Skip to main content

Wildfire Wf 500 And Wf 500 B

1 CVEs product

Monthly

CVE-2026-0259 MEDIUM PATCH This Month

Authenticated file read and delete in Palo Alto Networks WildFire WF-500 and WF-500-B on-premise sandboxing appliances exposes sensitive system information and permits arbitrary file deletion by low-privileged network users. The root cause is CWE-73 (External Control of File Name or Path), where user-supplied input is insufficiently validated before being used to construct file system paths. Exploitation is constrained to appliances running in the default non-FIPS configuration mode; organizations relying solely on the WildFire Public cloud service are not impacted. No public exploit has been identified at time of analysis, consistent with EPSS at 0.05% (16th percentile) and SSVC exploitation status of 'none'.

Paloalto Information Disclosure Wildfire Wf 500 And Wf 500 B
NVD VulDB
CVSS 4.0
5.0
EPSS
0.1%
EPSS 0% CVSS 5.0
MEDIUM PATCH This Month

Authenticated file read and delete in Palo Alto Networks WildFire WF-500 and WF-500-B on-premise sandboxing appliances exposes sensitive system information and permits arbitrary file deletion by low-privileged network users. The root cause is CWE-73 (External Control of File Name or Path), where user-supplied input is insufficiently validated before being used to construct file system paths. Exploitation is constrained to appliances running in the default non-FIPS configuration mode; organizations relying solely on the WildFire Public cloud service are not impacted. No public exploit has been identified at time of analysis, consistent with EPSS at 0.05% (16th percentile) and SSVC exploitation status of 'none'.

Paloalto Information Disclosure Wildfire Wf 500 And Wf 500 B
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy