Skip to main content

PAN-OS EUVDEUVD-2026-42681

| CVE-2026-0280 LOW
Incorrect Calculation of Buffer Size (CWE-131)
2026-07-09 psirt@paloaltonetworks.com GHSA-g5c5-368c-hr8j
1.7
CVSS 4.0 · Vendor: paloaltonetworks

Severity by source

Vendor (paloaltonetworks) PRIMARY
1.7 LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:D/RE:M/U:Amber
vuln.today AI
5.4 MEDIUM

AT:P maps to AC:H; scope changes to subsequent systems (S:C) with low C/I impact; no direct firewall impact.

3.1 AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
4.0 AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Primary rating from Vendor (paloaltonetworks).

CVSS VectorVendor: paloaltonetworks

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:D/RE:M/U:Amber
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

2
Patch available
Jul 09, 2026 - 20:01 EUVD
Analysis Generated
Jul 09, 2026 - 19:38 vuln.today

DescriptionCVE.org

An IPv6 packet processing vulnerability in the dataplane of Palo Alto Networks PAN-OS® software enables an unauthenticated attacker to bypass firewall security policy enforcement, allowing network traffic that should be blocked to reach protected services.

Cloud NGFW and Panorama are not impacted by this vulnerability.

AnalysisAI

Security policy bypass in Palo Alto Networks PAN-OS exposes protected services behind the firewall to traffic that should be blocked, exploitable by unauthenticated remote attackers via crafted IPv6 packets targeting the dataplane. The CVSS 4.0 score of 1.7 reflects that direct impact on the firewall itself is nil (VC:N/VI:N/VA:N), with only low-severity downstream effect on subsequent systems (SC:L/SI:L), and specific attack conditions must be present (AT:P). …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Attain IPv6 reachability to PAN-OS dataplane
Exploit
Craft malformed IPv6 packets triggering CWE-131
Execution
Bypass security policy rule evaluation
Impact
Reach protected downstream services

Vulnerability AssessmentAI

Exploitation Exploitation requires that the targeted PAN-OS firewall is processing IPv6 traffic - meaning IPv6 must be enabled and routable through the affected dataplane interface. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Despite being network-accessible with no required privileges or user interaction, the overall risk signal is low. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An unauthenticated attacker on a network segment that can send IPv6 traffic to or through the PAN-OS firewall crafts IPv6 packets that trigger the buffer size miscalculation in the dataplane, causing the packets to be processed outside of normal security policy evaluation. The bypassed traffic reaches protected downstream services that the firewall's rules would otherwise block, potentially enabling lateral movement or access to internal resources. …
Remediation Consult the Palo Alto Networks security advisory at https://security.paloaltonetworks.com/CVE-2026-0280 for the specific patched PAN-OS version, which was not included in the available intelligence data - no exact fix version can be cited without independent confirmation from the advisory. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

More in Pan Os

View all
CVE-2025-0108 HIGH POC
8.8 Feb 12

Palo Alto Networks PAN-OS management web interface contains an authentication bypass allowing unauthenticated attackers

CVE-2016-4971 HIGH POC
8.8 Jun 30

GNU wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted F

CVE-2016-9150 CRITICAL POC
9.8 Nov 19

Buffer overflow in the management web interface in Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x b

CVE-2016-8610 HIGH
7.5 Nov 13

A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL proto

CVE-2025-0111 HIGH
7.1 Feb 12

Palo Alto Networks PAN-OS management interface contains an authenticated file read vulnerability allowing reading of fil

CVE-2024-0012 CRITICAL POC
9.3 Nov 18

An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access t

CVE-2020-2038 HIGH POC
7.2 Sep 09

An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to exe

CVE-2024-9474 MEDIUM POC
6.9 Nov 18

A privilege escalation vulnerability in Palo Alto Networks PAN-OS software allows a PAN-OS administrator with access to

CVE-2020-2036 HIGH POC
8.8 Sep 09

A reflected cross-site scripting (XSS) vulnerability exists in the PAN-OS management web interface. Rated high severity

CVE-2012-6601 CRITICAL
10.0 Aug 31

The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.12, 4.0.x before 4.0.10, and 4.1.x

CVE-2019-1579 HIGH POC
8.1 Jul 19

Remote Code Execution in PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11-h1 and earlier, and PAN-OS 8.1.2 and earlier with Glob

CVE-2017-8390 CRITICAL
9.8 Aug 02

The DNS Proxy in Palo Alto Networks PAN-OS before 6.1.18, 7.x before 7.0.16, 7.1.x before 7.1.11, and 8.x before 8.0.3 a

Share

EUVD-2026-42681 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy