3",
"PAN-OS 10.2.7-h2",
"PAN-OS 10.2.7-h1",
"PAN-OS 10.2.7",
"PAN-OS 10.2.6-h6",
"PAN-OS 10.2.6-h5",
"PAN-OS 10.2.6-h4",
"PAN-OS 10.2.6-h3",
"PAN-OS 10.2.6-h2",
"PAN-OS 10.2.6-h1",
"PAN-OS 10.2.6",
"PAN-OS 10.2.5-h9",
"PAN-OS 10.2.5-h8",
"PAN-OS 10.2.5-h7",
"PAN-OS 10.2.5-h6",
"PAN-OS 10.2.5-h5",
"PAN-OS 10.2.5-h4",
"PAN-OS 10.2.5-h3",
"PAN-OS 10.2.5-h2",
"PAN-OS 10.2.5-h1",
"PAN-OS 10.2.5",
"PAN-OS 10.2.4-h32",
"PAN-OS 10.2.4-h31",
"PAN-OS 10.2.4-h30",
"PAN-OS 10.2.4-h29",
"PAN-OS 10.2.4-h28",
"PAN-OS 10.2.4-h27",
"PAN-OS 10.2.4-h26",
"PAN-OS 10.2.4-h25",
"PAN-OS 10.2.4-h24",
"PAN-OS 10.2.4-h23",
"PAN-OS 10.2.4-h22",
"PAN-OS 10.2.4-h21",
"PAN-OS 10.2.4-h20",
"PAN-OS 10.2.4-h19",
"PAN-OS 10.2.4-h18",
"PAN-OS 10.2.4-h17",
"PAN-OS 10.2.4-h16",
"PAN-OS 10.2.4-h15",
"PAN-OS 10.2.4-h14",
"PAN-OS 10.2.4-h13",
"PAN-OS 10.2.4-h12",
"PAN-OS 10.2.4-h11",
"PAN-OS 10.2.4-h10",
"PAN-OS 10.2.4-h9",
"PAN-OS 10.2.4-h8",
"PAN-OS 10.2.4-h7",
"PAN-OS 10.2.4-h6",
"PAN-OS 10.2.4-h5",
"PAN-OS 10.2.4-h4",
"PAN-OS 10.2.4-h3",
"PAN-OS 10.2.4-h2",
"PAN-OS 10.2.4-h1",
"PAN-OS 10.2.4",
"PAN-OS 10.2.3-h14",
"PAN-OS 10.2.3-h13",
"PAN-OS 10.2.3-h12",
"PAN-OS 10.2.3-h11",
"PAN-OS 10.2.3-h10",
"PAN-OS 10.2.3-h9",
"PAN-OS 10.2.3-h8",
"PAN-OS 10.2.3-h7",
"PAN-OS 10.2.3-h6",
"PAN-OS 10.2.3-h5",
"PAN-OS 10.2.3-h4",
"PAN-OS 10.2.3-h3",
"PAN-OS 10.2.3-h2",
"PAN-OS 10.2.3-h1",
"PAN-OS 10.2.3",
"PAN-OS 10.2.2-h6",
"PAN-OS 10.2.2-h5",
"PAN-OS 10.2.2-h4",
"PAN-OS 10.2.2-h3",
"PAN-OS 10.2.2-h2",
"PAN-OS 10.2.2-h1",
"PAN-OS 10.2.2",
"PAN-OS 10.2.1-h3",
"PAN-OS 10.2.1-h2",
"PAN-OS 10.2.1-h1",
"PAN-OS 10.2.1",
"PAN-OS 10.2.0-h4",
"PAN-OS 10.2.0-h3",
"PAN-OS 10.2.0-h2",
"PAN-OS 10.2.0-h1",
"PAN-OS 10.2.0"
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2026-0287",
"datePublished": "2026-07-09T18:51:42.539Z",
"dateReserved": "2025-11-03T20:44:45.634Z",
"dateUpdated": "2026-07-09T19:26:20.257Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-0288 (GCVE-0-2026-0288)
Vulnerability from cvelistv5 – Published: 2026-07-08 20:14 – Updated: 2026-07-09 18:48- CWE-787 - Out-of-bounds Write
| Vendor | Product | Version | |
|---|---|---|---|
| Palo Alto Networks | Cloud NGFW |
Unaffected:
All
(custom)
|
|
| Palo Alto Networks | PAN-OS |
Affected:
12.1.0 , < 12.1.8
(custom)
Affected: 11.2.0 , < 11.2.13 (custom) Affected: 11.1.0 , < 11.1.16 (custom) Affected: 10.2.0 , < 10.2.7-h36 (custom) cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h6:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.12:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h10:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h9:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h8:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h6:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h17:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h16:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h15:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h14:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h13:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h12:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h11:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h10:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h8:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h18:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h17:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h15:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h14:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h12:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h11:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h10:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h9:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h8:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h6:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.15:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.14:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h8:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h6:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h28:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h27:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h26:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h25:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h21:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h12:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h10:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h9:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h34:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h33:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h32:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h29:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h25:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h23:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h22:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h21:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h20:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h19:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h18:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h17:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h14:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h10:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h6:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h34:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h33:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h32:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h27:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h25:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h18:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h17:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h15:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h13:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h12:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h11:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h10:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h9:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h8:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h6:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h6:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h8:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h6:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h22:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h21:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h18:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h16:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h15:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h10:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h37:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h36:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h31:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h30:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h27:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h26:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h23:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h21:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h18:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h17:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h14:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h13:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h12:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h11:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h10:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h9:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h8:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h6:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h35:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h34:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h32:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h24:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h23:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h22:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h21:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h20:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h19:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h18:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h17:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h16:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h15:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h14:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h13:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h12:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h11:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h10:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h9:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h8:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h6:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:* |
|
| Palo Alto Networks | Prisma Access |
Affected:
11.2.0 , < 11.2.7-h18
(custom)
Affected: 10.2.0 , < 10.2.10-h39 (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-0288",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-09T03:55:51.922548Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T13:54:42.864Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"platforms": [
"AWS",
"Azure"
],
"product": "Cloud NGFW",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "unaffected",
"version": "All",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.12:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h9:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h8:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h17:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h16:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h15:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h14:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h13:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h12:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h11:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h8:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h18:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h17:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h15:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h14:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h12:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h11:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h9:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h8:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.15:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.14:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h8:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h28:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h27:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h26:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h25:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h21:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h12:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h9:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h34:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h33:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h32:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h29:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h25:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h23:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h22:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h21:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h20:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h19:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h18:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h17:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h14:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h34:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h33:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h32:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h27:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h25:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h18:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h17:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h15:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h13:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h12:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h11:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h9:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h8:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h8:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h22:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h21:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h18:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h16:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h15:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h37:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h36:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h31:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h30:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h27:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h26:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h23:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h21:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h18:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h17:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h14:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h13:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h12:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h11:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h9:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h8:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h35:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h34:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h32:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h24:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h23:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h22:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h21:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h20:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h19:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h18:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h17:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h16:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h15:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h14:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h13:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h12:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h11:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h9:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h8:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "PAN-OS",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "12.1.8",
"status": "unaffected"
},
{
"at": "12.1.7-h2",
"status": "unaffected"
},
{
"at": "12.1.4-h8",
"status": "unaffected"
}
],
"lessThan": "12.1.8",
"status": "affected",
"version": "12.1.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "11.2.13",
"status": "unaffected"
},
{
"at": "11.2.10-h12",
"status": "unaffected"
},
{
"at": "11.2.7-h18",
"status": "unaffected"
},
{
"at": "11.2.4-h20",
"status": "unaffected"
}
],
"lessThan": "11.2.13",
"status": "affected",
"version": "11.2.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "11.1.16",
"status": "unaffected"
},
{
"at": "11.1.13-h9",
"status": "unaffected"
},
{
"at": "11.1.10-h30",
"status": "unaffected"
},
{
"at": "11.1.7-h8",
"status": "unaffected"
},
{
"at": "11.1.6-h35",
"status": "unaffected"
},
{
"at": "11.1.4-h35",
"status": "unaffected"
}
],
"lessThan": "11.1.16",
"status": "affected",
"version": "11.1.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "10.2.18-h8",
"status": "unaffected"
},
{
"at": "10.2.16-h9",
"status": "unaffected"
},
{
"at": "10.2.13-h23",
"status": "unaffected"
},
{
"at": "10.2.10-h39",
"status": "unaffected"
},
{
"at": "10.2.7-h36",
"status": "unaffected"
}
],
"lessThan": "10.2.7-h36",
"status": "affected",
"version": "10.2.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Prisma Access",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "11.2.7-h18",
"status": "unaffected"
}
],
"lessThan": "11.2.7-h18",
"status": "affected",
"version": "11.2.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "10.2.10-h39",
"status": "unaffected"
}
],
"lessThan": "10.2.10-h39",
"status": "affected",
"version": "10.2.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003cspan\u003eThis issue only affects PAN-OS devices with at least one Terminal Server Agent (TSA) entry configured\u003c/span\u003e\u003cb\u003e\u003cspan\u003e\u003cbr\u003e\u003c/span\u003e\u003cspan\u003e\u003cbr\u003e\u003c/span\u003e\u003c/b\u003e\u003cspan\u003eTo check if a PAN-OS device has a Terminal Server Agent configured, navigate to:\u003c/span\u003e\u003cb\u003e\u003cspan\u003e\u003cbr\u003e\u003c/span\u003e\u003cspan\u003e\u003cbr\u003e\u003c/span\u003e\u003c/b\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/ngfw/help/12-1/user-identification/device-user-identification-terminal-services-agents\"\u003e\u003cspan\u003eDevice \u0026gt; User Identification \u0026gt; Terminal Server Agents\u003c/span\u003e\u003c/a\u003e\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "This issue only affects PAN-OS devices with at least one Terminal Server Agent (TSA) entry configured\n\nTo check if a PAN-OS device has a Terminal Server Agent configured, navigate to:\n\n Device \u003e User Identification \u003e Terminal Server Agents https://docs.paloaltonetworks.com/ngfw/help/12-1/user-identification/device-user-identification-terminal-services-agents"
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "12.1.8",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "12.1.7-h2",
"versionStartIncluding": "12.1.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "12.1.4-h8",
"versionStartIncluding": "12.1.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.2.13",
"versionStartIncluding": "11.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.2.10-h12",
"versionStartIncluding": "11.2.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.2.7-h18",
"versionStartIncluding": "11.2.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.2.4-h20",
"versionStartIncluding": "11.2.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.1.16",
"versionStartIncluding": "11.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.1.13-h9",
"versionStartIncluding": "11.1.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.1.10-h30",
"versionStartIncluding": "11.1.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.1.7-h8",
"versionStartIncluding": "11.1.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.1.6-h35",
"versionStartIncluding": "11.1.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.1.4-h35",
"versionStartIncluding": "11.1.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.2.18-h8",
"versionStartIncluding": "10.2.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.2.16-h9",
"versionStartIncluding": "10.2.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.2.13-h23",
"versionStartIncluding": "10.2.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.2.10-h39",
"versionStartIncluding": "10.2.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.2.7-h36",
"versionStartIncluding": "10.2.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:palo_alto_networks:prisma_access:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.2.7-h18",
"versionStartIncluding": "11.2.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:prisma_access:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.2.10-h39",
"versionStartIncluding": "10.2.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Liang Zhu"
}
],
"datePublic": "2026-07-08T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMultiple buffer overflow vulnerabilities in the User-ID Terminal Server Agent (TSA) component of Palo Alto Networks PAN-OS software allow an unauthenticated attacker with network access to cause a denial of service (DoS) condition or potentially execute arbitrary code by sending specially crafted network traffic.\u003cb\u003e\u003cbr\u003e\u003cbr\u003e\u003c/b\u003eThe security risk posed by this issue is minimized when the User-ID Terminal Server Agent connectivity is restricted to only trusted internal IP addresses according to our recommended\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/ngfw/help/10-2/user-identification/device-user-identification-terminal-services-agents#:~:text=To%20minimize%20security%20risk%2C%20restrict%20TS%20Agent%20connectivity%20to%20trusted%20internal%20IP%20addresses%20only.\"\u003e best practice deployment guidelines\u003c/a\u003e.\u003cb\u003e\u003cbr\u003e\u003cbr\u003e\u003c/b\u003e\u003cspan\u003ePanorama is not impacted by this vulnerability.\u003c/span\u003e\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "Multiple buffer overflow vulnerabilities in the User-ID Terminal Server Agent (TSA) component of Palo Alto Networks PAN-OS software allow an unauthenticated attacker with network access to cause a denial of service (DoS) condition or potentially execute arbitrary code by sending specially crafted network traffic.\n\nThe security risk posed by this issue is minimized when the User-ID Terminal Server Agent connectivity is restricted to only trusted internal IP addresses according to our recommended best practice deployment guidelines https://docs.paloaltonetworks.com/ngfw/help/10-2/user-identification/device-user-identification-terminal-services-agents#:~:text=To%20minimize%20security%20risk%2C%20restrict%20TS%20Agent%20connectivity%20to%20trusted%20internal%20IP%20addresses%20only. .\n\nPanorama is not impacted by this vulnerability."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Palo Alto Networks is not aware of any malicious exploitation of these issues."
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of these issues."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"exploitMaturity": "UNREPORTED",
"privilegesRequired": "NONE",
"providerUrgency": "RED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:U/AU:N/R:U/V:D/RE:M/U:Red",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "The risk is highest when you configure the User-ID Terminal Server Agent (TSA) IP and port access from the Internet or any untrusted network."
}
]
},
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "ADJACENT",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"exploitMaturity": "UNREPORTED",
"privilegesRequired": "NONE",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:U/AU:N/R:U/V:D/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "You can reduce the risk of exploitation by restricting User-ID Terminal Server Agent (TSA) IP and port access to only trusted internal IP addresses and preventing its exposure to the internet."
}
]
},
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "ADJACENT",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"exploitMaturity": "UNREPORTED",
"privilegesRequired": "LOW",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:U/AU:N/R:U/V:D/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "The risk of exploitation is lower for Prisma Access as it requires an authenticated user and the external network access to the User-ID Terminal Server Agent (TSA) IP and port is restricted."
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T18:48:32.880Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"name": "https://security.paloaltonetworks.com/CVE-2026-PAN-323400",
"url": "https://security.paloaltonetworks.com/"
}
],
"solutions": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ctable\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eVersion\u003cbr\u003e\u003c/th\u003e\u003cth\u003eMinor Version\u003cbr\u003e\u003c/th\u003e\u003cth\u003eSuggested Solution\u003cbr\u003e\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eCloud NGFW\u003c/td\u003e\u003ctd\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003ePAN-OS 12.1\u003cbr\u003e\u003c/td\u003e\n \u003ctd\u003e12.1.5 through 12.1.7-h*\u003c/td\u003e\n \u003ctd\u003eUpgrade to 12.1.7-h2 or 12.1.8 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd\u003e12.1.2 through 12.1.4-h*\u003c/td\u003e\n \u003ctd\u003eUpgrade to 12.1.4-h8 or 12.1.8 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003ePAN-OS 11.2\u003cbr\u003e\u003c/td\u003e\n \u003ctd\u003e11.2.0 through 11.2.12\u003c/td\u003e\n \u003ctd\u003eUpgrade to 11.2.13 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd\u003e11.2.0 through 11.2.10-h*\u003c/td\u003e\n \u003ctd\u003eUpgrade to 11.2.10-h12 or 11.2.13 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd\u003e11.2.0 through 11.2.7-h*\u003c/td\u003e\n \u003ctd\u003eUpgrade to 11.2.7-h18 or 11.2.13 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd\u003e11.2.0 through 11.2.4-h*\u003c/td\u003e\n \u003ctd\u003eUpgrade to 11.2.4-h20 or 11.2.13 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003ePAN-OS 11.1\u003cbr\u003e\u003c/td\u003e\n \u003ctd\u003e11.1.0 through 11.1.15\u003c/td\u003e\n \u003ctd\u003eUpgrade to 11.1.16 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd\u003e11.1.0 through 11.1.13-h*\u003c/td\u003e\n \u003ctd\u003eUpgrade to 11.1.13-h9 or 11.1.16 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd\u003e11.1.0 through 11.1.10-h*\u003c/td\u003e\n \u003ctd\u003eUpgrade to 11.1.10-h30 or 11.1.16 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd\u003e11.1.0 through 11.1.7-h*\u003c/td\u003e\n \u003ctd\u003eUpgrade to 11.1.7-h8 or 11.1.16 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd\u003e11.1.0 through 11.1.6-h*\u003c/td\u003e\n \u003ctd\u003eUpgrade to 11.1.6-h35 or 11.1.16 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd\u003e11.1.0 through 11.1.4-h*\u003c/td\u003e\n \u003ctd\u003eUpgrade to 11.1.4-h35 or 11.1.16 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003ePAN-OS 10.2\u003cbr\u003e\u003c/td\u003e\n \u003ctd\u003e10.2.0 through 10.2.18-h*\u003c/td\u003e\n \u003ctd\u003eUpgrade to 10.2.18-h8 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u0026nbsp;\u003c/td\u003e\u003ctd\u003e10.2.0 through 10.2.16-h*\u003c/td\u003e\u003ctd\u003eUpgrade to 10.2.16-h9 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd\u003e10.2.0 through 10.2.13-h*\u003c/td\u003e\n \u003ctd\u003eUpgrade to 10.2.13-h23 or later.\u003cbr\u003e\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd\u003e10.2.0 through 10.2.10-h*\u003c/td\u003e\n \u003ctd\u003eUpgrade to 10.2.10-h39 or later.\u003cbr\u003e\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd\u003e10.2.0 through 10.2.7-h*\u003c/td\u003e\n \u003ctd\u003eUpgrade to 10.2.7-h36 or later.\u003cbr\u003e\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eAll older\u003cbr\u003eunsupported\u003cbr\u003ePAN-OS versions\u003c/td\u003e\u003ctd\u003e\u0026nbsp;\u003c/td\u003e\u003ctd\u003eUpgrade to a supported fixed version.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003ePrisma Access 11.2\u003cbr\u003e\u003c/td\u003e\n \u003ctd\u003e11.2.0 through 11.2.7\u003c/td\u003e\n \u003ctd\u003eUpgrade to 11.2.7-h18 or later.*\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003ePrisma Access 10.2\u003cbr\u003e\u003c/td\u003e\n \u003ctd\u003e10.2.0 through 10.2.10\u003c/td\u003e\n \u003ctd\u003eUpgrade to 10.2.10-h39 or later.*\u003cbr\u003e\u003c/td\u003e\n \u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cbr\u003e* See the note under Product Status for information regarding Prisma Access upgrades."
}
],
"value": "Version\nMinor Version\nSuggested Solution\nCloud NGFWNo action needed.\n PAN-OS 12.1\n\n 12.1.5 through 12.1.7-h*\n Upgrade to 12.1.7-h2 or 12.1.8 or later.\n \n \n 12.1.2 through 12.1.4-h*\n Upgrade to 12.1.4-h8 or 12.1.8 or later.\n \n PAN-OS 11.2\n\n 11.2.0 through 11.2.12\n Upgrade to 11.2.13 or later.\n \n \n 11.2.0 through 11.2.10-h*\n Upgrade to 11.2.10-h12 or 11.2.13 or later.\n \n \n 11.2.0 through 11.2.7-h*\n Upgrade to 11.2.7-h18 or 11.2.13 or later.\n \n \n 11.2.0 through 11.2.4-h*\n Upgrade to 11.2.4-h20 or 11.2.13 or later.\n \n PAN-OS 11.1\n\n 11.1.0 through 11.1.15\n Upgrade to 11.1.16 or later.\n \n \n 11.1.0 through 11.1.13-h*\n Upgrade to 11.1.13-h9 or 11.1.16 or later.\n \n \n 11.1.0 through 11.1.10-h*\n Upgrade to 11.1.10-h30 or 11.1.16 or later.\n \n \n 11.1.0 through 11.1.7-h*\n Upgrade to 11.1.7-h8 or 11.1.16 or later.\n \n \n 11.1.0 through 11.1.6-h*\n Upgrade to 11.1.6-h35 or 11.1.16 or later.\n \n \n 11.1.0 through 11.1.4-h*\n Upgrade to 11.1.4-h35 or 11.1.16 or later.\n \n PAN-OS 10.2\n\n 10.2.0 through 10.2.18-h*\n Upgrade to 10.2.18-h8 or later.\n \u00a010.2.0 through 10.2.16-h*Upgrade to 10.2.16-h9 or later.\n \n 10.2.0 through 10.2.13-h*\n Upgrade to 10.2.13-h23 or later.\n\n \n \n 10.2.0 through 10.2.10-h*\n Upgrade to 10.2.10-h39 or later.\n\n \n \n 10.2.0 through 10.2.7-h*\n Upgrade to 10.2.7-h36 or later.\n\n All older\nunsupported\nPAN-OS versions\u00a0Upgrade to a supported fixed version.\n Prisma Access 11.2\n\n 11.2.0 through 11.2.7\n Upgrade to 11.2.7-h18 or later.*\n \n Prisma Access 10.2\n\n 10.2.0 through 10.2.10\n Upgrade to 10.2.10-h39 or later.*\n\n \n* See the note under Product Status for information regarding Prisma Access upgrades."
}
],
"source": {
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2026-07-08T16:00:00.000Z",
"value": "Initial publication"
}
],
"title": "PAN-OS: Buffer Overflow Vulnerabilities in User-ID Terminal Server Agent",
"workarounds": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe vast majority of firewalls already follow Palo Alto Networks\u0027 and industry best practices. However, if you have not already, we strongly recommend that you restrict your User-ID Terminal Server Agent connectivity to only trusted internal IP addresses according to our\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/ngfw/help/10-2/user-identification/device-user-identification-terminal-services-agents#:~:text=To%20minimize%20security%20risk%2C%20restrict%20TS%20Agent%20connectivity%20to%20trusted%20internal%20IP%20addresses%20only.\"\u003ebest practice deployment guidelines\u003c/a\u003e\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "The vast majority of firewalls already follow Palo Alto Networks\u0027 and industry best practices. However, if you have not already, we strongly recommend that you restrict your User-ID Terminal Server Agent connectivity to only trusted internal IP addresses according to our\u00a0 best practice deployment guidelines https://docs.paloaltonetworks.com/ngfw/help/10-2/user-identification/device-user-identification-terminal-services-agents#:~:text=To%20minimize%20security%20risk%2C%20restrict%20TS%20Agent%20connectivity%20to%20trusted%20internal%20IP%20addresses%20only."
}
],
"x_affectedList": [
"PAN-OS 12.1.7",
"PAN-OS 12.1.6",
"PAN-OS 12.1.5",
"PAN-OS 12.1.4-h6",
"PAN-OS 12.1.4-h5",
"PAN-OS 12.1.4-h3",
"PAN-OS 12.1.4-h2",
"PAN-OS 12.1.4",
"PAN-OS 12.1.3-h3",
"PAN-OS 12.1.3-h1",
"PAN-OS 12.1.3",
"PAN-OS 12.1.2",
"PAN-OS 11.2.12",
"PAN-OS 11.2.11",
"PAN-OS 11.2.10-h8",
"PAN-OS 11.2.10-h7",
"PAN-OS 11.2.10-h6",
"PAN-OS 11.2.10-h5",
"PAN-OS 11.2.10-h4",
"PAN-OS 11.2.10-h3",
"PAN-OS 11.2.10-h2",
"PAN-OS 11.2.10-h1",
"PAN-OS 11.2.10",
"PAN-OS 11.2.9",
"PAN-OS 11.2.8",
"PAN-OS 11.2.7-h15",
"PAN-OS 11.2.7-h14",
"PAN-OS 11.2.7-h13",
"PAN-OS 11.2.7-h12",
"PAN-OS 11.2.7-h11",
"PAN-OS 11.2.7-h10",
"PAN-OS 11.2.7-h8",
"PAN-OS 11.2.7-h7",
"PAN-OS 11.2.7-h4",
"PAN-OS 11.2.7-h3",
"PAN-OS 11.2.7-h2",
"PAN-OS 11.2.7-h1",
"PAN-OS 11.2.7",
"PAN-OS 11.2.6",
"PAN-OS 11.2.5",
"PAN-OS 11.2.4-h17",
"PAN-OS 11.2.4-h15",
"PAN-OS 11.2.4-h14",
"PAN-OS 11.2.4-h12",
"PAN-OS 11.2.4-h11",
"PAN-OS 11.2.4-h10",
"PAN-OS 11.2.4-h9",
"PAN-OS 11.2.4-h8",
"PAN-OS 11.2.4-h7",
"PAN-OS 11.2.4-h6",
"PAN-OS 11.2.4-h5",
"PAN-OS 11.2.4-h4",
"PAN-OS 11.2.4-h3",
"PAN-OS 11.2.4-h2",
"PAN-OS 11.2.4-h1",
"PAN-OS 11.2.4",
"PAN-OS 11.2.3-h5",
"PAN-OS 11.2.3-h4",
"PAN-OS 11.2.3-h3",
"PAN-OS 11.2.3-h2",
"PAN-OS 11.2.3-h1",
"PAN-OS 11.2.3",
"PAN-OS 11.2.2-h2",
"PAN-OS 11.2.2-h1",
"PAN-OS 11.2.1-h1",
"PAN-OS 11.2.1",
"PAN-OS 11.2.0-h1",
"PAN-OS 11.2.0",
"PAN-OS 11.1.15",
"PAN-OS 11.1.14",
"PAN-OS 11.1.13-h6",
"PAN-OS 11.1.13-h5",
"PAN-OS 11.1.13-h3",
"PAN-OS 11.1.13-h2",
"PAN-OS 11.1.13-h1",
"PAN-OS 11.1.13",
"PAN-OS 11.1.12",
"PAN-OS 11.1.11",
"PAN-OS 11.1.10-h26",
"PAN-OS 11.1.10-h25",
"PAN-OS 11.1.10-h21",
"PAN-OS 11.1.10-h12",
"PAN-OS 11.1.10-h10",
"PAN-OS 11.1.10-h9",
"PAN-OS 11.1.10-h7",
"PAN-OS 11.1.10-h5",
"PAN-OS 11.1.10-h4",
"PAN-OS 11.1.10-h1",
"PAN-OS 11.1.10",
"PAN-OS 11.1.9",
"PAN-OS 11.1.8",
"PAN-OS 11.1.6-h32",
"PAN-OS 11.1.6-h29",
"PAN-OS 11.1.6-h25",
"PAN-OS 11.1.6-h23",
"PAN-OS 11.1.6-h22",
"PAN-OS 11.1.6-h21",
"PAN-OS 11.1.6-h20",
"PAN-OS 11.1.6-h19",
"PAN-OS 11.1.6-h18",
"PAN-OS 11.1.6-h17",
"PAN-OS 11.1.6-h14",
"PAN-OS 11.1.6-h10",
"PAN-OS 11.1.6-h7",
"PAN-OS 11.1.6-h6",
"PAN-OS 11.1.6-h4",
"PAN-OS 11.1.6-h3",
"PAN-OS 11.1.6-h2",
"PAN-OS 11.1.6-h1",
"PAN-OS 11.1.6",
"PAN-OS 11.1.5-h1",
"PAN-OS 11.1.5",
"PAN-OS 11.1.4-h33",
"PAN-OS 11.1.4-h32",
"PAN-OS 11.1.4-h27",
"PAN-OS 11.1.4-h25",
"PAN-OS 11.1.4-h18",
"PAN-OS 11.1.4-h17",
"PAN-OS 11.1.4-h15",
"PAN-OS 11.1.4-h13",
"PAN-OS 11.1.4-h12",
"PAN-OS 11.1.4-h11",
"PAN-OS 11.1.4-h10",
"PAN-OS 11.1.4-h9",
"PAN-OS 11.1.4-h8",
"PAN-OS 11.1.4-h7",
"PAN-OS 11.1.4-h6",
"PAN-OS 11.1.4-h5",
"PAN-OS 11.1.4-h4",
"PAN-OS 11.1.4-h3",
"PAN-OS 11.1.4-h2",
"PAN-OS 11.1.4-h1",
"PAN-OS 11.1.4",
"PAN-OS 11.1.3-h13",
"PAN-OS 11.1.3-h12",
"PAN-OS 11.1.3-h11",
"PAN-OS 11.1.3-h10",
"PAN-OS 11.1.3-h9",
"PAN-OS 11.1.3-h8",
"PAN-OS 11.1.3-h7",
"PAN-OS 11.1.3-h6",
"PAN-OS 11.1.3-h5",
"PAN-OS 11.1.3-h4",
"PAN-OS 11.1.3-h3",
"PAN-OS 11.1.3-h2",
"PAN-OS 11.1.3-h1",
"PAN-OS 11.1.3",
"PAN-OS 11.1.2-h18",
"PAN-OS 11.1.2-h17",
"PAN-OS 11.1.2-h16",
"PAN-OS 11.1.2-h15",
"PAN-OS 11.1.2-h14",
"PAN-OS 11.1.2-h13",
"PAN-OS 11.1.2-h12",
"PAN-OS 11.1.2-h11",
"PAN-OS 11.1.2-h10",
"PAN-OS 11.1.2-h9",
"PAN-OS 11.1.2-h8",
"PAN-OS 11.1.2-h7",
"PAN-OS 11.1.2-h6",
"PAN-OS 11.1.2-h5",
"PAN-OS 11.1.2-h4",
"PAN-OS 11.1.2-h3",
"PAN-OS 11.1.2-h2",
"PAN-OS 11.1.2-h1",
"PAN-OS 11.1.2",
"PAN-OS 11.1.1-h2",
"PAN-OS 11.1.1-h1",
"PAN-OS 11.1.1",
"PAN-OS 11.1.0-h4",
"PAN-OS 11.1.0-h3",
"PAN-OS 11.1.0-h2",
"PAN-OS 11.1.0-h1",
"PAN-OS 11.1.0",
"PAN-OS 10.2.18-h6",
"PAN-OS 10.2.18-h5",
"PAN-OS 10.2.18-h1",
"PAN-OS 10.2.18",
"PAN-OS 10.2.17",
"PAN-OS 10.2.16-h7",
"PAN-OS 10.2.16-h6",
"PAN-OS 10.2.16-h4",
"PAN-OS 10.2.16-h1",
"PAN-OS 10.2.16",
"PAN-OS 10.2.15",
"PAN-OS 10.2.14-h1",
"PAN-OS 10.2.14",
"PAN-OS 10.2.13-h21",
"PAN-OS 10.2.13-h18",
"PAN-OS 10.2.13-h16",
"PAN-OS 10.2.13-h15",
"PAN-OS 10.2.13-h10",
"PAN-OS 10.2.13-h7",
"PAN-OS 10.2.13-h5",
"PAN-OS 10.2.13-h4",
"PAN-OS 10.2.13-h3",
"PAN-OS 10.2.13-h2",
"PAN-OS 10.2.13-h1",
"PAN-OS 10.2.13",
"PAN-OS 10.2.12-h6",
"PAN-OS 10.2.12-h5",
"PAN-OS 10.2.12-h4",
"PAN-OS 10.2.12-h3",
"PAN-OS 10.2.12-h2",
"PAN-OS 10.2.12-h1",
"PAN-OS 10.2.12",
"PAN-OS 10.2.11-h13",
"PAN-OS 10.2.11-h12",
"PAN-OS 10.2.11-h11",
"PAN-OS 10.2.11-h10",
"PAN-OS 10.2.11-h9",
"PAN-OS 10.2.11-h8",
"PAN-OS 10.2.11-h7",
"PAN-OS 10.2.11-h6",
"PAN-OS 10.2.11-h5",
"PAN-OS 10.2.11-h4",
"PAN-OS 10.2.11-h3",
"PAN-OS 10.2.11-h2",
"PAN-OS 10.2.11-h1",
"PAN-OS 10.2.11",
"PAN-OS 10.2.10-h36",
"PAN-OS 10.2.10-h31",
"PAN-OS 10.2.10-h30",
"PAN-OS 10.2.10-h27",
"PAN-OS 10.2.10-h26",
"PAN-OS 10.2.10-h23",
"PAN-OS 10.2.10-h21",
"PAN-OS 10.2.10-h18",
"PAN-OS 10.2.10-h17",
"PAN-OS 10.2.10-h14",
"PAN-OS 10.2.10-h13",
"PAN-OS 10.2.10-h12",
"PAN-OS 10.2.10-h11",
"PAN-OS 10.2.10-h10",
"PAN-OS 10.2.10-h9",
"PAN-OS 10.2.10-h8",
"PAN-OS 10.2.10-h7",
"PAN-OS 10.2.10-h6",
"PAN-OS 10.2.10-h5",
"PAN-OS 10.2.10-h4",
"PAN-OS 10.2.10-h3",
"PAN-OS 10.2.10-h2",
"PAN-OS 10.2.10-h1",
"PAN-OS 10.2.10",
"PAN-OS 10.2.9-h21",
"PAN-OS 10.2.9-h20",
"PAN-OS 10.2.9-h19",
"PAN-OS 10.2.9-h18",
"PAN-OS 10.2.9-h17",
"PAN-OS 10.2.9-h16",
"PAN-OS 10.2.9-h15",
"PAN-OS 10.2.9-h14",
"PAN-OS 10.2.9-h13",
"PAN-OS 10.2.9-h12",
"PAN-OS 10.2.9-h11",
"PAN-OS 10.2.9-h10",
"PAN-OS 10.2.9-h9",
"PAN-OS 10.2.9-h8",
"PAN-OS 10.2.9-h7",
"PAN-OS 10.2.9-h6",
"PAN-OS 10.2.9-h5",
"PAN-OS 10.2.9-h4",
"PAN-OS 10.2.9-h3",
"PAN-OS 10.2.9-h2",
"PAN-OS 10.2.9-h1",
"PAN-OS 10.2.9",
"PAN-OS 10.2.8-h21",
"PAN-OS 10.2.8-h20",
"PAN-OS 10.2.8-h19",
"PAN-OS 10.2.8-h18",
"PAN-OS 10.2.8-h17",
"PAN-OS 10.2.8-h16",
"PAN-OS 10.2.8-h15",
"PAN-OS 10.2.8-h14",
"PAN-OS 10.2.8-h13",
"PAN-OS 10.2.8-h12",
"PAN-OS 10.2.8-h11",
"PAN-OS 10.2.8-h10",
"PAN-OS 10.2.8-h9",
"PAN-OS 10.2.8-h8",
"PAN-OS 10.2.8-h7",
"PAN-OS 10.2.8-h6",
"PAN-OS 10.2.8-h5",
"PAN-OS 10.2.8-h4",
"PAN-OS 10.2.8-h3",
"PAN-OS 10.2.8-h2",
"PAN-OS 10.2.8-h1",
"PAN-OS 10.2.8",
"PAN-OS 10.2.7-h34",
"PAN-OS 10.2.7-h32",
"PAN-OS 10.2.7-h24",
"PAN-OS 10.2.7-h23",
"PAN-OS 10.2.7-h22",
"PAN-OS 10.2.7-h21",
"PAN-OS 10.2.7-h20",
"PAN-OS 10.2.7-h19",
"PAN-OS 10.2.7-h18",
"PAN-OS 10.2.7-h17",
"PAN-OS 10.2.7-h16",
"PAN-OS 10.2.7-h15",
"PAN-OS 10.2.7-h14",
"PAN-OS 10.2.7-h13",
"PAN-OS 10.2.7-h12",
"PAN-OS 10.2.7-h11",
"PAN-OS 10.2.7-h10",
"PAN-OS 10.2.7-h9",
"PAN-OS 10.2.7-h8",
"PAN-OS 10.2.7-h7",
"PAN-OS 10.2.7-h6",
"PAN-OS 10.2.7-h5",
"PAN-OS 10.2.7-h4",
"PAN-OS 10.2.7-h3",
"PAN-OS 10.2.7-h2",
"PAN-OS 10.2.7-h1",
"PAN-OS 10.2.7",
"PAN-OS 10.2.6-h6",
"PAN-OS 10.2.6-h5",
"PAN-OS 10.2.6-h4",
"PAN-OS 10.2.6-h3",
"PAN-OS 10.2.6-h2",
"PAN-OS 10.2.6-h1",
"PAN-OS 10.2.6",
"PAN-OS 10.2.5-h9",
"PAN-OS 10.2.5-h8",
"PAN-OS 10.2.5-h7",
"PAN-OS 10.2.5-h6",
"PAN-OS 10.2.5-h5",
"PAN-OS 10.2.5-h4",
"PAN-OS 10.2.5-h3",
"PAN-OS 10.2.5-h2",
"PAN-OS 10.2.5-h1",
"PAN-OS 10.2.5",
"PAN-OS 10.2.4-h32",
"PAN-OS 10.2.4-h31",
"PAN-OS 10.2.4-h30",
"PAN-OS 10.2.4-h29",
"PAN-OS 10.2.4-h28",
"PAN-OS 10.2.4-h27",
"PAN-OS 10.2.4-h26",
"PAN-OS 10.2.4-h25",
"PAN-OS 10.2.4-h24",
"PAN-OS 10.2.4-h23",
"PAN-OS 10.2.4-h22",
"PAN-OS 10.2.4-h21",
"PAN-OS 10.2.4-h20",
"PAN-OS 10.2.4-h19",
"PAN-OS 10.2.4-h18",
"PAN-OS 10.2.4-h17",
"PAN-OS 10.2.4-h16",
"PAN-OS 10.2.4-h15",
"PAN-OS 10.2.4-h14",
"PAN-OS 10.2.4-h13",
"PAN-OS 10.2.4-h12",
"PAN-OS 10.2.4-h11",
"PAN-OS 10.2.4-h10",
"PAN-OS 10.2.4-h9",
"PAN-OS 10.2.4-h8",
"PAN-OS 10.2.4-h7",
"PAN-OS 10.2.4-h6",
"PAN-OS 10.2.4-h5",
"PAN-OS 10.2.4-h4",
"PAN-OS 10.2.4-h3",
"PAN-OS 10.2.4-h2",
"PAN-OS 10.2.4-h1",
"PAN-OS 10.2.4",
"PAN-OS 10.2.3-h14",
"PAN-OS 10.2.3-h13",
"PAN-OS 10.2.3-h12",
"PAN-OS 10.2.3-h11",
"PAN-OS 10.2.3-h10",
"PAN-OS 10.2.3-h9",
"PAN-OS 10.2.3-h8",
"PAN-OS 10.2.3-h7",
"PAN-OS 10.2.3-h6",
"PAN-OS 10.2.3-h5",
"PAN-OS 10.2.3-h4",
"PAN-OS 10.2.3-h3",
"PAN-OS 10.2.3-h2",
"PAN-OS 10.2.3-h1",
"PAN-OS 10.2.3",
"PAN-OS 10.2.2-h6",
"PAN-OS 10.2.2-h5",
"PAN-OS 10.2.2-h4",
"PAN-OS 10.2.2-h3",
"PAN-OS 10.2.2-h2",
"PAN-OS 10.2.2-h1",
"PAN-OS 10.2.2",
"PAN-OS 10.2.1-h3",
"PAN-OS 10.2.1-h2",
"PAN-OS 10.2.1-h1",
"PAN-OS 10.2.1",
"PAN-OS 10.2.0-h4",
"PAN-OS 10.2.0-h3",
"PAN-OS 10.2.0-h2",
"PAN-OS 10.2.0-h1",
"PAN-OS 10.2.0"
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2026-0288",
"datePublished": "2026-07-08T20:14:32.405Z",
"dateReserved": "2025-11-03T20:44:46.432Z",
"dateUpdated": "2026-07-09T18:48:32.880Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.