Skip to main content

PAN-OS CVE-2026-0264

| EUVDEUVD-2026-30065 HIGH
Heap-based Buffer Overflow (CWE-122)
2026-05-13 palo_alto GHSA-99hw-j87x-3cgm
7.2
CVSS 4.0 · Vendor: palo_alto
Share

Severity by source

Vendor (palo_alto) PRIMARY
7.2 HIGH
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:C/RE:H/U:Red

Primary rating from Vendor (palo_alto) · only source for this CVE.

CVSS VectorVendor: palo_alto

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:C/RE:H/U:Red
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

4
Analysis Generated
Jun 08, 2026 - 08:47 vuln.today
Patch available
May 13, 2026 - 19:17 EUVD
CVSS changed
May 13, 2026 - 18:22 NVD
7.2 (HIGH)
CVE Published
May 13, 2026 - 17:40 nvd
HIGH 7.2

DescriptionCVE.org

A buffer overflow vulnerability in the DNS proxy and DNS Server features of Palo Alto Networks PAN-OS® Software allows an unauthenticated attacker with network access to cause a denial of service (DoS) condition (all PAN-OS platforms except Cloud NGFW and Prisma Access) or potentially execute arbitrary code by sending specially crafted network traffic (PA-Series hardware only).

Panorama, Cloud NGFW, and Prisma® Access are not impacted by this vulnerability.

AnalysisAI

Heap-based buffer overflow in the DNS proxy and DNS Server features of Palo Alto Networks PAN-OS allows unauthenticated remote attackers to trigger a denial-of-service condition across all PAN-OS platforms (except Cloud NGFW and Prisma Access) and potentially achieve arbitrary code execution on PA-Series hardware appliances via specially crafted network traffic. The flaw is rated CVSS 7.2 with high attack complexity; no public exploit identified at time of analysis and EPSS is 0.07%, but the technical impact is rated total by SSVC.

Technical ContextAI

PAN-OS is the operating system underpinning Palo Alto Networks next-generation firewalls and runs DNS proxy/server services that intercept and forward DNS traffic for security inspection and policy enforcement. The vulnerability is classified as CWE-122 (heap-based buffer overflow), indicating that malformed DNS-formatted input is parsed into a heap-allocated buffer without proper bounds checking, allowing out-of-bounds writes that corrupt adjacent heap metadata or object pointers. On PA-Series hardware, the underlying memory layout and DNS daemon process privileges permit the corruption to be steered toward arbitrary code execution, whereas on virtual/cloud-based PAN-OS deployments (excluding Cloud NGFW and Prisma Access, which are explicitly unaffected) the same overflow is reachable but only demonstrably leads to service crash and DoS. CPE coverage references palo_alto_networks:pan-os, with Cloud NGFW and Prisma Access CPEs listed only to mark them as out of scope.

RemediationAI

Vendor-released patch: upgrade PAN-OS to the fixed train applicable to your branch - 10.2.18-h6 (or the listed hotfix for earlier 10.2.x maintenance trains), 11.1.15 (or the listed 11.1.x hotfixes), 11.2.12 (or the listed 11.2.x hotfixes), or 12.1.7 / 12.1.4-h5, per the Palo Alto advisory at https://security.paloaltonetworks.com/CVE-2026-0264. As a compensating control until patching, disable the DNS proxy and DNS Server features on affected PAN-OS devices via Network > DNS Proxy and the relevant security profile / Device > Setup > Services configuration - this eliminates the attack surface but breaks any internal DNS forwarding, DNS sinkhole, and DNS-based content inspection workflows that depend on those features. Where disabling is not viable, restrict inbound reachability to the firewall's DNS proxy/server interfaces using upstream ACLs so only trusted resolvers can deliver DNS traffic to those listeners, accepting that this still leaves the attack surface exposed to any compromised upstream resolver. Panorama, Cloud NGFW, and Prisma Access require no action. Cross-reference: https://nvd.nist.gov/vuln/detail/CVE-2026-0264 and https://vuldb.com/vuln/363661.

CVE-2026-0265 HIGH
7.2 May 13

Authentication bypass in Palo Alto Networks PAN-OS allows unauthenticated network attackers to circumvent authentication

CVE-2026-0263 HIGH
7.2 May 13

Remote code execution and denial-of-service in Palo Alto Networks PAN-OS software stems from a buffer overflow in the IK

CVE-2026-0287 MEDIUM
6.6 Jul 09

Denial of service conditions in Palo Alto Networks PAN-OS allow unauthenticated network attackers to crash firewall data

CVE-2026-0262 MEDIUM
6.6 May 13

Multiple denial-of-service conditions in Palo Alto Networks PAN-OS allow unauthenticated remote attackers to crash or de

CVE-2026-0273 MEDIUM
6.1 Jun 10

Command injection in Palo Alto Networks PAN-OS enables an authenticated administrator to escape system-enforced restrict

CVE-2026-0261 MEDIUM
6.1 May 13

Multiple command injection vulnerabilities in Palo Alto Networks PAN-OS allow an authenticated administrator to escape s

CVE-2026-0272 MEDIUM
6.0 Jun 10

Privilege escalation in Palo Alto Networks PAN-OS on PA-Series and VM-Series firewalls and Panorama appliances allows an

CVE-2026-0258 MEDIUM
4.8 May 13

Server-side request forgery in the IKEv2 implementation of Palo Alto Networks PAN-OS allows unauthenticated remote attac

CVE-2026-0269 MEDIUM
4.6 Jun 10

Memory corruption in PAN-OS tunnel traffic processing allows an authenticated, adjacent-network attacker to force the fi

CVE-2026-0256 MEDIUM
4.4 May 13

Stored cross-site scripting in Palo Alto Networks PAN-OS® web interface allows a malicious authenticated administrator t

CVE-2026-0266 LOW
1.1 Jun 10

Stored cross-site scripting in Palo Alto Networks PAN-OS allows a malicious authenticated administrator to persist a Jav

Share

CVE-2026-0264 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy