Skip to main content

Paloalto

Vendor security scorecard – 45 CVEs in the selected period

Period: 30d 90d 6m 1y All
Risk 154
45
CVEs
1
Critical
7
High
2
KEV
2
PoC
0
Unpatched C/H
91.1%
Patch Rate
0.5%
Avg EPSS

Severity Breakdown

CRITICAL
1
HIGH
7
MEDIUM
24
LOW
9

Monthly CVE Trend

Top Risky CVEs

CVE Summary Severity CVSS EPSS Priority Signals
CVE-2026-0300 Remote code execution in Palo Alto Networks PAN-OS User-ID Authentication Portal (Captive Portal) allows unauthenticated attackers to execute arbitrary code with root privileges on PA-Series and VM-Series firewalls via specially crafted packets. CISA KEV confirms active exploitation in the wild with publicly available exploit code. EPSS risk assessment is not provided, but the vulnerability achieves maximum impact with minimal attack complexity (CVSS 9.3, AV:N/AC:L/PR:N), making this a critical priority for immediate remediation. The attack surface is significantly reduced when access to the portal is restricted to trusted internal networks per vendor best practices. CRITICAL 9.3 14.9% 136
KEV PoC
CVE-2026-0257 Authentication bypass in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS allows remote attackers to establish unauthorized VPN connections without valid credentials. The flaw is confirmed actively exploited (CISA KEV) and publicly available exploit code exists, though EPSS remains low at 0.05%, suggesting targeted rather than mass exploitation. Panorama and Cloud NGFW deployments are not affected, but PAN-OS firewalls and Prisma Access tenants running vulnerable trains are exposed. HIGH 7.8 0.1% 109
KEV PoC
CVE-2026-0288 Memory corruption in the User-ID Terminal Server Agent (TSA) of Palo Alto Networks PAN-OS lets an unauthenticated network attacker crash the service (DoS) or potentially execute arbitrary code by sending crafted traffic to the TSA listener. Multiple out-of-bounds write bugs are involved; the vendor's CVSS 4.0 vector flags the exploit as unproven (E:U), and no public exploit has been identified at time of analysis. Panorama is explicitly not affected, and exposure hinges on whether the optional TSA component is deployed and reachable. HIGH 7.2 0.5% 37
CVE-2026-0236 Local code injection in Palo Alto Networks Prisma Browser on macOS lets an authenticated non-admin user abuse an exposed AppleScript/Apple Event handler to send unauthorized commands to the browser, with high impact on confidentiality and integrity. No public exploit identified at time of analysis, and EPSS is very low (0.02%), but SSVC rates the technical impact as total once the local foothold exists. Affects all Prisma Browser releases prior to 146.16.6.165 on macOS. HIGH 7.3 0.0% 37
CVE-2026-0237 Local privilege escalation in Palo Alto Networks Prisma Browser on macOS allows a locally authenticated non-admin user to access an internal automation bridge that was insufficiently restricted, enabling unauthorized commands to be sent to the browser and bypassing built-in security controls. The flaw is tracked as CVE-2026-0237 with a CVSS 4.0 score of 7.3 and no public exploit identified at time of analysis, though SSVC rates the technical impact as total. HIGH 7.3 0.0% 37
CVE-2026-0265 Authentication bypass in Palo Alto Networks PAN-OS allows unauthenticated network attackers to circumvent authentication controls when the Cloud Authentication Service (CAS) feature is enabled, with the highest risk when CAS is bound to the management interface. The flaw affects PA-Series and VM-Series firewalls as well as Panorama (virtual and M-Series); Cloud NGFW and Prisma Access are not impacted. No public exploit identified at time of analysis, and EPSS rates real-world exploitation probability low at 0.08%, but the high-value target profile and CWE-347 (Improper Verification of Cryptographic Signature) class - combined with the 'Jwt Attack' tag - warrant prompt patching. HIGH 7.2 0.1% 36
CVE-2026-0264 Heap-based buffer overflow in the DNS proxy and DNS Server features of Palo Alto Networks PAN-OS allows unauthenticated remote attackers to trigger a denial-of-service condition across all PAN-OS platforms (except Cloud NGFW and Prisma Access) and potentially achieve arbitrary code execution on PA-Series hardware appliances via specially crafted network traffic. The flaw is rated CVSS 7.2 with high attack complexity; no public exploit identified at time of analysis and EPSS is 0.07%, but the technical impact is rated total by SSVC. HIGH 7.2 0.1% 36
CVE-2026-0263 Remote code execution and denial-of-service in Palo Alto Networks PAN-OS software stems from a buffer overflow in the IKEv2 processing path, allowing unauthenticated network attackers to either crash the firewall or run arbitrary code with elevated privileges. The flaw affects multiple PAN-OS branches (11.1.x, 11.2.x, and 12.1.x) while Panorama, Cloud NGFW, and Prisma Access remain unaffected. There is no public exploit identified at time of analysis, EPSS sits at a low 0.06% (19th percentile), and CISA SSVC currently lists exploitation as 'none'. HIGH 7.2 0.1% 36
CVE-2026-0287 Denial of service conditions in Palo Alto Networks PAN-OS allow unauthenticated network attackers to crash firewall dataplane processes by sending specially crafted traffic to or through a dataplane interface. Repeated exploitation escalates the impact: the firewall is forced into maintenance mode, effectively taking the security appliance offline and disrupting all traffic enforcement. No public exploit code has been identified at time of analysis, and Panorama management infrastructure is explicitly confirmed unaffected. MEDIUM 6.6 0.5% 34
CVE-2026-0262 Multiple denial-of-service conditions in Palo Alto Networks PAN-OS allow unauthenticated remote attackers to crash or degrade firewall availability by sending specially crafted network traffic, with a high availability impact (VA:H) on the vulnerable system. Affected deployments span PAN-OS 10.2, 11.1, 11.2, and 12.1 branches as well as Prisma Access; vendor explicitly states Panorama and Cloud NGFW are not impacted, though Cloud NGFW appears in CPE strings - a discrepancy worth verifying. No public exploit identified at time of analysis, EPSS is very low (0.05%, 16th percentile), and SSVC classifies exploitation as none with non-automatable attack patterns, collectively suggesting a patch-cycle priority rather than an emergency response. MEDIUM 6.6 0.1% 33
CVE-2026-0286 Command injection in the Palo Alto Networks PAN-OS management plane allows an authenticated administrator to execute arbitrary OS commands with root privileges on PA-Series, VM-Series, and Panorama appliances. The vulnerability is classified CWE-78 and is reachable via the network-accessible management interface, though the requirement for administrator-level credentials substantially constrains the attacker pool. No public exploit code has been identified at time of analysis, and no active exploitation has been confirmed by CISA KEV. MEDIUM 6.0 1.1% 31
CVE-2026-0273 Command injection in Palo Alto Networks PAN-OS enables an authenticated administrator to escape system-enforced restrictions and execute arbitrary OS commands as root via the CLI or Web UI. Affected deployments include PA-Series and VM-Series firewalls and Panorama (virtual and M-Series); Cloud NGFW and Prisma Access are explicitly excluded per the vendor advisory. No public exploit has been identified at time of analysis, and the CVSS 4.0 score of 6.1 accurately reflects the significant mitigating factor of requiring high-privilege administrative access before exploitation is possible. MEDIUM 6.1 0.3% 31
CVE-2026-0261 Multiple command injection vulnerabilities in Palo Alto Networks PAN-OS allow an authenticated administrator to escape system restrictions and execute arbitrary commands with root-level privileges on affected firewalls and Panorama management platforms. Affected deployments include PA-Series and VM-Series firewalls and Panorama (virtual and M-Series appliances) across PAN-OS versions 10.2, 11.1, 11.2, and 12.1. An attacker who already holds administrative credentials and can reach the CLI or Web UI can leverage these flaws to fully compromise the underlying OS. No public exploit code exists and no KEV listing is present at time of analysis, consistent with the very low EPSS score of 0.08% (24th percentile). MEDIUM 6.1 0.1% 31
CVE-2026-0272 Privilege escalation in Palo Alto Networks PAN-OS on PA-Series and VM-Series firewalls and Panorama appliances allows an authenticated CLI administrator to perform operations at the root OS level, bypassing intended privilege boundaries through a missing authorization control (CWE-862). The risk is substantially gated by the requirement for existing administrative CLI access (CVSS PR:H), making insider threats and compromised admin credentials the primary real-world attack paths. No public exploits or confirmed active exploitation have been identified at time of analysis, and the vendor's own E:U supplemental metric reinforces the low exploitation urgency - though root-level OS access to a firewall represents a severe impact if the prerequisite is met. MEDIUM 6.0 0.0% 30
CVE-2026-0271 Privilege escalation in Palo Alto Networks Prisma Access Agent on Linux allows a locally authenticated low-privileged user to execute arbitrary code with elevated privileges, achieving full confidentiality, integrity, and availability compromise of the affected system. The vulnerability is rooted in CWE-732 (Incorrect Permission Assignment for Critical Resource) and is strictly scoped to Linux deployments - the Windows, macOS, iOS, Android, and ChromeOS agent variants are confirmed unaffected by the vendor. No public exploit code has been identified at time of analysis, and the CVSS 4.0 supplemental metric E:U (Exploitation Unlikely) further tempers immediate mass-exploitation risk, though the complete local system impact warrants timely patching for multi-user Linux environments. MEDIUM 5.9 0.0% 30

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy