Skip to main content

Palo Alto PAN-OS CVE-2026-0287

| EUVDEUVD-2026-42672 MEDIUM
Improper Check for Unusual or Exceptional Conditions (CWE-754)
2026-07-09 psirt@paloaltonetworks.com GHSA-8r6w-7h78-4w2j
6.6
CVSS 4.0 · Vendor: paloaltonetworks
Share

Severity by source

Vendor (paloaltonetworks) PRIMARY
6.6 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:M/U:Amber
vuln.today AI
7.5 HIGH

Network-accessible, no auth required, no interaction; impact is solely high availability loss with no confidentiality or integrity effect.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (paloaltonetworks).

CVSS VectorVendor: paloaltonetworks

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:M/U:Amber
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

3
Patch available
Jul 09, 2026 - 20:01 EUVD
Analysis Generated
Jul 09, 2026 - 19:47 vuln.today
CVE Published
Jul 09, 2026 - 19:17 cve.org
MEDIUM 6.6

DescriptionCVE.org

Multiple denial of service vulnerabilities in Palo Alto Networks PAN-OS® software allow an unauthenticated attacker with network access to cause a denial of service (DoS) condition by sending specially crafted network traffic to or through a dataplane interface. Repeated attempts to trigger this condition result in the firewall entering maintenance mode.

Panorama is not impacted by these vulnerabilities.

AnalysisAI

Denial of service conditions in Palo Alto Networks PAN-OS allow unauthenticated network attackers to crash firewall dataplane processes by sending specially crafted traffic to or through a dataplane interface. Repeated exploitation escalates the impact: the firewall is forced into maintenance mode, effectively taking the security appliance offline and disrupting all traffic enforcement. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify internet-exposed PAN-OS dataplane interface
Delivery
Craft malformed/exceptional network packets
Exploit
Send repeated traffic to dataplane
Execution
Trigger CWE-754 improper condition handling
Persist
Exhaust dataplane process
Impact
Firewall enters maintenance mode

Vulnerability AssessmentAI

Exploitation The attacker must have network-level reachability to a PAN-OS dataplane interface - either directly (internet-facing deployment) or from an adjacent network segment. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 score of 6.6 (Medium) reflects the limited impact scope - only availability is affected (VA:H), with no confidentiality or integrity impact on either the vulnerable or subsequent systems. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An unauthenticated attacker with network reachability to a PAN-OS dataplane interface crafts and sends specially structured network packets designed to trigger unhandled exceptional conditions in the dataplane processing pipeline. A single interaction may cause a service disruption; repeated delivery of such traffic forces the firewall into maintenance mode, taking the appliance fully offline and creating a network security gap that the attacker or a coordinated party can exploit for lateral movement.
Remediation The primary remediation is to apply the PAN-OS patch versions identified in the Palo Alto Networks security advisory at https://security.paloaltonetworks.com/CVE-2026-0287. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-0265 HIGH
7.2 May 13

Authentication bypass in Palo Alto Networks PAN-OS allows unauthenticated network attackers to circumvent authentication

CVE-2026-0264 HIGH
7.2 May 13

Heap-based buffer overflow in the DNS proxy and DNS Server features of Palo Alto Networks PAN-OS allows unauthenticated

CVE-2026-0263 HIGH
7.2 May 13

Remote code execution and denial-of-service in Palo Alto Networks PAN-OS software stems from a buffer overflow in the IK

CVE-2026-0262 MEDIUM
6.6 May 13

Multiple denial-of-service conditions in Palo Alto Networks PAN-OS allow unauthenticated remote attackers to crash or de

CVE-2026-0273 MEDIUM
6.1 Jun 10

Command injection in Palo Alto Networks PAN-OS enables an authenticated administrator to escape system-enforced restrict

CVE-2026-0261 MEDIUM
6.1 May 13

Multiple command injection vulnerabilities in Palo Alto Networks PAN-OS allow an authenticated administrator to escape s

CVE-2026-0272 MEDIUM
6.0 Jun 10

Privilege escalation in Palo Alto Networks PAN-OS on PA-Series and VM-Series firewalls and Panorama appliances allows an

CVE-2026-0258 MEDIUM
4.8 May 13

Server-side request forgery in the IKEv2 implementation of Palo Alto Networks PAN-OS allows unauthenticated remote attac

CVE-2026-0269 MEDIUM
4.6 Jun 10

Memory corruption in PAN-OS tunnel traffic processing allows an authenticated, adjacent-network attacker to force the fi

CVE-2026-0256 MEDIUM
4.4 May 13

Stored cross-site scripting in Palo Alto Networks PAN-OS® web interface allows a malicious authenticated administrator t

CVE-2026-0266 LOW
1.1 Jun 10

Stored cross-site scripting in Palo Alto Networks PAN-OS allows a malicious authenticated administrator to persist a Jav

Share

CVE-2026-0287 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy