Skip to main content

Paloalto

363 CVEs vendor

Monthly

CVE-2026-0275 LOW PATCH Monitor

Privilege escalation in Palo Alto Networks Prisma® Browser on macOS enables a locally authenticated administrator with access to the local filesystem to perform actions at root privilege level. The vulnerability is scoped exclusively to macOS deployments of Prisma Browser - no other platforms or Palo Alto products are implicated per the advisory. No public exploit identified at time of analysis; the CVSS 4.0 base score of 2.0 reflects the substantial exploitation prerequisites that materially constrain real-world risk despite the full-system impact potential at root level.

Privilege Escalation Apple Paloalto Prisma Browser
NVD
CVSS 4.0
2.0
EPSS
0.1%
CVE-2026-0287 MEDIUM PATCH This Month

Denial of service conditions in Palo Alto Networks PAN-OS allow unauthenticated network attackers to crash firewall dataplane processes by sending specially crafted traffic to or through a dataplane interface. Repeated exploitation escalates the impact: the firewall is forced into maintenance mode, effectively taking the security appliance offline and disrupting all traffic enforcement. No public exploit code has been identified at time of analysis, and Panorama management infrastructure is explicitly confirmed unaffected.

Denial Of Service Paloalto Cloud Ngfw Pan Os
NVD VulDB
CVSS 4.0
6.6
EPSS
0.5%
CVE-2026-0286 MEDIUM PATCH This Month

Command injection in the Palo Alto Networks PAN-OS management plane allows an authenticated administrator to execute arbitrary OS commands with root privileges on PA-Series, VM-Series, and Panorama appliances. The vulnerability is classified CWE-78 and is reachable via the network-accessible management interface, though the requirement for administrator-level credentials substantially constrains the attacker pool. No public exploit code has been identified at time of analysis, and no active exploitation has been confirmed by CISA KEV.

Command Injection Paloalto Pan Os
NVD VulDB
CVSS 4.0
6.0
EPSS
1.1%
CVE-2026-0285 MEDIUM PATCH This Month

Server-side request forgery in Palo Alto Networks PAN-OS allows an authenticated administrator with access to the management web interface to weaponize the firewall as an unauthorized network relay, making requests to internal services on behalf of the attacker. Exploitation is constrained by the requirement for high-privilege administrator credentials (PR:H) and network reachability to the management interface, substantially limiting the realistic attacker population. No public exploit code or active exploitation has been identified; the vendor's own CVSS 4.0 supplemental metrics rate exploitation status as Unreported (E:U) and urgency as Amber.

SSRF Paloalto Pan Os
NVD VulDB
CVSS 4.0
4.7
EPSS
0.5%
CVE-2026-0276 LOW PATCH Monitor

Privilege escalation in Palo Alto Networks Cortex XDR Broker VM permits locally authenticated users to perform operations as the root user within the appliance. The vulnerability is constrained to the Broker VM itself - the CVSS 4.0 vector (SC:N/SI:N/SA:N) confirms no scope change to subsequent or adjacent systems, limiting the blast radius to the VM appliance. No public exploit exists (E:U) and no CISA KEV listing is present; the vendor-assigned CVSS 4.0 score of 1.1 reflects this low-urgency posture.

Privilege Escalation Paloalto Cortex Xdr Broker Vm
NVD VulDB
CVSS 4.0
1.1
EPSS
0.1%
CVE-2026-0284 MEDIUM PATCH This Month

XML injection in Palo Alto Networks PAN-OS Large Scale VPN (LSVPN) exposes unauthenticated remote attackers a path to inject malicious XML content into the LSVPN data pipeline, resulting in information disclosure or corruption of internal satellite configuration data. Only PAN-OS devices with LSVPN actively configured are affected; the vendor explicitly confirms Panorama, Cloud NGFW, and Prisma Access are not in scope. No public exploit has been identified at time of analysis, and the CVSS 4.0 supplemental E:U metric signals exploitation as currently unlikely, though the zero-authentication, network-accessible attack surface demands prompt attention from operators running LSVPN hub deployments.

Information Disclosure Paloalto Pan Os
NVD VulDB
CVSS 4.0
4.7
EPSS
0.5%
CVE-2026-0283 MEDIUM PATCH This Month

Authentication bypass in the Large Scale VPN (LSVPN) feature of Palo Alto Networks PAN-OS enables unauthenticated network-adjacent attackers to establish unauthorized site-to-site VPN connections without valid credentials. The root cause is CWE-306 (Missing Authentication for Critical Function), where the LSVPN peer negotiation process fails to enforce authentication before allowing VPN tunnel establishment. While the CVSS 4.0 base score is 4.5, the subsequent-system confidentiality impact is rated High (SC:H), reflecting that a successful bypass grants the attacker routing-level access into networks protected by the VPN - a materially greater risk than the headline score suggests. No public exploit code exists and no active exploitation has been confirmed (CISA KEV not listed, E:U).

Authentication Bypass Paloalto Pan Os
NVD VulDB
CVSS 4.0
4.5
EPSS
0.6%
CVE-2026-0282 LOW PATCH Monitor

Unauthenticated file deletion in Palo Alto Networks PAN-OS allows network-reachable attackers to delete files from a temporary directory via the management web interface, affecting PA-Series and VM-Series firewalls and Panorama appliances. Real-world risk is substantially bounded by the vendor's documented best-practice guidance to restrict management interface access to trusted internal IP addresses, which eliminates external attack surface. No public exploit code has been identified, CISA KEV listing is absent, and the vendor-provided CVSS 4.0 score of 2.7 with an E:U supplemental metric reflects no known active exploitation.

Information Disclosure Paloalto Pan Os
NVD VulDB
CVSS 4.0
2.7
EPSS
0.4%
CVE-2026-0281 LOW PATCH Monitor

Web session token theft from PAN-OS management interfaces affects PA-Series and VM-Series firewalls and Panorama deployments, enabling a network-adjacent unauthenticated attacker to hijack authenticated administrator sessions. Exploitation depends on a legitimate management user clicking an attacker-crafted malicious link while an active session exists - a social engineering prerequisite that substantially reduces real-world risk. No public exploit code exists (CVSS 4.0 E:U) and the issue is not listed in CISA KEV; the vendor rates overall CVSS 4.0 severity at 2.1, reflecting these mitigating factors.

Information Disclosure Paloalto Pan Os
NVD VulDB
CVSS 4.0
2.1
EPSS
0.4%
CVE-2026-0280 LOW PATCH Monitor

Security policy bypass in Palo Alto Networks PAN-OS exposes protected services behind the firewall to traffic that should be blocked, exploitable by unauthenticated remote attackers via crafted IPv6 packets targeting the dataplane. The CVSS 4.0 score of 1.7 reflects that direct impact on the firewall itself is nil (VC:N/VI:N/VA:N), with only low-severity downstream effect on subsequent systems (SC:L/SI:L), and specific attack conditions must be present (AT:P). No public exploit code exists and no active exploitation has been reported (E:U), though the automatable flag (AU:Y) indicates the attack could in principle be scripted once conditions are met.

Authentication Bypass Paloalto Pan Os
NVD VulDB
CVSS 4.0
1.7
EPSS
0.5%
CVE-2026-0279 LOW PATCH Monitor

Multiple stored and reflected cross-site scripting vulnerabilities in PAN-OS expose the User-ID Authentication Portal (Captive Portal), GlobalProtect gateway/portal, and Clientless VPN web interfaces to unauthenticated attackers who can inject and execute arbitrary JavaScript in victim browsers. Affected deployments span PA-Series and VM-Series firewalls and Panorama management platforms; Cloud NGFW is explicitly not affected. No public exploit code exists (CVSS 4.0 E:U), and the vendor states risk is substantially reduced - potentially minimized - when portal and management access is restricted to trusted internal IP ranges per Palo Alto's recommended hardening guidelines.

XSS Paloalto Pan Os
NVD VulDB
CVSS 4.0
1.3
EPSS
1.2%
CVE-2026-0288 HIGH PATCH This Week

Memory corruption in the User-ID Terminal Server Agent (TSA) of Palo Alto Networks PAN-OS lets an unauthenticated network attacker crash the service (DoS) or potentially execute arbitrary code by sending crafted traffic to the TSA listener. Multiple out-of-bounds write bugs are involved; the vendor's CVSS 4.0 vector flags the exploit as unproven (E:U), and no public exploit has been identified at time of analysis. Panorama is explicitly not affected, and exposure hinges on whether the optional TSA component is deployed and reachable.

Memory Corruption Paloalto Buffer Overflow Denial Of Service RCE +1
NVD VulDB
CVSS 4.0
7.2
EPSS
0.5%
CVE-2026-0273 MEDIUM PATCH This Month

Command injection in Palo Alto Networks PAN-OS enables an authenticated administrator to escape system-enforced restrictions and execute arbitrary OS commands as root via the CLI or Web UI. Affected deployments include PA-Series and VM-Series firewalls and Panorama (virtual and M-Series); Cloud NGFW and Prisma Access are explicitly excluded per the vendor advisory. No public exploit has been identified at time of analysis, and the CVSS 4.0 score of 6.1 accurately reflects the significant mitigating factor of requiring high-privilege administrative access before exploitation is possible.

Command Injection Paloalto Cloud Ngfw Pan Os Prisma Access
NVD VulDB
CVSS 4.0
6.1
EPSS
0.3%
CVE-2026-0272 MEDIUM PATCH This Month

Privilege escalation in Palo Alto Networks PAN-OS on PA-Series and VM-Series firewalls and Panorama appliances allows an authenticated CLI administrator to perform operations at the root OS level, bypassing intended privilege boundaries through a missing authorization control (CWE-862). The risk is substantially gated by the requirement for existing administrative CLI access (CVSS PR:H), making insider threats and compromised admin credentials the primary real-world attack paths. No public exploits or confirmed active exploitation have been identified at time of analysis, and the vendor's own E:U supplemental metric reinforces the low exploitation urgency - though root-level OS access to a firewall represents a severe impact if the prerequisite is met.

Privilege Escalation Authentication Bypass Paloalto Cloud Ngfw Pan Os +1
NVD VulDB
CVSS 4.0
6.0
EPSS
0.0%
CVE-2026-0271 MEDIUM PATCH This Month

Privilege escalation in Palo Alto Networks Prisma Access Agent on Linux allows a locally authenticated low-privileged user to execute arbitrary code with elevated privileges, achieving full confidentiality, integrity, and availability compromise of the affected system. The vulnerability is rooted in CWE-732 (Incorrect Permission Assignment for Critical Resource) and is strictly scoped to Linux deployments - the Windows, macOS, iOS, Android, and ChromeOS agent variants are confirmed unaffected by the vendor. No public exploit code has been identified at time of analysis, and the CVSS 4.0 supplemental metric E:U (Exploitation Unlikely) further tempers immediate mass-exploitation risk, though the complete local system impact warrants timely patching for multi-user Linux environments.

Microsoft Apple Paloalto Privilege Escalation Google +1
NVD VulDB
CVSS 4.0
5.9
EPSS
0.0%
CVE-2026-0270 MEDIUM PATCH This Month

Path traversal in Palo Alto Networks Cortex XSOAR engine on Linux enables arbitrary file write to the host system by an unauthenticated adjacent-network attacker who can intercept and manipulate outbound network response traffic via MITM. The referenced NVD entry for CVE-2007-4559 - the canonical Python tarfile path traversal - strongly suggests XSOAR's content pack or update download pipeline uses Python's tarfile module without path sanitization, allowing a poisoned archive to escape the extraction directory. No public exploit code has been identified at time of analysis, and the CVSS 4.0 supplemental metrics classify exploitation as unreported (E:U), though the attack is rated automatable (AU:Y) once MITM positioning is achieved.

Path Traversal Paloalto Cortex Xsoar
NVD VulDB
CVSS 4.0
4.8
EPSS
0.0%
CVE-2026-0269 MEDIUM PATCH This Month

Memory corruption in PAN-OS tunnel traffic processing allows an authenticated, adjacent-network attacker to force the firewall into unplanned reboots or maintenance mode via a crafted packet, constituting a denial-of-service against the firewall itself. The CVSS 4.0 vector (AV:A/PR:L/VA:H) confirms the impact is purely availability - no confidentiality or integrity loss - and exploitation requires both authenticated access and adjacency to the tunnel interface. No public exploit code exists and no active exploitation has been reported; the vendor-assigned threat metric (E:U) reinforces that real-world risk is presently low.

Buffer Overflow Paloalto Cloud Ngfw Pan Os Panorama +1
NVD VulDB
CVSS 4.0
4.6
EPSS
0.0%
CVE-2026-0267 MEDIUM PATCH This Month

GlobalProtect app on macOS exposes administrator-configured passcodes - used to restrict disabling, disconnecting, or uninstalling the endpoint agent - to unprivileged local users. A local user who reads the exposed passcode can then bypass endpoint protection controls that are specifically designed to prevent such actions, effectively disabling Palo Alto's endpoint security enforcement on the affected machine. No public exploit exists at time of analysis, and CVSS 4.0 supplemental metrics classify exploitation likelihood as 'Unreported' (E:U), though the impact on security posture is significant given that the passcode mechanism is the primary access control preventing users from circumventing GlobalProtect.

Information Disclosure Apple Paloalto Globalprotect App Globalprotect Uwp App
NVD VulDB
CVSS 4.0
4.4
EPSS
0.0%
CVE-2026-0266 LOW PATCH Monitor

Stored cross-site scripting in Palo Alto Networks PAN-OS allows a malicious authenticated administrator to persist a JavaScript payload via the web management interface, enabling potential execution of that script in the browsers of other administrative users who view the affected interface element. Affected platforms include PA-Series and VM-Series physical and virtual firewalls as well as Panorama (both virtual appliances and M-Series hardware). The CVSS 4.0 base score of 1.1 reflects the extremely constrained exploitability: high-privilege access is a prerequisite and passive user interaction by a second victim is required. No public exploit identified at time of analysis.

XSS Paloalto Cloud Ngfw Pan Os Prisma Access
NVD VulDB
CVSS 4.0
1.1
EPSS
0.0%
CVE-2026-0243 MEDIUM PATCH This Month

Denial of service in Palo Alto Networks Prisma SD-WAN ION devices allows an unauthenticated attacker with adjacent network access to crash or disrupt the device by sending a specially crafted IPv6 packet. The vulnerability (CWE-606) exists across three active release branches of the ION software, with fixed versions available from Palo Alto Networks. No public exploit code exists and no active exploitation has been identified at time of analysis, with EPSS at 0.03% and SSVC confirming exploitation status as none.

Denial Of Service Paloalto Prisma Sd Wan Ion
NVD
CVSS 4.0
4.9
EPSS
0.0%
CVE-2026-0244 MEDIUM PATCH This Month

Improper certificate validation in Palo Alto Networks Prisma SD-WAN ION allows an adjacent-network attacker positioned as a man-in-the-middle to impersonate the SD-WAN controller, achieving high confidentiality, integrity, and availability impact against the vulnerable device. Affected versions span three active release trains (6.3.x, 6.4.x, and 6.5.x), with fixed builds now available from Palo Alto Networks. No public exploit identified at time of analysis, and EPSS sits at 0.00%, but SSVC rates technical impact as total given the controller-impersonation capability.

Paloalto Information Disclosure Prisma Sd Wan Ion
NVD
CVSS 4.0
5.2
EPSS
0.0%
CVE-2026-0246 MEDIUM PATCH This Month

Local privilege escalation in Palo Alto Networks Prisma Access Agent (all versions prior to 26.2.1) allows any locally authenticated non-administrative user to elevate to root on macOS and Linux, or NT AUTHORITY\SYSTEM on Windows, by exploiting a flawed privilege management mechanism. Successful exploitation grants full control of the affected endpoint, enabling arbitrary code execution and unauthorized access to data restricted to privileged accounts. No public exploit exists and the vulnerability is absent from CISA KEV; however, SSVC rates technical impact as total, making patching a meaningful priority for multi-user and enterprise endpoint environments.

Google RCE Apple Paloalto Microsoft +2
NVD
CVSS 4.0
5.9
EPSS
0.0%
CVE-2026-0249 MEDIUM PATCH This Month

Improper certificate validation in Palo Alto Networks GlobalProtect App exposes macOS and Android users to adversary-in-the-middle attacks from locally adjacent network positions, enabling traffic interception and malicious software installation. The flaw allows an unauthenticated attacker on the same subnet - or a local non-administrative OS user - to redirect encrypted VPN communications to a rogue server by bypassing TLS certificate checks. No public exploit has been identified at time of analysis, EPSS is effectively zero, and CISA SSVC rates exploitation as none, though the high confidentiality and integrity impact on the vulnerable component warrants prompt patching on affected platforms.

Apple Paloalto Microsoft Authentication Bypass Globalprotect App
NVD VulDB
CVSS 4.0
4.9
EPSS
0.0%
CVE-2026-0250 MEDIUM PATCH This Month

Buffer overflow in Palo Alto Networks GlobalProtect App (versions 6.0 through 6.3) allows an adjacent-network attacker positioned as a man-in-the-middle to corrupt memory during Portal/Gateway message processing, potentially executing arbitrary code with SYSTEM privileges on affected endpoints. Affected platforms include Windows (including the UWP variant), macOS, and other non-iOS clients; iOS is explicitly excluded by the vendor. No public exploit identified at time of analysis - EPSS stands at 0.01% and SSVC confirms no current exploitation - however the SSVC technical impact rating of 'total' and potential for full SYSTEM-level compromise justify prioritized patching for endpoints connecting from untrusted networks.

Memory Corruption RCE Apple Buffer Overflow Paloalto +2
NVD VulDB
CVSS 4.0
5.2
EPSS
0.0%
CVE-2026-0238 LOW PATCH Monitor

Content injection in Palo Alto Networks Broker VM 30.0 (versions prior to 30.0.24) allows an authenticated administrator with local access to inject arbitrary content into certain administrative fields within the appliance. The vulnerability carries a CVSS 4.0 score of 1.1, reflecting its highly constrained exploitation prerequisites: local access, low-privilege authentication, and limited integrity impact with no confidentiality or availability consequences. No public exploit identified at time of analysis, and SSVC assessment confirms no observed exploitation, making this a low-urgency finding for most organizations.

Paloalto Code Injection Broker Vm
NVD VulDB
CVSS 4.0
1.1
EPSS
0.0%
CVE-2026-0251 MEDIUM PATCH This Month

Local privilege escalation vulnerabilities in Palo Alto Networks GlobalProtect App on Windows, macOS, and Linux allow a low-privileged local user to elevate to NT AUTHORITY\SYSTEM (Windows) or root (macOS/Linux), enabling full OS-level command execution. The root cause is CWE-426 (Untrusted Search Path), where the application resolves executables or libraries from attacker-controllable locations. No public exploit has been identified and CISA SSVC confirms exploitation status as none; however, SSVC rates technical impact as total, reflecting the complete privilege gain achievable upon successful exploitation.

Privilege Escalation Google Apple Microsoft Paloalto +2
NVD VulDB
CVSS 4.0
5.9
EPSS
0.0%
CVE-2026-0256 MEDIUM PATCH This Month

Stored cross-site scripting in Palo Alto Networks PAN-OS® web interface allows a malicious authenticated administrator to inject persistent JavaScript payloads that execute in the browsers of other users who view the affected pages. Affected deployments include PA-Series and VM-Series firewalls and Panorama (virtual and M-Series) running PAN-OS 10.2.x, 11.1.x, 11.2.x, and 12.1.x branches. No active exploitation is confirmed - EPSS stands at 0.04% (13th percentile), SSVC exploitation status is 'none', and no public exploit code has been identified at time of analysis. Vendor-released patches are available for all affected branches.

Paloalto XSS Cloud Ngfw Pan Os Prisma Access
NVD VulDB
CVSS 4.0
4.4
EPSS
0.0%
CVE-2026-0257 HIGH POC KEV PATCH THREAT Act Now

Authentication bypass in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS allows remote attackers to establish unauthorized VPN connections without valid credentials. The flaw is confirmed actively exploited (CISA KEV) and publicly available exploit code exists, though EPSS remains low at 0.05%, suggesting targeted rather than mass exploitation. Panorama and Cloud NGFW deployments are not affected, but PAN-OS firewalls and Prisma Access tenants running vulnerable trains are exposed.

Paloalto Authentication Bypass
NVD VulDB GitHub
CVSS 4.0
7.8
EPSS
0.1%
Threat
4.6
CVE-2026-0235 MEDIUM PATCH This Month

Policy bypass in Palo Alto Networks Prisma® Browser allows a locally authenticated non-admin user to circumvent access and data control policies via a race condition, potentially exposing restricted data with high confidentiality impact to the vulnerable system. Affected versions span all releases prior to 146.16.6.165, per EUVD-2026-30087 and vendor advisory. No active exploitation is confirmed - the vulnerability is absent from CISA KEV, EPSS sits at 0.01% (3rd percentile), and SSVC assessment categorizes exploitation status as none - indicating this is a low-urgency but architecturally meaningful trust boundary weakness in an enterprise browser control product.

Paloalto Authentication Bypass Prisma Browser
NVD VulDB
CVSS 4.0
5.8
EPSS
0.0%
CVE-2026-0258 MEDIUM PATCH This Month

Server-side request forgery in the IKEv2 implementation of Palo Alto Networks PAN-OS allows unauthenticated remote attackers to coerce the firewall into issuing outbound network requests to arbitrary destinations or to trigger a denial-of-service condition. Affected are PAN-OS 10.2, 11.1, 11.2, and 12.1 branch trains; Panorama, Cloud NGFW, and Prisma Access are explicitly confirmed unaffected. No public exploit code has been identified and SSVC assessment confirms no current exploitation, though a vendor-released patch is available across all impacted branches.

Denial Of Service Paloalto SSRF Cloud Ngfw Pan Os +1
NVD VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2026-0259 MEDIUM PATCH This Month

Authenticated file read and delete in Palo Alto Networks WildFire WF-500 and WF-500-B on-premise sandboxing appliances exposes sensitive system information and permits arbitrary file deletion by low-privileged network users. The root cause is CWE-73 (External Control of File Name or Path), where user-supplied input is insufficiently validated before being used to construct file system paths. Exploitation is constrained to appliances running in the default non-FIPS configuration mode; organizations relying solely on the WildFire Public cloud service are not impacted. No public exploit has been identified at time of analysis, consistent with EPSS at 0.05% (16th percentile) and SSVC exploitation status of 'none'.

Paloalto Information Disclosure Wildfire Wf 500 And Wf 500 B
NVD VulDB
CVSS 4.0
5.0
EPSS
0.1%
CVE-2026-0261 MEDIUM PATCH This Month

Multiple command injection vulnerabilities in Palo Alto Networks PAN-OS allow an authenticated administrator to escape system restrictions and execute arbitrary commands with root-level privileges on affected firewalls and Panorama management platforms. Affected deployments include PA-Series and VM-Series firewalls and Panorama (virtual and M-Series appliances) across PAN-OS versions 10.2, 11.1, 11.2, and 12.1. An attacker who already holds administrative credentials and can reach the CLI or Web UI can leverage these flaws to fully compromise the underlying OS. No public exploit code exists and no KEV listing is present at time of analysis, consistent with the very low EPSS score of 0.08% (24th percentile).

Paloalto Command Injection Cloud Ngfw Pan Os Prisma Access
NVD VulDB
CVSS 4.0
6.1
EPSS
0.1%
CVE-2026-0236 HIGH PATCH This Week

Local code injection in Palo Alto Networks Prisma Browser on macOS lets an authenticated non-admin user abuse an exposed AppleScript/Apple Event handler to send unauthorized commands to the browser, with high impact on confidentiality and integrity. No public exploit identified at time of analysis, and EPSS is very low (0.02%), but SSVC rates the technical impact as total once the local foothold exists. Affects all Prisma Browser releases prior to 146.16.6.165 on macOS.

Apple Paloalto Code Injection RCE Prisma Browser
NVD VulDB
CVSS 4.0
7.3
EPSS
0.0%
CVE-2026-0262 MEDIUM PATCH This Month

Multiple denial-of-service conditions in Palo Alto Networks PAN-OS allow unauthenticated remote attackers to crash or degrade firewall availability by sending specially crafted network traffic, with a high availability impact (VA:H) on the vulnerable system. Affected deployments span PAN-OS 10.2, 11.1, 11.2, and 12.1 branches as well as Prisma Access; vendor explicitly states Panorama and Cloud NGFW are not impacted, though Cloud NGFW appears in CPE strings - a discrepancy worth verifying. No public exploit identified at time of analysis, EPSS is very low (0.05%, 16th percentile), and SSVC classifies exploitation as none with non-automatable attack patterns, collectively suggesting a patch-cycle priority rather than an emergency response.

Denial Of Service Paloalto Cloud Ngfw Pan Os Prisma Access
NVD VulDB
CVSS 4.0
6.6
EPSS
0.1%
CVE-2026-0237 HIGH PATCH This Week

Local privilege escalation in Palo Alto Networks Prisma Browser on macOS allows a locally authenticated non-admin user to access an internal automation bridge that was insufficiently restricted, enabling unauthorized commands to be sent to the browser and bypassing built-in security controls. The flaw is tracked as CVE-2026-0237 with a CVSS 4.0 score of 7.3 and no public exploit identified at time of analysis, though SSVC rates the technical impact as total.

Apple Paloalto Authentication Bypass Prisma Browser
NVD VulDB
CVSS 4.0
7.3
EPSS
0.0%
CVE-2026-0263 HIGH PATCH NEWS This Week

Remote code execution and denial-of-service in Palo Alto Networks PAN-OS software stems from a buffer overflow in the IKEv2 processing path, allowing unauthenticated network attackers to either crash the firewall or run arbitrary code with elevated privileges. The flaw affects multiple PAN-OS branches (11.1.x, 11.2.x, and 12.1.x) while Panorama, Cloud NGFW, and Prisma Access remain unaffected. There is no public exploit identified at time of analysis, EPSS sits at a low 0.06% (19th percentile), and CISA SSVC currently lists exploitation as 'none'.

Memory Corruption RCE Buffer Overflow Denial Of Service Paloalto +3
NVD VulDB
CVSS 4.0
7.2
EPSS
0.1%
CVE-2026-0264 HIGH PATCH NEWS This Week

Heap-based buffer overflow in the DNS proxy and DNS Server features of Palo Alto Networks PAN-OS allows unauthenticated remote attackers to trigger a denial-of-service condition across all PAN-OS platforms (except Cloud NGFW and Prisma Access) and potentially achieve arbitrary code execution on PA-Series hardware appliances via specially crafted network traffic. The flaw is rated CVSS 7.2 with high attack complexity; no public exploit identified at time of analysis and EPSS is 0.07%, but the technical impact is rated total by SSVC.

Heap Overflow RCE Buffer Overflow Denial Of Service Paloalto +3
NVD VulDB
CVSS 4.0
7.2
EPSS
0.1%
CVE-2026-0265 HIGH PATCH NEWS This Week

Authentication bypass in Palo Alto Networks PAN-OS allows unauthenticated network attackers to circumvent authentication controls when the Cloud Authentication Service (CAS) feature is enabled, with the highest risk when CAS is bound to the management interface. The flaw affects PA-Series and VM-Series firewalls as well as Panorama (virtual and M-Series); Cloud NGFW and Prisma Access are not impacted. No public exploit identified at time of analysis, and EPSS rates real-world exploitation probability low at 0.08%, but the high-value target profile and CWE-347 (Improper Verification of Cryptographic Signature) class - combined with the 'Jwt Attack' tag - warrant prompt patching.

Paloalto Authentication Bypass Jwt Attack Cloud Ngfw Pan Os +1
NVD VulDB
CVSS 4.0
7.2
EPSS
0.1%
CVE-2026-0300 CRITICAL POC KEV PATCH THREAT CISA NEWS Act Now

Remote code execution in Palo Alto Networks PAN-OS User-ID Authentication Portal (Captive Portal) allows unauthenticated attackers to execute arbitrary code with root privileges on PA-Series and VM-Series firewalls via specially crafted packets. CISA KEV confirms active exploitation in the wild with publicly available exploit code. EPSS risk assessment is not provided, but the vulnerability achieves maximum impact with minimal attack complexity (CVSS 9.3, AV:N/AC:L/PR:N), making this a critical priority for immediate remediation. The attack surface is significantly reduced when access to the portal is restricted to trusted internal networks per vendor best practices.

Paloalto Memory Corruption Buffer Overflow RCE
NVD VulDB GitHub
CVSS 4.0
9.3
EPSS
14.9%
Threat
5.3
CVE-2026-0232 MEDIUM PATCH This Month

Cortex XDR agent on Windows versions 7.9-CE through 9.0 allows authenticated local administrators to disable the agent through a protection mechanism bypass, enabling malware to operate undetected. The vulnerability requires high privileges and local access, but creates a critical detection evasion vector when exploited by administratively compromised systems or insider threats. No public exploit code or active exploitation has been reported at time of analysis.

Paloalto Information Disclosure Microsoft Cortex Xdr Agent
NVD VulDB
CVSS 4.0
4.0
EPSS
0.0%
CVE-2026-0233 LOW PATCH NEWS Monitor

Remote code execution in Palo Alto Networks Autonomous Digital Experience Manager on Windows via certificate validation bypass allows unauthenticated attackers with adjacent network access to execute arbitrary code with NT AUTHORITY\SYSTEM privileges. CVSS score is 2.0 but reflects a physical adjacency attack vector (AV:P); real-world risk depends on network topology and whether the manager is exposed on trusted adjacent networks. No public exploit code or active exploitation has been confirmed at time of analysis.

Paloalto RCE Microsoft Autonomous Digital Experience Manager
NVD VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-0231 Monitor

An information disclosure vulnerability in Palo Alto Networks Cortex XDR® Broker VM allows an authenticated user to obtain and modify sensitive information by triggering live terminal session via Cortex UI and modifying any configuration setting.

Paloalto Information Disclosure
NVD VulDB
EPSS
0.0%
CVE-2026-0230 Monitor

A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on macOS allows a local administrator to disable the agent. This issue could be leveraged by malware to perform malicious activity without detection.

Paloalto macOS
NVD VulDB
EPSS
0.0%
CVE-2026-0229 Monitor

A denial-of-service (DoS) vulnerability in the Advanced DNS Security (ADNS) feature of Palo Alto Networks PAN-OS® software enables an unauthenticated attacker to initiate system reboots using a maliciously crafted packet.

Paloalto DNS
NVD
EPSS
0.0%
CVE-2026-0228 CERT-EU Monitor

An improper certificate validation vulnerability in PAN-OS allows users to connect Terminal Server Agents on Windows to PAN-OS using expired certificates even if the PAN-OS configuration would not normally permit them to do so.

Paloalto Windows
NVD
EPSS
0.0%
CVE-2026-0227 HIGH CERT-EU This Week

Unauthenticated remote attackers can crash Palo Alto Networks PAN-OS firewalls through repeated requests, forcing the devices into maintenance mode and causing denial of service. This vulnerability affects Palo Alto firewalls and Prisma Access deployments with no available patch, creating ongoing operational risk. The attack requires no authentication or user interaction and can be exploited over the network.

Paloalto Denial Of Service Pan Os Prisma Access
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-20373 LOW Monitor

In Splunk Add-on for Palo Alto Networks versions below 2.0.2, the add-on exposes client secrets in plain text in the _internal index during the addition of new “Data Security Accounts“. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Paloalto
NVD
CVSS 3.1
2.7
EPSS
0.0%
CVE-2025-4618 MEDIUM Monitor

A sensitive information disclosure vulnerability in Palo Alto Networks Prisma® Browser allows a locally authenticated non-admin user to retrieve sensitive data from Prisma Browser. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Paloalto
NVD
CVSS 4.0
4.4
EPSS
0.0%
CVE-2025-4617 LOW Monitor

An insufficient policy enforcement vulnerability in Palo Alto Networks Prisma® Browser on Windows allows a locally authenticated non-admin user to bypass the screenshot control feature of the. Rated low severity (CVSS 1.1), this vulnerability is low attack complexity. No vendor patch available.

Paloalto Microsoft Authentication Bypass Windows
NVD
CVSS 4.0
1.1
EPSS
0.0%
CVE-2025-4616 LOW Monitor

An insufficient validation of an untrusted input vulnerability in Palo Alto Networks Prisma® Browser allows a locally authenticated non-admin user to revert the browser’s security controls. Rated low severity (CVSS 1.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Paloalto
NVD
CVSS 4.0
1.1
EPSS
0.0%
CVE-2025-4619 MEDIUM This Month

A denial-of-service (DoS) vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to reboot a firewall by sending a specially crafted packet through the dataplane. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Paloalto Information Disclosure Microsoft Windows
NVD
CVSS 4.0
6.6
EPSS
0.1%
CVE-2025-4615 MEDIUM This Month

Improper input neutralization in Palo Alto Networks PAN-OS management web interface allows authenticated high-privilege administrators to bypass system restrictions and execute arbitrary commands through command injection. The vulnerability affects PAN-OS across multiple versions (specific version ranges not independently confirmed from provided data), with a low EPSS exploitation probability (0.06%, 17th percentile) and no confirmed active exploitation or public proof-of-concept. Risk is significantly reduced when CLI access is restricted to a limited administrator group; Cloud NGFW and Prisma Access are unaffected.

Paloalto RCE Authentication Bypass Command Injection Pan Os
NVD VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-4235 HIGH This Month

An information exposure vulnerability in the Palo Alto Networks User-ID Credential Agent (Windows-based) can expose the service account password under specific non-default configurations. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Paloalto Microsoft Information Disclosure Windows
NVD
CVSS 4.0
7.2
EPSS
0.0%
CVE-2025-4234 LOW Monitor

A problem with the Palo Alto Networks Cortex XDR Microsoft 365 Defender Pack can result in exposure of user credentials in application logs. Rated low severity (CVSS 2.4), this vulnerability is low attack complexity. No vendor patch available.

Paloalto Microsoft Information Disclosure
NVD
CVSS 4.0
2.4
EPSS
0.0%
CVE-2025-2184 MEDIUM This Month

A credential management flaw in Palo Alto Networks Cortex XDR® Broker VM causes different Broker VM images to share identical default credentials for internal services. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Paloalto Information Disclosure
NVD
CVSS 4.0
5.3
EPSS
0.0%
CVE-2025-2183 MEDIUM This Month

An insufficient certificate validation issue in the Palo Alto Networks GlobalProtect™ app enables attackers to connect the GlobalProtect app to arbitrary servers. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Paloalto Information Disclosure
NVD
CVSS 4.0
5.3
EPSS
0.0%
CVE-2025-2182 MEDIUM This Month

A problem with the implementation of the MACsec protocol in Palo Alto Networks PAN-OS® results in the cleartext exposure of the connectivity association key (CAK). Rated medium severity (CVSS 5.6), this vulnerability is low attack complexity. No vendor patch available.

Paloalto Information Disclosure
NVD
CVSS 4.0
5.6
EPSS
0.0%
CVE-2025-2181 MEDIUM This Month

A sensitive information disclosure vulnerability in Palo Alto Networks Checkov by Prisma® Cloud can result in the cleartext exposure of Prisma Cloud access keys in Checkov's output. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Paloalto Information Disclosure
NVD
CVSS 4.0
5.9
EPSS
0.0%
CVE-2025-2180 MEDIUM This Month

An unsafe deserialization vulnerability in Palo Alto Networks Checkov by Prisma® Cloud allows an authenticated user to execute arbitrary code as a non administrative user by scanning a malicious. Rated medium severity (CVSS 4.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Paloalto RCE Deserialization Hashicorp
NVD
CVSS 4.0
4.8
EPSS
0.3%
CVE-2025-0141 HIGH PATCH This Week

CVE-2025-0141 is a security vulnerability (CVSS 8.4) that allows a locally authenticated non administrative user. High severity vulnerability requiring prompt remediation.

Microsoft Google Paloalto Apple Privilege Escalation +4
NVD
CVSS 4.0
8.4
EPSS
0.0%
CVE-2025-0140 MEDIUM PATCH This Month

CVE-2025-0140 is a security vulnerability (CVSS 6.8) that allows a locally authenticated non administrative user. Remediation should follow standard vulnerability management procedures.

Microsoft Google Paloalto Information Disclosure Apple +4
NVD
CVSS 4.0
6.8
EPSS
0.0%
CVE-2025-0139 MEDIUM PATCH This Month

CVE-2025-0139 is a security vulnerability (CVSS 6.3) that allows a locally authenticated low privileged user. Remediation should follow standard vulnerability management procedures.

Paloalto Apple Privilege Escalation macOS
NVD
CVSS 4.0
6.3
EPSS
0.0%
CVE-2025-4229 MEDIUM PATCH This Month

An information disclosure vulnerability in the SD-WAN feature of Palo Alto Networks PAN-OS® software enables an unauthorized user to view unencrypted data sent from the firewall through the SD-WAN interface. This requires the user to be able to intercept packets sent from the firewall. Cloud NGFW and Prisma® Access are not affected by this vulnerability.

Paloalto Information Disclosure
NVD
CVSS 4.0
6.0
EPSS
0.1%
CVE-2025-4227 LOW PATCH Monitor

An improper access control vulnerability in the Endpoint Traffic Policy Enforcement https://docs.paloaltonetworks.com/globalprotect/6-0/globalprotect-app-new-features/new-features-released-in-gp-app/endpoint-traffic-policy-enforcement feature of the Palo Alto Networks GlobalProtect™ app allows certain packets to remain unencrypted instead of being properly secured within the tunnel. An attacker with physical access to the network can inject rogue devices to intercept these packets. Under normal operating conditions, the GlobalProtect app automatically recovers from this interception within one minute.

Paloalto Code Injection
NVD
CVSS 3.1
3.5
EPSS
0.0%
CVE-2025-4232 HIGH PATCH This Week

CVE-2025-4232 is an improper neutralization of wildcards vulnerability in Palo Alto Networks GlobalProtect app for macOS that allows non-administrative users to escalate privileges to root through the log collection feature. With a CVSS score of 8.8 and requiring only low complexity remote network access with low privileges, this vulnerability presents a critical privilege escalation risk. The attack requires user interaction only at the network level (not UI) and affects the confidentiality, integrity, and availability of affected systems.

Paloalto Globalprotect macOS Privilege Escalation
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-4231 HIGH PATCH This Week

Command injection vulnerability in Palo Alto Networks PAN-OS that allows an authenticated administrative user to execute arbitrary commands with root privileges. The vulnerability requires network access to the management web interface and successful authentication, making it a post-authentication remote code execution flaw. While the CVSS score of 7.2 is moderately high, the requirement for administrative credentials significantly limits its practical exploitability in most environments.

Paloalto Command Injection Privilege Escalation Pan Os
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2025-4230 HIGH PATCH This Week

Command injection vulnerability in Palo Alto Networks PAN-OS that allows authenticated administrators with CLI access to bypass system restrictions and execute arbitrary commands with root privileges. The vulnerability affects on-premises PAN-OS deployments with CVSS 8.4, but risk is significantly reduced in environments where CLI access is restricted to a limited administrative group. Cloud NGFW and Prisma Access are not affected.

Paloalto Command Injection RCE Privilege Escalation
NVD
CVSS 4.0
8.4
EPSS
0.1%
CVE-2025-4228 MEDIUM PATCH This Month

CVE-2025-4228 is a security vulnerability (CVSS 4.6) that allows an authenticated administrative user. Remediation should follow standard vulnerability management procedures.

Paloalto Privilege Escalation
NVD
CVSS 4.0
4.6
EPSS
0.0%
CVE-2025-4233 MEDIUM PATCH This Month

CVE-2025-4233 is a security vulnerability (CVSS 5.1) that allows users. Remediation should follow standard vulnerability management procedures.

Paloalto Authentication Bypass
NVD
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-0138 LOW Monitor

Web sessions in the web interface of Palo Alto Networks Prisma® Cloud Compute Edition do not expire when users are deleted, which makes Prisma Cloud Compute Edition susceptible to unauthorized. Rated low severity (CVSS 2.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Paloalto
NVD
CVSS 4.0
2.0
EPSS
0.3%
CVE-2025-0137 MEDIUM This Month

An improper input neutralization vulnerability in the management web interface of the Palo Alto Networks PAN-OS® software enables a malicious authenticated read-write administrator to impersonate. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Paloalto
NVD
CVSS 4.0
4.8
EPSS
0.4%
CVE-2025-0136 MEDIUM This Month

Using the AES-128-CCM algorithm for IPSec on certain Palo Alto Networks PAN-OS® firewalls (PA-7500, PA-5400, PA-5400f, PA-3400, PA-1600, PA-1400, and PA-400 Series) leads to unencrypted data transfer. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Paloalto
NVD
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-0135 MEDIUM This Month

An incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtect™ App on macOS devices enables a locally authenticated non administrative user to disable the app. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Apple Paloalto Google Microsoft +5
NVD
CVSS 4.0
5.2
EPSS
0.2%
CVE-2025-0134 MEDIUM This Month

A code injection vulnerability in the Palo Alto Networks Cortex XDR® Broker VM allows an authenticated user to execute arbitrary code with root privileges on the host operating system running Broker. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Paloalto
NVD
CVSS 4.0
6.5
EPSS
0.4%
CVE-2025-0133 LOW POC Monitor

A reflected cross-site scripting (XSS) vulnerability in the GlobalProtect™ gateway and portal features of Palo Alto Networks PAN-OS® software enables execution of malicious JavaScript in the context. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Paloalto XSS
NVD
CVSS 4.0
2.7
EPSS
3.5%
CVE-2025-0132 MEDIUM This Month

A missing authentication vulnerability in Palo Alto Networks Cortex XDR® Broker VM allows an unauthenticated user to disable certain internal services on the Broker VM. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Paloalto
NVD
CVSS 4.0
6.9
EPSS
0.4%
CVE-2025-0131 HIGH This Month

An incorrect privilege management vulnerability in the OPSWAT MetaDefender Endpoint Security SDK used by the Palo Alto Networks GlobalProtect™ app on Windows devices allows a locally authenticated. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Paloalto Privilege Escalation Windows
NVD
CVSS 4.0
7.1
EPSS
0.2%
CVE-2025-0130 HIGH This Week

A missing exception check in Palo Alto Networks PAN-OS® software with the web proxy feature enabled allows an unauthenticated attacker to send a burst of maliciously crafted packets that causes the. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Paloalto
NVD VulDB
CVSS 4.0
8.2
EPSS
0.3%
CVE-2025-0129 CRITICAL This Week

An improper exception check in Palo Alto Networks Prisma Access Browser allows a low privileged user to prevent Prisma Access Browser from applying it's Policy Rules. Rated critical severity (CVSS 9.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Paloalto
NVD
CVSS 4.0
9.3
EPSS
0.3%
CVE-2025-0123 MEDIUM This Month

A vulnerability in the Palo Alto Networks PAN-OS® software enables unlicensed administrators to view clear-text data captured using the packet capture feature. Rated medium severity (CVSS 5.9), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Paloalto
NVD
CVSS 4.0
5.9
EPSS
0.2%
CVE-2025-0119 MEDIUM This Month

A command injection vulnerability in the Palo Alto Networks Cortex XDR® Broker VM allows an authenticated user to execute arbitrary OS commands with root privileges on the host operating system. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Paloalto
NVD
CVSS 4.0
6.3
EPSS
0.5%
CVE-2025-0128 HIGH This Week

A denial-of-service (DoS) vulnerability in the Simple Certificate Enrollment Protocol (SCEP) authentication feature of Palo Alto Networks PAN-OS® software enables an unauthenticated attacker to. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Paloalto
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-0127 HIGH This Week

A command injection vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Paloalto
NVD
CVSS 4.0
7.1
EPSS
0.1%
CVE-2025-0126 HIGH This Week

When configured using SAML, a session fixation vulnerability in the GlobalProtect™ login enables an attacker to impersonate a legitimate authorized user and perform actions as that GlobalProtect. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Session Fixation Paloalto
NVD
CVSS 4.0
8.3
EPSS
0.4%
CVE-2025-0125 MEDIUM This Month

An improper input neutralization vulnerability in the management web interface of the Palo Alto Networks PAN-OS® software enables a malicious authenticated read-write administrator to impersonate. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Paloalto
NVD
CVSS 4.0
6.9
EPSS
0.5%
CVE-2025-0124 MEDIUM This Month

An authenticated file deletion vulnerability in the Palo Alto Networks PAN-OS® software enables an authenticated attacker with network access to the management web interface to delete certain files. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Paloalto Pan Os
NVD
CVSS 4.0
5.1
EPSS
0.7%
CVE-2025-0122 MEDIUM This Month

A denial-of-service (DoS) vulnerability in Palo Alto Networks Prisma® SD-WAN ION devices enables an unauthenticated attacker in a network adjacent to a Prisma SD-WAN ION device to disrupt the packet. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Paloalto Denial Of Service
NVD
CVSS 4.0
5.1
EPSS
0.2%
CVE-2025-0121 MEDIUM This Month

A null pointer dereference vulnerability in the Palo Alto Networks Cortex® XDR agent on Windows devices allows a low-privileged local Windows user to crash the agent. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Null Pointer Dereference Paloalto Denial Of Service Windows
NVD
CVSS 4.0
6.8
EPSS
0.2%
CVE-2025-0120 HIGH This Week

A vulnerability with a privilege management mechanism in the Palo Alto Networks GlobalProtect™ app on Windows devices allows a locally authenticated non-administrative Windows user to escalate their. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Paloalto Privilege Escalation Globalprotect Windows
NVD
CVSS 4.0
7.1
EPSS
0.1%
CVE-2025-0118 MEDIUM This Month

A vulnerability in the Palo Alto Networks GlobalProtect app on Windows allows a remote attacker to run ActiveX controls within the context of an authenticated Windows user. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Paloalto Globalprotect Windows
NVD
CVSS 4.0
6.0
EPSS
0.3%
EPSS 0% CVSS 2.0
LOW PATCH Monitor

Privilege escalation in Palo Alto Networks Prisma® Browser on macOS enables a locally authenticated administrator with access to the local filesystem to perform actions at root privilege level. The vulnerability is scoped exclusively to macOS deployments of Prisma Browser - no other platforms or Palo Alto products are implicated per the advisory. No public exploit identified at time of analysis; the CVSS 4.0 base score of 2.0 reflects the substantial exploitation prerequisites that materially constrain real-world risk despite the full-system impact potential at root level.

Privilege Escalation Apple Paloalto +1
NVD
EPSS 1% CVSS 6.6
MEDIUM PATCH This Month

Denial of service conditions in Palo Alto Networks PAN-OS allow unauthenticated network attackers to crash firewall dataplane processes by sending specially crafted traffic to or through a dataplane interface. Repeated exploitation escalates the impact: the firewall is forced into maintenance mode, effectively taking the security appliance offline and disrupting all traffic enforcement. No public exploit code has been identified at time of analysis, and Panorama management infrastructure is explicitly confirmed unaffected.

Denial Of Service Paloalto Cloud Ngfw +1
NVD VulDB
EPSS 1% CVSS 6.0
MEDIUM PATCH This Month

Command injection in the Palo Alto Networks PAN-OS management plane allows an authenticated administrator to execute arbitrary OS commands with root privileges on PA-Series, VM-Series, and Panorama appliances. The vulnerability is classified CWE-78 and is reachable via the network-accessible management interface, though the requirement for administrator-level credentials substantially constrains the attacker pool. No public exploit code has been identified at time of analysis, and no active exploitation has been confirmed by CISA KEV.

Command Injection Paloalto Pan Os
NVD VulDB
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

Server-side request forgery in Palo Alto Networks PAN-OS allows an authenticated administrator with access to the management web interface to weaponize the firewall as an unauthorized network relay, making requests to internal services on behalf of the attacker. Exploitation is constrained by the requirement for high-privilege administrator credentials (PR:H) and network reachability to the management interface, substantially limiting the realistic attacker population. No public exploit code or active exploitation has been identified; the vendor's own CVSS 4.0 supplemental metrics rate exploitation status as Unreported (E:U) and urgency as Amber.

SSRF Paloalto Pan Os
NVD VulDB
EPSS 0% CVSS 1.1
LOW PATCH Monitor

Privilege escalation in Palo Alto Networks Cortex XDR Broker VM permits locally authenticated users to perform operations as the root user within the appliance. The vulnerability is constrained to the Broker VM itself - the CVSS 4.0 vector (SC:N/SI:N/SA:N) confirms no scope change to subsequent or adjacent systems, limiting the blast radius to the VM appliance. No public exploit exists (E:U) and no CISA KEV listing is present; the vendor-assigned CVSS 4.0 score of 1.1 reflects this low-urgency posture.

Privilege Escalation Paloalto Cortex Xdr Broker Vm
NVD VulDB
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

XML injection in Palo Alto Networks PAN-OS Large Scale VPN (LSVPN) exposes unauthenticated remote attackers a path to inject malicious XML content into the LSVPN data pipeline, resulting in information disclosure or corruption of internal satellite configuration data. Only PAN-OS devices with LSVPN actively configured are affected; the vendor explicitly confirms Panorama, Cloud NGFW, and Prisma Access are not in scope. No public exploit has been identified at time of analysis, and the CVSS 4.0 supplemental E:U metric signals exploitation as currently unlikely, though the zero-authentication, network-accessible attack surface demands prompt attention from operators running LSVPN hub deployments.

Information Disclosure Paloalto Pan Os
NVD VulDB
EPSS 1% CVSS 4.5
MEDIUM PATCH This Month

Authentication bypass in the Large Scale VPN (LSVPN) feature of Palo Alto Networks PAN-OS enables unauthenticated network-adjacent attackers to establish unauthorized site-to-site VPN connections without valid credentials. The root cause is CWE-306 (Missing Authentication for Critical Function), where the LSVPN peer negotiation process fails to enforce authentication before allowing VPN tunnel establishment. While the CVSS 4.0 base score is 4.5, the subsequent-system confidentiality impact is rated High (SC:H), reflecting that a successful bypass grants the attacker routing-level access into networks protected by the VPN - a materially greater risk than the headline score suggests. No public exploit code exists and no active exploitation has been confirmed (CISA KEV not listed, E:U).

Authentication Bypass Paloalto Pan Os
NVD VulDB
EPSS 0% CVSS 2.7
LOW PATCH Monitor

Unauthenticated file deletion in Palo Alto Networks PAN-OS allows network-reachable attackers to delete files from a temporary directory via the management web interface, affecting PA-Series and VM-Series firewalls and Panorama appliances. Real-world risk is substantially bounded by the vendor's documented best-practice guidance to restrict management interface access to trusted internal IP addresses, which eliminates external attack surface. No public exploit code has been identified, CISA KEV listing is absent, and the vendor-provided CVSS 4.0 score of 2.7 with an E:U supplemental metric reflects no known active exploitation.

Information Disclosure Paloalto Pan Os
NVD VulDB
EPSS 0% CVSS 2.1
LOW PATCH Monitor

Web session token theft from PAN-OS management interfaces affects PA-Series and VM-Series firewalls and Panorama deployments, enabling a network-adjacent unauthenticated attacker to hijack authenticated administrator sessions. Exploitation depends on a legitimate management user clicking an attacker-crafted malicious link while an active session exists - a social engineering prerequisite that substantially reduces real-world risk. No public exploit code exists (CVSS 4.0 E:U) and the issue is not listed in CISA KEV; the vendor rates overall CVSS 4.0 severity at 2.1, reflecting these mitigating factors.

Information Disclosure Paloalto Pan Os
NVD VulDB
EPSS 0% CVSS 1.7
LOW PATCH Monitor

Security policy bypass in Palo Alto Networks PAN-OS exposes protected services behind the firewall to traffic that should be blocked, exploitable by unauthenticated remote attackers via crafted IPv6 packets targeting the dataplane. The CVSS 4.0 score of 1.7 reflects that direct impact on the firewall itself is nil (VC:N/VI:N/VA:N), with only low-severity downstream effect on subsequent systems (SC:L/SI:L), and specific attack conditions must be present (AT:P). No public exploit code exists and no active exploitation has been reported (E:U), though the automatable flag (AU:Y) indicates the attack could in principle be scripted once conditions are met.

Authentication Bypass Paloalto Pan Os
NVD VulDB
EPSS 1% CVSS 1.3
LOW PATCH Monitor

Multiple stored and reflected cross-site scripting vulnerabilities in PAN-OS expose the User-ID Authentication Portal (Captive Portal), GlobalProtect gateway/portal, and Clientless VPN web interfaces to unauthenticated attackers who can inject and execute arbitrary JavaScript in victim browsers. Affected deployments span PA-Series and VM-Series firewalls and Panorama management platforms; Cloud NGFW is explicitly not affected. No public exploit code exists (CVSS 4.0 E:U), and the vendor states risk is substantially reduced - potentially minimized - when portal and management access is restricted to trusted internal IP ranges per Palo Alto's recommended hardening guidelines.

XSS Paloalto Pan Os
NVD VulDB
EPSS 1% CVSS 7.2
HIGH PATCH This Week

Memory corruption in the User-ID Terminal Server Agent (TSA) of Palo Alto Networks PAN-OS lets an unauthenticated network attacker crash the service (DoS) or potentially execute arbitrary code by sending crafted traffic to the TSA listener. Multiple out-of-bounds write bugs are involved; the vendor's CVSS 4.0 vector flags the exploit as unproven (E:U), and no public exploit has been identified at time of analysis. Panorama is explicitly not affected, and exposure hinges on whether the optional TSA component is deployed and reachable.

Memory Corruption Paloalto Buffer Overflow +3
NVD VulDB
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Command injection in Palo Alto Networks PAN-OS enables an authenticated administrator to escape system-enforced restrictions and execute arbitrary OS commands as root via the CLI or Web UI. Affected deployments include PA-Series and VM-Series firewalls and Panorama (virtual and M-Series); Cloud NGFW and Prisma Access are explicitly excluded per the vendor advisory. No public exploit has been identified at time of analysis, and the CVSS 4.0 score of 6.1 accurately reflects the significant mitigating factor of requiring high-privilege administrative access before exploitation is possible.

Command Injection Paloalto Cloud Ngfw +2
NVD VulDB
EPSS 0% CVSS 6.0
MEDIUM PATCH This Month

Privilege escalation in Palo Alto Networks PAN-OS on PA-Series and VM-Series firewalls and Panorama appliances allows an authenticated CLI administrator to perform operations at the root OS level, bypassing intended privilege boundaries through a missing authorization control (CWE-862). The risk is substantially gated by the requirement for existing administrative CLI access (CVSS PR:H), making insider threats and compromised admin credentials the primary real-world attack paths. No public exploits or confirmed active exploitation have been identified at time of analysis, and the vendor's own E:U supplemental metric reinforces the low exploitation urgency - though root-level OS access to a firewall represents a severe impact if the prerequisite is met.

Privilege Escalation Authentication Bypass Paloalto +3
NVD VulDB
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

Privilege escalation in Palo Alto Networks Prisma Access Agent on Linux allows a locally authenticated low-privileged user to execute arbitrary code with elevated privileges, achieving full confidentiality, integrity, and availability compromise of the affected system. The vulnerability is rooted in CWE-732 (Incorrect Permission Assignment for Critical Resource) and is strictly scoped to Linux deployments - the Windows, macOS, iOS, Android, and ChromeOS agent variants are confirmed unaffected by the vendor. No public exploit code has been identified at time of analysis, and the CVSS 4.0 supplemental metric E:U (Exploitation Unlikely) further tempers immediate mass-exploitation risk, though the complete local system impact warrants timely patching for multi-user Linux environments.

Microsoft Apple Paloalto +3
NVD VulDB
EPSS 0% CVSS 4.8
MEDIUM PATCH This Month

Path traversal in Palo Alto Networks Cortex XSOAR engine on Linux enables arbitrary file write to the host system by an unauthenticated adjacent-network attacker who can intercept and manipulate outbound network response traffic via MITM. The referenced NVD entry for CVE-2007-4559 - the canonical Python tarfile path traversal - strongly suggests XSOAR's content pack or update download pipeline uses Python's tarfile module without path sanitization, allowing a poisoned archive to escape the extraction directory. No public exploit code has been identified at time of analysis, and the CVSS 4.0 supplemental metrics classify exploitation as unreported (E:U), though the attack is rated automatable (AU:Y) once MITM positioning is achieved.

Path Traversal Paloalto Cortex Xsoar
NVD VulDB
EPSS 0% CVSS 4.6
MEDIUM PATCH This Month

Memory corruption in PAN-OS tunnel traffic processing allows an authenticated, adjacent-network attacker to force the firewall into unplanned reboots or maintenance mode via a crafted packet, constituting a denial-of-service against the firewall itself. The CVSS 4.0 vector (AV:A/PR:L/VA:H) confirms the impact is purely availability - no confidentiality or integrity loss - and exploitation requires both authenticated access and adjacency to the tunnel interface. No public exploit code exists and no active exploitation has been reported; the vendor-assigned threat metric (E:U) reinforces that real-world risk is presently low.

Buffer Overflow Paloalto Cloud Ngfw +3
NVD VulDB
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

GlobalProtect app on macOS exposes administrator-configured passcodes - used to restrict disabling, disconnecting, or uninstalling the endpoint agent - to unprivileged local users. A local user who reads the exposed passcode can then bypass endpoint protection controls that are specifically designed to prevent such actions, effectively disabling Palo Alto's endpoint security enforcement on the affected machine. No public exploit exists at time of analysis, and CVSS 4.0 supplemental metrics classify exploitation likelihood as 'Unreported' (E:U), though the impact on security posture is significant given that the passcode mechanism is the primary access control preventing users from circumventing GlobalProtect.

Information Disclosure Apple Paloalto +2
NVD VulDB
EPSS 0% CVSS 1.1
LOW PATCH Monitor

Stored cross-site scripting in Palo Alto Networks PAN-OS allows a malicious authenticated administrator to persist a JavaScript payload via the web management interface, enabling potential execution of that script in the browsers of other administrative users who view the affected interface element. Affected platforms include PA-Series and VM-Series physical and virtual firewalls as well as Panorama (both virtual appliances and M-Series hardware). The CVSS 4.0 base score of 1.1 reflects the extremely constrained exploitability: high-privilege access is a prerequisite and passive user interaction by a second victim is required. No public exploit identified at time of analysis.

XSS Paloalto Cloud Ngfw +2
NVD VulDB
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

Denial of service in Palo Alto Networks Prisma SD-WAN ION devices allows an unauthenticated attacker with adjacent network access to crash or disrupt the device by sending a specially crafted IPv6 packet. The vulnerability (CWE-606) exists across three active release branches of the ION software, with fixed versions available from Palo Alto Networks. No public exploit code exists and no active exploitation has been identified at time of analysis, with EPSS at 0.03% and SSVC confirming exploitation status as none.

Denial Of Service Paloalto Prisma Sd Wan Ion
NVD
EPSS 0% CVSS 5.2
MEDIUM PATCH This Month

Improper certificate validation in Palo Alto Networks Prisma SD-WAN ION allows an adjacent-network attacker positioned as a man-in-the-middle to impersonate the SD-WAN controller, achieving high confidentiality, integrity, and availability impact against the vulnerable device. Affected versions span three active release trains (6.3.x, 6.4.x, and 6.5.x), with fixed builds now available from Palo Alto Networks. No public exploit identified at time of analysis, and EPSS sits at 0.00%, but SSVC rates technical impact as total given the controller-impersonation capability.

Paloalto Information Disclosure Prisma Sd Wan Ion
NVD
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

Local privilege escalation in Palo Alto Networks Prisma Access Agent (all versions prior to 26.2.1) allows any locally authenticated non-administrative user to elevate to root on macOS and Linux, or NT AUTHORITY\SYSTEM on Windows, by exploiting a flawed privilege management mechanism. Successful exploitation grants full control of the affected endpoint, enabling arbitrary code execution and unauthorized access to data restricted to privileged accounts. No public exploit exists and the vulnerability is absent from CISA KEV; however, SSVC rates technical impact as total, making patching a meaningful priority for multi-user and enterprise endpoint environments.

Google RCE Apple +4
NVD
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

Improper certificate validation in Palo Alto Networks GlobalProtect App exposes macOS and Android users to adversary-in-the-middle attacks from locally adjacent network positions, enabling traffic interception and malicious software installation. The flaw allows an unauthenticated attacker on the same subnet - or a local non-administrative OS user - to redirect encrypted VPN communications to a rogue server by bypassing TLS certificate checks. No public exploit has been identified at time of analysis, EPSS is effectively zero, and CISA SSVC rates exploitation as none, though the high confidentiality and integrity impact on the vulnerable component warrants prompt patching on affected platforms.

Apple Paloalto Microsoft +2
NVD VulDB
EPSS 0% CVSS 5.2
MEDIUM PATCH This Month

Buffer overflow in Palo Alto Networks GlobalProtect App (versions 6.0 through 6.3) allows an adjacent-network attacker positioned as a man-in-the-middle to corrupt memory during Portal/Gateway message processing, potentially executing arbitrary code with SYSTEM privileges on affected endpoints. Affected platforms include Windows (including the UWP variant), macOS, and other non-iOS clients; iOS is explicitly excluded by the vendor. No public exploit identified at time of analysis - EPSS stands at 0.01% and SSVC confirms no current exploitation - however the SSVC technical impact rating of 'total' and potential for full SYSTEM-level compromise justify prioritized patching for endpoints connecting from untrusted networks.

Memory Corruption RCE Apple +4
NVD VulDB
EPSS 0% CVSS 1.1
LOW PATCH Monitor

Content injection in Palo Alto Networks Broker VM 30.0 (versions prior to 30.0.24) allows an authenticated administrator with local access to inject arbitrary content into certain administrative fields within the appliance. The vulnerability carries a CVSS 4.0 score of 1.1, reflecting its highly constrained exploitation prerequisites: local access, low-privilege authentication, and limited integrity impact with no confidentiality or availability consequences. No public exploit identified at time of analysis, and SSVC assessment confirms no observed exploitation, making this a low-urgency finding for most organizations.

Paloalto Code Injection Broker Vm
NVD VulDB
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

Local privilege escalation vulnerabilities in Palo Alto Networks GlobalProtect App on Windows, macOS, and Linux allow a low-privileged local user to elevate to NT AUTHORITY\SYSTEM (Windows) or root (macOS/Linux), enabling full OS-level command execution. The root cause is CWE-426 (Untrusted Search Path), where the application resolves executables or libraries from attacker-controllable locations. No public exploit has been identified and CISA SSVC confirms exploitation status as none; however, SSVC rates technical impact as total, reflecting the complete privilege gain achievable upon successful exploitation.

Privilege Escalation Google Apple +4
NVD VulDB
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

Stored cross-site scripting in Palo Alto Networks PAN-OS® web interface allows a malicious authenticated administrator to inject persistent JavaScript payloads that execute in the browsers of other users who view the affected pages. Affected deployments include PA-Series and VM-Series firewalls and Panorama (virtual and M-Series) running PAN-OS 10.2.x, 11.1.x, 11.2.x, and 12.1.x branches. No active exploitation is confirmed - EPSS stands at 0.04% (13th percentile), SSVC exploitation status is 'none', and no public exploit code has been identified at time of analysis. Vendor-released patches are available for all affected branches.

Paloalto XSS Cloud Ngfw +2
NVD VulDB
EPSS 0% 4.6 CVSS 7.8
HIGH POC KEV PATCH THREAT Act Now

Authentication bypass in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS allows remote attackers to establish unauthorized VPN connections without valid credentials. The flaw is confirmed actively exploited (CISA KEV) and publicly available exploit code exists, though EPSS remains low at 0.05%, suggesting targeted rather than mass exploitation. Panorama and Cloud NGFW deployments are not affected, but PAN-OS firewalls and Prisma Access tenants running vulnerable trains are exposed.

Paloalto Authentication Bypass
NVD VulDB GitHub
EPSS 0% CVSS 5.8
MEDIUM PATCH This Month

Policy bypass in Palo Alto Networks Prisma® Browser allows a locally authenticated non-admin user to circumvent access and data control policies via a race condition, potentially exposing restricted data with high confidentiality impact to the vulnerable system. Affected versions span all releases prior to 146.16.6.165, per EUVD-2026-30087 and vendor advisory. No active exploitation is confirmed - the vulnerability is absent from CISA KEV, EPSS sits at 0.01% (3rd percentile), and SSVC assessment categorizes exploitation status as none - indicating this is a low-urgency but architecturally meaningful trust boundary weakness in an enterprise browser control product.

Paloalto Authentication Bypass Prisma Browser
NVD VulDB
EPSS 0% CVSS 4.8
MEDIUM PATCH This Month

Server-side request forgery in the IKEv2 implementation of Palo Alto Networks PAN-OS allows unauthenticated remote attackers to coerce the firewall into issuing outbound network requests to arbitrary destinations or to trigger a denial-of-service condition. Affected are PAN-OS 10.2, 11.1, 11.2, and 12.1 branch trains; Panorama, Cloud NGFW, and Prisma Access are explicitly confirmed unaffected. No public exploit code has been identified and SSVC assessment confirms no current exploitation, though a vendor-released patch is available across all impacted branches.

Denial Of Service Paloalto SSRF +3
NVD VulDB
EPSS 0% CVSS 5.0
MEDIUM PATCH This Month

Authenticated file read and delete in Palo Alto Networks WildFire WF-500 and WF-500-B on-premise sandboxing appliances exposes sensitive system information and permits arbitrary file deletion by low-privileged network users. The root cause is CWE-73 (External Control of File Name or Path), where user-supplied input is insufficiently validated before being used to construct file system paths. Exploitation is constrained to appliances running in the default non-FIPS configuration mode; organizations relying solely on the WildFire Public cloud service are not impacted. No public exploit has been identified at time of analysis, consistent with EPSS at 0.05% (16th percentile) and SSVC exploitation status of 'none'.

Paloalto Information Disclosure Wildfire Wf 500 And Wf 500 B
NVD VulDB
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Multiple command injection vulnerabilities in Palo Alto Networks PAN-OS allow an authenticated administrator to escape system restrictions and execute arbitrary commands with root-level privileges on affected firewalls and Panorama management platforms. Affected deployments include PA-Series and VM-Series firewalls and Panorama (virtual and M-Series appliances) across PAN-OS versions 10.2, 11.1, 11.2, and 12.1. An attacker who already holds administrative credentials and can reach the CLI or Web UI can leverage these flaws to fully compromise the underlying OS. No public exploit code exists and no KEV listing is present at time of analysis, consistent with the very low EPSS score of 0.08% (24th percentile).

Paloalto Command Injection Cloud Ngfw +2
NVD VulDB
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Local code injection in Palo Alto Networks Prisma Browser on macOS lets an authenticated non-admin user abuse an exposed AppleScript/Apple Event handler to send unauthorized commands to the browser, with high impact on confidentiality and integrity. No public exploit identified at time of analysis, and EPSS is very low (0.02%), but SSVC rates the technical impact as total once the local foothold exists. Affects all Prisma Browser releases prior to 146.16.6.165 on macOS.

Apple Paloalto Code Injection +2
NVD VulDB
EPSS 0% CVSS 6.6
MEDIUM PATCH This Month

Multiple denial-of-service conditions in Palo Alto Networks PAN-OS allow unauthenticated remote attackers to crash or degrade firewall availability by sending specially crafted network traffic, with a high availability impact (VA:H) on the vulnerable system. Affected deployments span PAN-OS 10.2, 11.1, 11.2, and 12.1 branches as well as Prisma Access; vendor explicitly states Panorama and Cloud NGFW are not impacted, though Cloud NGFW appears in CPE strings - a discrepancy worth verifying. No public exploit identified at time of analysis, EPSS is very low (0.05%, 16th percentile), and SSVC classifies exploitation as none with non-automatable attack patterns, collectively suggesting a patch-cycle priority rather than an emergency response.

Denial Of Service Paloalto Cloud Ngfw +2
NVD VulDB
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Local privilege escalation in Palo Alto Networks Prisma Browser on macOS allows a locally authenticated non-admin user to access an internal automation bridge that was insufficiently restricted, enabling unauthorized commands to be sent to the browser and bypassing built-in security controls. The flaw is tracked as CVE-2026-0237 with a CVSS 4.0 score of 7.3 and no public exploit identified at time of analysis, though SSVC rates the technical impact as total.

Apple Paloalto Authentication Bypass +1
NVD VulDB
EPSS 0% CVSS 7.2
HIGH PATCH This Week

Remote code execution and denial-of-service in Palo Alto Networks PAN-OS software stems from a buffer overflow in the IKEv2 processing path, allowing unauthenticated network attackers to either crash the firewall or run arbitrary code with elevated privileges. The flaw affects multiple PAN-OS branches (11.1.x, 11.2.x, and 12.1.x) while Panorama, Cloud NGFW, and Prisma Access remain unaffected. There is no public exploit identified at time of analysis, EPSS sits at a low 0.06% (19th percentile), and CISA SSVC currently lists exploitation as 'none'.

Memory Corruption RCE Buffer Overflow +5
NVD VulDB
EPSS 0% CVSS 7.2
HIGH PATCH This Week

Heap-based buffer overflow in the DNS proxy and DNS Server features of Palo Alto Networks PAN-OS allows unauthenticated remote attackers to trigger a denial-of-service condition across all PAN-OS platforms (except Cloud NGFW and Prisma Access) and potentially achieve arbitrary code execution on PA-Series hardware appliances via specially crafted network traffic. The flaw is rated CVSS 7.2 with high attack complexity; no public exploit identified at time of analysis and EPSS is 0.07%, but the technical impact is rated total by SSVC.

Heap Overflow RCE Buffer Overflow +5
NVD VulDB
EPSS 0% CVSS 7.2
HIGH PATCH This Week

Authentication bypass in Palo Alto Networks PAN-OS allows unauthenticated network attackers to circumvent authentication controls when the Cloud Authentication Service (CAS) feature is enabled, with the highest risk when CAS is bound to the management interface. The flaw affects PA-Series and VM-Series firewalls as well as Panorama (virtual and M-Series); Cloud NGFW and Prisma Access are not impacted. No public exploit identified at time of analysis, and EPSS rates real-world exploitation probability low at 0.08%, but the high-value target profile and CWE-347 (Improper Verification of Cryptographic Signature) class - combined with the 'Jwt Attack' tag - warrant prompt patching.

Paloalto Authentication Bypass Jwt Attack +3
NVD VulDB
EPSS 15% 5.3 CVSS 9.3
CRITICAL POC KEV PATCH THREAT Act Now

Remote code execution in Palo Alto Networks PAN-OS User-ID Authentication Portal (Captive Portal) allows unauthenticated attackers to execute arbitrary code with root privileges on PA-Series and VM-Series firewalls via specially crafted packets. CISA KEV confirms active exploitation in the wild with publicly available exploit code. EPSS risk assessment is not provided, but the vulnerability achieves maximum impact with minimal attack complexity (CVSS 9.3, AV:N/AC:L/PR:N), making this a critical priority for immediate remediation. The attack surface is significantly reduced when access to the portal is restricted to trusted internal networks per vendor best practices.

Paloalto Memory Corruption Buffer Overflow +1
NVD VulDB GitHub
EPSS 0% CVSS 4.0
MEDIUM PATCH This Month

Cortex XDR agent on Windows versions 7.9-CE through 9.0 allows authenticated local administrators to disable the agent through a protection mechanism bypass, enabling malware to operate undetected. The vulnerability requires high privileges and local access, but creates a critical detection evasion vector when exploited by administratively compromised systems or insider threats. No public exploit code or active exploitation has been reported at time of analysis.

Paloalto Information Disclosure Microsoft +1
NVD VulDB
EPSS 0% CVSS 2.0
LOW PATCH Monitor

Remote code execution in Palo Alto Networks Autonomous Digital Experience Manager on Windows via certificate validation bypass allows unauthenticated attackers with adjacent network access to execute arbitrary code with NT AUTHORITY\SYSTEM privileges. CVSS score is 2.0 but reflects a physical adjacency attack vector (AV:P); real-world risk depends on network topology and whether the manager is exposed on trusted adjacent networks. No public exploit code or active exploitation has been confirmed at time of analysis.

Paloalto RCE Microsoft +1
NVD VulDB
EPSS 0%
Monitor

An information disclosure vulnerability in Palo Alto Networks Cortex XDR® Broker VM allows an authenticated user to obtain and modify sensitive information by triggering live terminal session via Cortex UI and modifying any configuration setting.

Paloalto Information Disclosure
NVD VulDB
EPSS 0%
Monitor

A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on macOS allows a local administrator to disable the agent. This issue could be leveraged by malware to perform malicious activity without detection.

Paloalto macOS
NVD VulDB
EPSS 0%
Monitor

A denial-of-service (DoS) vulnerability in the Advanced DNS Security (ADNS) feature of Palo Alto Networks PAN-OS® software enables an unauthenticated attacker to initiate system reboots using a maliciously crafted packet.

Paloalto DNS
NVD
EPSS 0%
Monitor

An improper certificate validation vulnerability in PAN-OS allows users to connect Terminal Server Agents on Windows to PAN-OS using expired certificates even if the PAN-OS configuration would not normally permit them to do so.

Paloalto Windows
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Unauthenticated remote attackers can crash Palo Alto Networks PAN-OS firewalls through repeated requests, forcing the devices into maintenance mode and causing denial of service. This vulnerability affects Palo Alto firewalls and Prisma Access deployments with no available patch, creating ongoing operational risk. The attack requires no authentication or user interaction and can be exploited over the network.

Paloalto Denial Of Service Pan Os +1
NVD
EPSS 0% CVSS 2.7
LOW Monitor

In Splunk Add-on for Palo Alto Networks versions below 2.0.2, the add-on exposes client secrets in plain text in the _internal index during the addition of new “Data Security Accounts“. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Paloalto
NVD
EPSS 0% CVSS 4.4
MEDIUM Monitor

A sensitive information disclosure vulnerability in Palo Alto Networks Prisma® Browser allows a locally authenticated non-admin user to retrieve sensitive data from Prisma Browser. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Paloalto
NVD
EPSS 0% CVSS 1.1
LOW Monitor

An insufficient policy enforcement vulnerability in Palo Alto Networks Prisma® Browser on Windows allows a locally authenticated non-admin user to bypass the screenshot control feature of the. Rated low severity (CVSS 1.1), this vulnerability is low attack complexity. No vendor patch available.

Paloalto Microsoft Authentication Bypass +1
NVD
EPSS 0% CVSS 1.1
LOW Monitor

An insufficient validation of an untrusted input vulnerability in Palo Alto Networks Prisma® Browser allows a locally authenticated non-admin user to revert the browser’s security controls. Rated low severity (CVSS 1.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Paloalto
NVD
EPSS 0% CVSS 6.6
MEDIUM This Month

A denial-of-service (DoS) vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to reboot a firewall by sending a specially crafted packet through the dataplane. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Paloalto Information Disclosure Microsoft +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Improper input neutralization in Palo Alto Networks PAN-OS management web interface allows authenticated high-privilege administrators to bypass system restrictions and execute arbitrary commands through command injection. The vulnerability affects PAN-OS across multiple versions (specific version ranges not independently confirmed from provided data), with a low EPSS exploitation probability (0.06%, 17th percentile) and no confirmed active exploitation or public proof-of-concept. Risk is significantly reduced when CLI access is restricted to a limited administrator group; Cloud NGFW and Prisma Access are unaffected.

Paloalto RCE Authentication Bypass +2
NVD VulDB
EPSS 0% CVSS 7.2
HIGH This Month

An information exposure vulnerability in the Palo Alto Networks User-ID Credential Agent (Windows-based) can expose the service account password under specific non-default configurations. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Paloalto Microsoft Information Disclosure +1
NVD
EPSS 0% CVSS 2.4
LOW Monitor

A problem with the Palo Alto Networks Cortex XDR Microsoft 365 Defender Pack can result in exposure of user credentials in application logs. Rated low severity (CVSS 2.4), this vulnerability is low attack complexity. No vendor patch available.

Paloalto Microsoft Information Disclosure
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

A credential management flaw in Palo Alto Networks Cortex XDR® Broker VM causes different Broker VM images to share identical default credentials for internal services. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Paloalto Information Disclosure
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

An insufficient certificate validation issue in the Palo Alto Networks GlobalProtect™ app enables attackers to connect the GlobalProtect app to arbitrary servers. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Paloalto Information Disclosure
NVD
EPSS 0% CVSS 5.6
MEDIUM This Month

A problem with the implementation of the MACsec protocol in Palo Alto Networks PAN-OS® results in the cleartext exposure of the connectivity association key (CAK). Rated medium severity (CVSS 5.6), this vulnerability is low attack complexity. No vendor patch available.

Paloalto Information Disclosure
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

A sensitive information disclosure vulnerability in Palo Alto Networks Checkov by Prisma® Cloud can result in the cleartext exposure of Prisma Cloud access keys in Checkov's output. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Paloalto Information Disclosure
NVD
EPSS 0% CVSS 4.8
MEDIUM This Month

An unsafe deserialization vulnerability in Palo Alto Networks Checkov by Prisma® Cloud allows an authenticated user to execute arbitrary code as a non administrative user by scanning a malicious. Rated medium severity (CVSS 4.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Paloalto RCE Deserialization +1
NVD
EPSS 0% CVSS 8.4
HIGH PATCH This Week

CVE-2025-0141 is a security vulnerability (CVSS 8.4) that allows a locally authenticated non administrative user. High severity vulnerability requiring prompt remediation.

Microsoft Google Paloalto +6
NVD
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

CVE-2025-0140 is a security vulnerability (CVSS 6.8) that allows a locally authenticated non administrative user. Remediation should follow standard vulnerability management procedures.

Microsoft Google Paloalto +6
NVD
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

CVE-2025-0139 is a security vulnerability (CVSS 6.3) that allows a locally authenticated low privileged user. Remediation should follow standard vulnerability management procedures.

Paloalto Apple Privilege Escalation +1
NVD
EPSS 0% CVSS 6.0
MEDIUM PATCH This Month

An information disclosure vulnerability in the SD-WAN feature of Palo Alto Networks PAN-OS® software enables an unauthorized user to view unencrypted data sent from the firewall through the SD-WAN interface. This requires the user to be able to intercept packets sent from the firewall. Cloud NGFW and Prisma® Access are not affected by this vulnerability.

Paloalto Information Disclosure
NVD
EPSS 0% CVSS 3.5
LOW PATCH Monitor

An improper access control vulnerability in the Endpoint Traffic Policy Enforcement https://docs.paloaltonetworks.com/globalprotect/6-0/globalprotect-app-new-features/new-features-released-in-gp-app/endpoint-traffic-policy-enforcement feature of the Palo Alto Networks GlobalProtect™ app allows certain packets to remain unencrypted instead of being properly secured within the tunnel. An attacker with physical access to the network can inject rogue devices to intercept these packets. Under normal operating conditions, the GlobalProtect app automatically recovers from this interception within one minute.

Paloalto Code Injection
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

CVE-2025-4232 is an improper neutralization of wildcards vulnerability in Palo Alto Networks GlobalProtect app for macOS that allows non-administrative users to escalate privileges to root through the log collection feature. With a CVSS score of 8.8 and requiring only low complexity remote network access with low privileges, this vulnerability presents a critical privilege escalation risk. The attack requires user interaction only at the network level (not UI) and affects the confidentiality, integrity, and availability of affected systems.

Paloalto Globalprotect macOS +1
NVD
EPSS 0% CVSS 7.2
HIGH PATCH This Week

Command injection vulnerability in Palo Alto Networks PAN-OS that allows an authenticated administrative user to execute arbitrary commands with root privileges. The vulnerability requires network access to the management web interface and successful authentication, making it a post-authentication remote code execution flaw. While the CVSS score of 7.2 is moderately high, the requirement for administrative credentials significantly limits its practical exploitability in most environments.

Paloalto Command Injection Privilege Escalation +1
NVD
EPSS 0% CVSS 8.4
HIGH PATCH This Week

Command injection vulnerability in Palo Alto Networks PAN-OS that allows authenticated administrators with CLI access to bypass system restrictions and execute arbitrary commands with root privileges. The vulnerability affects on-premises PAN-OS deployments with CVSS 8.4, but risk is significantly reduced in environments where CLI access is restricted to a limited administrative group. Cloud NGFW and Prisma Access are not affected.

Paloalto Command Injection RCE +1
NVD
EPSS 0% CVSS 4.6
MEDIUM PATCH This Month

CVE-2025-4228 is a security vulnerability (CVSS 4.6) that allows an authenticated administrative user. Remediation should follow standard vulnerability management procedures.

Paloalto Privilege Escalation
NVD
EPSS 0% CVSS 5.1
MEDIUM PATCH This Month

CVE-2025-4233 is a security vulnerability (CVSS 5.1) that allows users. Remediation should follow standard vulnerability management procedures.

Paloalto Authentication Bypass
NVD
EPSS 0% CVSS 2.0
LOW Monitor

Web sessions in the web interface of Palo Alto Networks Prisma® Cloud Compute Edition do not expire when users are deleted, which makes Prisma Cloud Compute Edition susceptible to unauthorized. Rated low severity (CVSS 2.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Paloalto
NVD
EPSS 0% CVSS 4.8
MEDIUM This Month

An improper input neutralization vulnerability in the management web interface of the Palo Alto Networks PAN-OS® software enables a malicious authenticated read-write administrator to impersonate. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Paloalto
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Using the AES-128-CCM algorithm for IPSec on certain Palo Alto Networks PAN-OS® firewalls (PA-7500, PA-5400, PA-5400f, PA-3400, PA-1600, PA-1400, and PA-400 Series) leads to unencrypted data transfer. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Paloalto
NVD
EPSS 0% CVSS 5.2
MEDIUM This Month

An incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtect™ App on macOS devices enables a locally authenticated non administrative user to disable the app. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Apple Paloalto +7
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

A code injection vulnerability in the Palo Alto Networks Cortex XDR® Broker VM allows an authenticated user to execute arbitrary code with root privileges on the host operating system running Broker. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Paloalto
NVD
EPSS 4% CVSS 2.7
LOW POC Monitor

A reflected cross-site scripting (XSS) vulnerability in the GlobalProtect™ gateway and portal features of Palo Alto Networks PAN-OS® software enables execution of malicious JavaScript in the context. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Paloalto XSS
NVD
EPSS 0% CVSS 6.9
MEDIUM This Month

A missing authentication vulnerability in Palo Alto Networks Cortex XDR® Broker VM allows an unauthenticated user to disable certain internal services on the Broker VM. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Paloalto
NVD
EPSS 0% CVSS 7.1
HIGH This Month

An incorrect privilege management vulnerability in the OPSWAT MetaDefender Endpoint Security SDK used by the Palo Alto Networks GlobalProtect™ app on Windows devices allows a locally authenticated. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Paloalto Privilege Escalation +1
NVD
EPSS 0% CVSS 8.2
HIGH This Week

A missing exception check in Palo Alto Networks PAN-OS® software with the web proxy feature enabled allows an unauthenticated attacker to send a burst of maliciously crafted packets that causes the. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Paloalto
NVD VulDB
EPSS 0% CVSS 9.3
CRITICAL This Week

An improper exception check in Palo Alto Networks Prisma Access Browser allows a low privileged user to prevent Prisma Access Browser from applying it's Policy Rules. Rated critical severity (CVSS 9.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Paloalto
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

A vulnerability in the Palo Alto Networks PAN-OS® software enables unlicensed administrators to view clear-text data captured using the packet capture feature. Rated medium severity (CVSS 5.9), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Paloalto
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

A command injection vulnerability in the Palo Alto Networks Cortex XDR® Broker VM allows an authenticated user to execute arbitrary OS commands with root privileges on the host operating system. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Paloalto
NVD
EPSS 0% CVSS 8.7
HIGH This Week

A denial-of-service (DoS) vulnerability in the Simple Certificate Enrollment Protocol (SCEP) authentication feature of Palo Alto Networks PAN-OS® software enables an unauthenticated attacker to. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Paloalto
NVD
EPSS 0% CVSS 7.1
HIGH This Week

A command injection vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Paloalto
NVD
EPSS 0% CVSS 8.3
HIGH This Week

When configured using SAML, a session fixation vulnerability in the GlobalProtect™ login enables an attacker to impersonate a legitimate authorized user and perform actions as that GlobalProtect. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Session Fixation Paloalto
NVD
EPSS 1% CVSS 6.9
MEDIUM This Month

An improper input neutralization vulnerability in the management web interface of the Palo Alto Networks PAN-OS® software enables a malicious authenticated read-write administrator to impersonate. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Paloalto
NVD
EPSS 1% CVSS 5.1
MEDIUM This Month

An authenticated file deletion vulnerability in the Palo Alto Networks PAN-OS® software enables an authenticated attacker with network access to the management web interface to delete certain files. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Paloalto Pan Os
NVD
EPSS 0% CVSS 5.1
MEDIUM This Month

A denial-of-service (DoS) vulnerability in Palo Alto Networks Prisma® SD-WAN ION devices enables an unauthenticated attacker in a network adjacent to a Prisma SD-WAN ION device to disrupt the packet. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Paloalto Denial Of Service
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

A null pointer dereference vulnerability in the Palo Alto Networks Cortex® XDR agent on Windows devices allows a low-privileged local Windows user to crash the agent. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Null Pointer Dereference Paloalto +2
NVD
EPSS 0% CVSS 7.1
HIGH This Week

A vulnerability with a privilege management mechanism in the Palo Alto Networks GlobalProtect™ app on Windows devices allows a locally authenticated non-administrative Windows user to escalate their. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Paloalto Privilege Escalation +2
NVD
EPSS 0% CVSS 6.0
MEDIUM This Month

A vulnerability in the Palo Alto Networks GlobalProtect app on Windows allows a remote attacker to run ActiveX controls within the context of an authenticated Windows user. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Paloalto +2
NVD
Page 1 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy