8
CVEs
1
Critical
1
High
1
KEV
1
PoC
1
Unpatched C/H
37.5%
Patch Rate
1.9%
Avg EPSS
Severity Breakdown
CRITICAL
1
HIGH
1
MEDIUM
1
LOW
1
Monthly CVE Trend
Affected Products (12)
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2026-0300 | Remote code execution in Palo Alto Networks PAN-OS User-ID Authentication Portal (Captive Portal) allows unauthenticated attackers to execute arbitrary code with root privileges on PA-Series and VM-Series firewalls via specially crafted packets. CISA KEV confirms active exploitation in the wild with publicly available exploit code. EPSS risk assessment is not provided, but the vulnerability achieves maximum impact with minimal attack complexity (CVSS 9.3, AV:N/AC:L/PR:N), making this a critical priority for immediate remediation. The attack surface is significantly reduced when access to the portal is restricted to trusted internal networks per vendor best practices. | CRITICAL | 9.3 | 14.9% | 136 |
KEV
PoC
|
| CVE-2026-0227 | Unauthenticated remote attackers can crash Palo Alto Networks PAN-OS firewalls through repeated requests, forcing the devices into maintenance mode and causing denial of service. This vulnerability affects Palo Alto firewalls and Prisma Access deployments with no available patch, creating ongoing operational risk. The attack requires no authentication or user interaction and can be exploited over the network. | HIGH | 7.5 | 0.0% | 38 |
No patch
|
| CVE-2026-0232 | Cortex XDR agent on Windows versions 7.9-CE through 9.0 allows authenticated local administrators to disable the agent through a protection mechanism bypass, enabling malware to operate undetected. The vulnerability requires high privileges and local access, but creates a critical detection evasion vector when exploited by administratively compromised systems or insider threats. No public exploit code or active exploitation has been reported at time of analysis. | MEDIUM | 4.0 | 0.0% | 20 |
|
| CVE-2026-0233 | Remote code execution in Palo Alto Networks Autonomous Digital Experience Manager on Windows via certificate validation bypass allows unauthenticated attackers with adjacent network access to execute arbitrary code with NT AUTHORITY\SYSTEM privileges. CVSS score is 2.0 but reflects a physical adjacency attack vector (AV:P); real-world risk depends on network topology and whether the manager is exposed on trusted adjacent networks. No public exploit code or active exploitation has been confirmed at time of analysis. | LOW | 2.0 | 0.0% | 10 |
|
| CVE-2026-0229 | A denial-of-service (DoS) vulnerability in the Advanced DNS Security (ADNS) feature of Palo Alto Networks PAN-OS® software enables an unauthenticated attacker to initiate system reboots using a maliciously crafted packet. | – | 0.0% | 0 |
No patch
|
|
| CVE-2026-0230 | A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on macOS allows a local administrator to disable the agent. This issue could be leveraged by malware to perform malicious activity without detection. | – | 0.0% | 0 |
No patch
|
|
| CVE-2026-0231 | An information disclosure vulnerability in Palo Alto Networks Cortex XDR® Broker VM allows an authenticated user to obtain and modify sensitive information by triggering live terminal session via Cortex UI and modifying any configuration setting. | – | 0.0% | 0 |
No patch
|
|
| CVE-2026-0228 | An improper certificate validation vulnerability in PAN-OS allows users to connect Terminal Server Agents on Windows to PAN-OS using expired certificates even if the PAN-OS configuration would not normally permit them to do so. | – | 0.0% | 0 |
No patch
|