12
CVEs
0
Critical
1
High
0
KEV
0
PoC
0
Unpatched C/H
100.0%
Patch Rate
0.5%
Avg EPSS
Severity Breakdown
CRITICAL
0
HIGH
1
MEDIUM
5
LOW
6
Monthly CVE Trend
Affected Products (30)
Pan Os
217
Globalprotect
27
Prisma Access
17
Cortex Xdr Agent
15
Windows
13
Cloud Ngfw
12
Expedition
12
Cortex Xsoar
8
macOS
7
Jwt Attack
5
Globalprotect App
4
Android
4
Traps
4
Prisma Browser
4
Chrome
4
Prisma Cloud
3
Terminal Services Agent
3
PHP
2
Globalprotect Uwp App
2
Prisma Sd Wan Ion
2
Fedora
2
Prisma Access Agent
2
Session Fixation
2
Global Protect App
1
Wildfire Wf 500 And Wf 500 B
1
Autonomous Digital Experience Manager
1
Netconnect
1
Python
1
Expedition Migration Tool
1
Broker Vm
1
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2026-0288 | Memory corruption in the User-ID Terminal Server Agent (TSA) of Palo Alto Networks PAN-OS lets an unauthenticated network attacker crash the service (DoS) or potentially execute arbitrary code by sending crafted traffic to the TSA listener. Multiple out-of-bounds write bugs are involved; the vendor's CVSS 4.0 vector flags the exploit as unproven (E:U), and no public exploit has been identified at time of analysis. Panorama is explicitly not affected, and exposure hinges on whether the optional TSA component is deployed and reachable. | HIGH | 7.2 | 0.5% | 37 |
|
| CVE-2026-0287 | Denial of service conditions in Palo Alto Networks PAN-OS allow unauthenticated network attackers to crash firewall dataplane processes by sending specially crafted traffic to or through a dataplane interface. Repeated exploitation escalates the impact: the firewall is forced into maintenance mode, effectively taking the security appliance offline and disrupting all traffic enforcement. No public exploit code has been identified at time of analysis, and Panorama management infrastructure is explicitly confirmed unaffected. | MEDIUM | 6.6 | 0.5% | 34 |
|
| CVE-2026-0286 | Command injection in the Palo Alto Networks PAN-OS management plane allows an authenticated administrator to execute arbitrary OS commands with root privileges on PA-Series, VM-Series, and Panorama appliances. The vulnerability is classified CWE-78 and is reachable via the network-accessible management interface, though the requirement for administrator-level credentials substantially constrains the attacker pool. No public exploit code has been identified at time of analysis, and no active exploitation has been confirmed by CISA KEV. | MEDIUM | 6.0 | 1.1% | 31 |
|
| CVE-2026-0284 | XML injection in Palo Alto Networks PAN-OS Large Scale VPN (LSVPN) exposes unauthenticated remote attackers a path to inject malicious XML content into the LSVPN data pipeline, resulting in information disclosure or corruption of internal satellite configuration data. Only PAN-OS devices with LSVPN actively configured are affected; the vendor explicitly confirms Panorama, Cloud NGFW, and Prisma Access are not in scope. No public exploit has been identified at time of analysis, and the CVSS 4.0 supplemental E:U metric signals exploitation as currently unlikely, though the zero-authentication, network-accessible attack surface demands prompt attention from operators running LSVPN hub deployments. | MEDIUM | 4.7 | 0.5% | 24 |
|
| CVE-2026-0285 | Server-side request forgery in Palo Alto Networks PAN-OS allows an authenticated administrator with access to the management web interface to weaponize the firewall as an unauthorized network relay, making requests to internal services on behalf of the attacker. Exploitation is constrained by the requirement for high-privilege administrator credentials (PR:H) and network reachability to the management interface, substantially limiting the realistic attacker population. No public exploit code or active exploitation has been identified; the vendor's own CVSS 4.0 supplemental metrics rate exploitation status as Unreported (E:U) and urgency as Amber. | MEDIUM | 4.7 | 0.5% | 24 |
|
| CVE-2026-0283 | Authentication bypass in the Large Scale VPN (LSVPN) feature of Palo Alto Networks PAN-OS enables unauthenticated network-adjacent attackers to establish unauthorized site-to-site VPN connections without valid credentials. The root cause is CWE-306 (Missing Authentication for Critical Function), where the LSVPN peer negotiation process fails to enforce authentication before allowing VPN tunnel establishment. While the CVSS 4.0 base score is 4.5, the subsequent-system confidentiality impact is rated High (SC:H), reflecting that a successful bypass grants the attacker routing-level access into networks protected by the VPN - a materially greater risk than the headline score suggests. No public exploit code exists and no active exploitation has been confirmed (CISA KEV not listed, E:U). | MEDIUM | 4.5 | 0.6% | 23 |
|
| CVE-2026-0282 | Unauthenticated file deletion in Palo Alto Networks PAN-OS allows network-reachable attackers to delete files from a temporary directory via the management web interface, affecting PA-Series and VM-Series firewalls and Panorama appliances. Real-world risk is substantially bounded by the vendor's documented best-practice guidance to restrict management interface access to trusted internal IP addresses, which eliminates external attack surface. No public exploit code has been identified, CISA KEV listing is absent, and the vendor-provided CVSS 4.0 score of 2.7 with an E:U supplemental metric reflects no known active exploitation. | LOW | 2.7 | 0.4% | 14 |
|
| CVE-2026-0281 | Web session token theft from PAN-OS management interfaces affects PA-Series and VM-Series firewalls and Panorama deployments, enabling a network-adjacent unauthenticated attacker to hijack authenticated administrator sessions. Exploitation depends on a legitimate management user clicking an attacker-crafted malicious link while an active session exists - a social engineering prerequisite that substantially reduces real-world risk. No public exploit code exists (CVSS 4.0 E:U) and the issue is not listed in CISA KEV; the vendor rates overall CVSS 4.0 severity at 2.1, reflecting these mitigating factors. | LOW | 2.1 | 0.4% | 11 |
|
| CVE-2026-0275 | Privilege escalation in Palo Alto Networks Prisma® Browser on macOS enables a locally authenticated administrator with access to the local filesystem to perform actions at root privilege level. The vulnerability is scoped exclusively to macOS deployments of Prisma Browser - no other platforms or Palo Alto products are implicated per the advisory. No public exploit identified at time of analysis; the CVSS 4.0 base score of 2.0 reflects the substantial exploitation prerequisites that materially constrain real-world risk despite the full-system impact potential at root level. | LOW | 2.0 | 0.1% | 10 |
|
| CVE-2026-0280 | Security policy bypass in Palo Alto Networks PAN-OS exposes protected services behind the firewall to traffic that should be blocked, exploitable by unauthenticated remote attackers via crafted IPv6 packets targeting the dataplane. The CVSS 4.0 score of 1.7 reflects that direct impact on the firewall itself is nil (VC:N/VI:N/VA:N), with only low-severity downstream effect on subsequent systems (SC:L/SI:L), and specific attack conditions must be present (AT:P). No public exploit code exists and no active exploitation has been reported (E:U), though the automatable flag (AU:Y) indicates the attack could in principle be scripted once conditions are met. | LOW | 1.7 | 0.5% | 9 |
|
| CVE-2026-0279 | Multiple stored and reflected cross-site scripting vulnerabilities in PAN-OS expose the User-ID Authentication Portal (Captive Portal), GlobalProtect gateway/portal, and Clientless VPN web interfaces to unauthenticated attackers who can inject and execute arbitrary JavaScript in victim browsers. Affected deployments span PA-Series and VM-Series firewalls and Panorama management platforms; Cloud NGFW is explicitly not affected. No public exploit code exists (CVSS 4.0 E:U), and the vendor states risk is substantially reduced - potentially minimized - when portal and management access is restricted to trusted internal IP ranges per Palo Alto's recommended hardening guidelines. | LOW | 1.3 | 1.2% | 8 |
|
| CVE-2026-0276 | Privilege escalation in Palo Alto Networks Cortex XDR Broker VM permits locally authenticated users to perform operations as the root user within the appliance. The vulnerability is constrained to the Broker VM itself - the CVSS 4.0 vector (SC:N/SI:N/SA:N) confirms no scope change to subsequent or adjacent systems, limiting the blast radius to the VM appliance. No public exploit exists (E:U) and no CISA KEV listing is present; the vendor-assigned CVSS 4.0 score of 1.1 reflects this low-urgency posture. | LOW | 1.1 | 0.1% | 6 |
|