Skip to main content

PAN-OS EUVDEUVD-2026-42677

| CVE-2026-0284 MEDIUM
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') (CWE-74)
2026-07-09 psirt@paloaltonetworks.com GHSA-9whw-75p3-6rp9
4.7
CVSS 4.0 · Vendor: paloaltonetworks
Share

Severity by source

Vendor (paloaltonetworks) PRIMARY
4.7 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:H/SI:L/SA:L/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:A/V:D/RE:M/U:Amber
vuln.today AI
7.2 HIGH

Unauthenticated network access to LSVPN endpoint with scope change to satellite systems; limited C and I impact, no availability effect.

3.1 AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:H/SI:L/SA:L

Primary rating from Vendor (paloaltonetworks).

CVSS VectorVendor: paloaltonetworks

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:H/SI:L/SA:L/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:A/V:D/RE:M/U:Amber
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

3
Patch available
Jul 09, 2026 - 20:01 EUVD
Analysis Generated
Jul 09, 2026 - 19:44 vuln.today
CVE Published
Jul 09, 2026 - 19:17 cve.org
MEDIUM 4.7

DescriptionCVE.org

An XML injection vulnerability in the Large Scale VPN (LSVPN) functionality of Palo Alto Networks PAN-OS® software enables an unauthenticated attacker with network access to inject malicious XML content, potentially leading to information disclosure or corruption of internal LSVPN satellite data.

Panorama, Cloud NGFW, and Prisma® Access are not impacted by this vulnerability.

AnalysisAI

XML injection in Palo Alto Networks PAN-OS Large Scale VPN (LSVPN) exposes unauthenticated remote attackers a path to inject malicious XML content into the LSVPN data pipeline, resulting in information disclosure or corruption of internal satellite configuration data. Only PAN-OS devices with LSVPN actively configured are affected; the vendor explicitly confirms Panorama, Cloud NGFW, and Prisma Access are not in scope. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify PAN-OS gateway with LSVPN enabled
Exploit
Send crafted XML payload to satellite-facing endpoint
Execution
Inject malicious XML past server-side validation
Impact
Extract or corrupt internal LSVPN satellite data

Vulnerability AssessmentAI

Exploitation Exploitation requires that the target PAN-OS device has the Large Scale VPN (LSVPN) feature explicitly enabled and configured - LSVPN is not a default PAN-OS configuration and must be deliberately provisioned for hub-and-spoke VPN deployments. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 score of 4.7 (Medium) captures the tension between a frictionless attack surface and limited direct impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An unauthenticated attacker with network access to a PAN-OS gateway's LSVPN interface crafts an HTTP or HTTPS request embedding malicious XML payload targeting the satellite registration or data-exchange endpoint. The injected XML elements manipulate the server-side document structure, enabling the attacker to extract internal satellite configuration records - such as network topology or credential data - or to introduce corrupt entries into the satellite registry that could propagate misconfiguration across the LSVPN fabric. …
Remediation Apply the PAN-OS patch identified in the Palo Alto Networks security advisory at https://security.paloaltonetworks.com/CVE-2026-0284; no specific fix version was present in the available intelligence data and must be confirmed there before deployment. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

More in Pan Os

View all
CVE-2025-0108 HIGH POC
8.8 Feb 12

Palo Alto Networks PAN-OS management web interface contains an authentication bypass allowing unauthenticated attackers

CVE-2016-4971 HIGH POC
8.8 Jun 30

GNU wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted F

CVE-2016-9150 CRITICAL POC
9.8 Nov 19

Buffer overflow in the management web interface in Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x b

CVE-2016-8610 HIGH
7.5 Nov 13

A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL proto

CVE-2025-0111 HIGH
7.1 Feb 12

Palo Alto Networks PAN-OS management interface contains an authenticated file read vulnerability allowing reading of fil

CVE-2024-0012 CRITICAL POC
9.3 Nov 18

An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access t

CVE-2020-2038 HIGH POC
7.2 Sep 09

An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to exe

CVE-2024-9474 MEDIUM POC
6.9 Nov 18

A privilege escalation vulnerability in Palo Alto Networks PAN-OS software allows a PAN-OS administrator with access to

CVE-2020-2036 HIGH POC
8.8 Sep 09

A reflected cross-site scripting (XSS) vulnerability exists in the PAN-OS management web interface. Rated high severity

CVE-2012-6601 CRITICAL
10.0 Aug 31

The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.12, 4.0.x before 4.0.10, and 4.1.x

CVE-2019-1579 HIGH POC
8.1 Jul 19

Remote Code Execution in PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11-h1 and earlier, and PAN-OS 8.1.2 and earlier with Glob

CVE-2017-8390 CRITICAL
9.8 Aug 02

The DNS Proxy in Palo Alto Networks PAN-OS before 6.1.18, 7.x before 7.0.16, 7.1.x before 7.1.11, and 8.x before 8.0.3 a

Share

EUVD-2026-42677 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy