Skip to main content
Regulatory Triage ICT Providers

Palo Alto Networks

Network & Security

Period: 7d 14d 30d 90d
5
Open CVEs
1
Exploited
1
KEV
2
Unpatched
2
No Workaround
2
Internet-facing

Why this provider is risky now

This provider has 5 open CVE(s) in the last 90 days. 1 listed in CISA KEV (known exploited). 2 have no vendor patch. 2 affect internet-facing services.

1 KEV 1 Exploited 2 Unpatched 1 Public PoC 2 No Workaround 2 Internet-facing

Top Risky CVEs

CVE-2026-0300
Act Now
Remote code execution in Palo Alto Networks PAN-OS User-ID Authentication Portal (Captive Portal) allows unauthenticated attackers to execute arbitrary code with root privileges on PA-Series and VM-Series firewalls via specially crafted packets. CISA KEV confirms active exploitation in the wild with publicly available exploit code. EPSS risk assessment is not provided, but the vulnerability achieves maximum impact with minimal attack complexity (CVSS 9.3, AV:N/AC:L/PR:N), making this a critical priority for immediate remediation. The attack surface is significantly reduced when access to the portal is restricted to trusted internal networks per vendor best practices.
WITHIN 24 HOURS: (1) Identify all PA-Series and VM-Series firewalls in your environment running PAN-OS versions vulnerable to CVE-2026-0300-contact Palo Alto Networks for affected version list if not yet published; (2) restrict network access to the User-ID Captive Portal to trusted internal management networks only via firewall rules or air-gapping; (3) enable enhanced logging and alerting on portal authentication attempts. WITHIN 7 DAYS: (1) review CISA KEV advisories and Palo Alto Networks security bulletins for confirmed vulnerable versions; (2) test failover/backup appliances if portal restriction is not operationally feasible; (3) establish incident response procedures for potential compromise detection. WITHIN 30 DAYS: apply vendor-released patch immediately upon availability; if no patch window is available, escalate to executive risk review for extended mitigation acceptance or appliance replacement.
Edge exposure ICT dependency Active exploitation KEV PoC Patched
Why flagged?
NIS2 Relevant
  • CRITICAL severity
  • Internet-facing technique: rce
  • Third-party ICT: Palo Alto Networks
  • Exploited in the wild (CISA KEV)
  • Strong evidence (KEV / high EPSS / multi-source)
DORA Relevant
  • CRITICAL severity
  • ICT provider: Palo Alto Networks (Network & Security)
  • Known exploited vulnerability (KEV)
9.3
CVSS
14.9%
EPSS
136
Priority
CVE-2026-0232
This Month
Cortex XDR agent on Windows versions 7.9-CE through 9.0 allows authenticated local administrators to disable the agent through a protection mechanism bypass, enabling malware to operate undetected. The vulnerability requires high privileges and local access, but creates a critical detection evasion vector when exploited by administratively compromised systems or insider threats. No public exploit code or active exploitation has been reported at time of analysis.
ICT dependency Patched
Why flagged?
4.0
CVSS
0.0%
EPSS
20
Priority
CVE-2026-0233
Monitor
Remote code execution in Palo Alto Networks Autonomous Digital Experience Manager on Windows via certificate validation bypass allows unauthenticated attackers with adjacent network access to execute arbitrary code with NT AUTHORITY\SYSTEM privileges. CVSS score is 2.0 but reflects a physical adjacency attack vector (AV:P); real-world risk depends on network topology and whether the manager is exposed on trusted adjacent networks. No public exploit code or active exploitation has been confirmed at time of analysis.
Edge exposure ICT dependency Patched
Why flagged?
2.0
CVSS
0.0%
EPSS
10
Priority
CVE-2026-0230
Monitor
Unpatched
A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on macOS allows a local administrator to disable the agent. This issue could be leveraged by malware to perform malicious activity without detection.
ICT dependency
Why flagged?
0.0%
EPSS
0
Priority
CVE-2026-0231
Monitor
Unpatched
An information disclosure vulnerability in Palo Alto Networks Cortex XDR® Broker VM allows an authenticated user to obtain and modify sensitive information by triggering live terminal session via Cortex UI and modifying any configuration setting.
ICT dependency
Why flagged?
0.0%
EPSS
0
Priority

By Exposure

Internet-facing
2
Mgmt / Admin Plane
0
Identity / Auth
0
Internal only
3

By Exploitability

Known exploited
1
Public PoC
1
High EPSS (>30%)
0
Remote unauthenticated
1
Local only
1

By Remediation

Patch available
3
No patch
2
Workaround available
1
No workaround
2

Affected Services / Product Families

Paloalto
5 CVE(s)
CVE-2026-0230 Unpatched
CVE-2026-0231 Unpatched
CVE-2026-0232 MEDIUM Patched
CVE-2026-0233 LOW Patched
CVE-2026-0300 CRITICAL KEV PoC Patched

Recommended Actions

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy