Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:H/SI:L/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber
Network-reachable auth bypass with no privileges; scope changes because unauthorized VPN membership yields high confidentiality access to subsequent internal network systems.
Primary rating from Vendor (paloaltonetworks).
CVSS VectorVendor: paloaltonetworks
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:H/SI:L/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber
Lifecycle Timeline
3DescriptionCVE.org
An authentication bypass vulnerability in Large Scale VPN ( LSVPN) functionality of Palo Alto Networks PAN-OS software allows an attacker with network access to bypass security restrictions and establish an unauthorized site-to-site VPN connection.
Panorama, Cloud NGFW, and Prisma® Access are not impacted by this vulnerability.
AnalysisAI
Authentication bypass in the Large Scale VPN (LSVPN) feature of Palo Alto Networks PAN-OS enables unauthenticated network-adjacent attackers to establish unauthorized site-to-site VPN connections without valid credentials. The root cause is CWE-306 (Missing Authentication for Critical Function), where the LSVPN peer negotiation process fails to enforce authentication before allowing VPN tunnel establishment. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires: (1) the target PAN-OS device has the Large Scale VPN (LSVPN) feature configured and active - devices not running LSVPN are not exposed; (2) the attacker has network-level reachability to the LSVPN hub interface, typically the internet-facing or branch-facing interface of the firewall; (3) no valid credentials or pre-established PKI trust are required (PR:N, CWE-306 confirms missing authentication). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 score of 4.5 is deceptively low for what is functionally an unauthenticated network bypass of a perimeter security control. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker with network access to the LSVPN hub interface on a PAN-OS device sends a crafted VPN peer initiation request that bypasses the missing authentication check. The attacker's system is accepted as a legitimate LSVPN spoke, joining the VPN overlay network. … |
| Remediation | The primary remediation is to apply the vendor-released patch once Palo Alto Networks publishes it via the advisory at https://security.paloaltonetworks.com/CVE-2026-0283 - no specific fixed PAN-OS version number was included in the available input data and one should not be assumed. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Palo Alto Networks PAN-OS management web interface contains an authentication bypass allowing unauthenticated attackers
GNU wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted F
Buffer overflow in the management web interface in Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x b
A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL proto
Palo Alto Networks PAN-OS management interface contains an authenticated file read vulnerability allowing reading of fil
An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access t
An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to exe
A privilege escalation vulnerability in Palo Alto Networks PAN-OS software allows a PAN-OS administrator with access to
A reflected cross-site scripting (XSS) vulnerability exists in the PAN-OS management web interface. Rated high severity
The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.12, 4.0.x before 4.0.10, and 4.1.x
Remote Code Execution in PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11-h1 and earlier, and PAN-OS 8.1.2 and earlier with Glob
The DNS Proxy in Palo Alto Networks PAN-OS before 6.1.18, 7.x before 7.0.16, 7.1.x before 7.1.11, and 8.x before 8.0.3 a
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-42678
GHSA-jmqp-7m5h-wrr8