| 7.2 | CVE-2026-0288
PAN-OS: Buffer Overflow Vulnerabilities in User-ID Terminal Server Agent | Cloud NGFW PAN-OS 12.1 PAN-OS 11.2 PAN-OS 11.1 PAN-OS 10.2 Prisma Access 11.2.0 Prisma Access 10.2.0 | None on AWS, None on Azure < 12.1.4-h8, < 12.1.7-h2, < 12.1.8 < 11.2.4-h20, < 11.2.7-h18, < 11.2.10-h12, < 11.2.13 < 11.1.4-h35, < 11.1.6-h35, < 11.1.7-h8, < 11.1.10-h30, < 11.1.13-h9, < 11.1.16 < 10.2.7-h36, < 10.2.10-h39, < 10.2.13-h23, < 10.2.16-h9, < 10.2.18-h8 < 11.2.7-h18* < 10.2.10-h39* | All on AWS, All on Azure unless you have been contacted by Palo Alto Networks >= 12.1.4-h8, >= 12.1.7-h2, >= 12.1.8 >= 11.2.4-h20, >= 11.2.7-h18, >= 11.2.10-h12, >= 11.2.13 >= 11.1.4-h35, >= 11.1.6-h35, >= 11.1.7-h8, >= 11.1.10-h30, >= 11.1.13-h9, >= 11.1.16 >= 10.2.7-h36, >= 10.2.10-h39, >= 10.2.13-h23, >= 10.2.16-h9, >= 10.2.18-h8 >= 11.2.7-h18* >= 10.2.10-h39* | 2026-07-08 | 2026-07-08 |
| 6.6 | CVE-2026-0287
PAN-OS: Denial of Service Vulnerabilities in Network Traffic Processing | Cloud NGFW PAN-OS 12.1 PAN-OS 11.2 PAN-OS 11.1 PAN-OS 10.2 Prisma Access 11.2.0 Prisma Access 10.2.0 | All on AWS, All on Azure < 12.1.4-h8, < 12.1.7-h2, < 12.1.8 < 11.2.4-h20, < 11.2.7-h18, < 11.2.10-h12, < 11.2.13 < 11.1.4-h35, < 11.1.6-h35, < 11.1.7-h8, < 11.1.10-h30, < 11.1.13-h9, < 11.1.16 < 10.2.7-h36, < 10.2.10-h39, < 10.2.13-h23, < 10.2.16-h9, < 10.2.18-h8 < 11.2.7-h18* < 10.2.10-h39* | None on AWS, None on Azure >= 12.1.4-h8, >= 12.1.7-h2, >= 12.1.8 >= 11.2.4-h20, >= 11.2.7-h18, >= 11.2.10-h12, >= 11.2.13 >= 11.1.4-h35, >= 11.1.6-h35, >= 11.1.7-h8, >= 11.1.10-h30, >= 11.1.13-h9, >= 11.1.16 >= 10.2.7-h36, >= 10.2.10-h39, >= 10.2.13-h23, >= 10.2.16-h9, >= 10.2.18-h8 >= 11.2.7-h18* >= 10.2.10-h39* | 2026-07-08 | 2026-07-08 |
| 6 | CVE-2026-0286
PAN-OS: Authenticated Command Injection in CLI | Cloud NGFW PAN-OS 12.1 PAN-OS 11.2 PAN-OS 11.1 PAN-OS 10.2 Prisma Access | None < 12.1.4-h8, < 12.1.7-h2, < 12.1.8 < 11.2.4-h20, < 11.2.7-h18, < 11.2.10-h11, < 11.2.13 < 11.1.4-h35, < 11.1.6-h35, < 11.1.7-h8, < 11.1.10-h30, < 11.1.13-h9, < 11.1.16 < 10.2.7-h36, < 10.2.10-h39, < 10.2.13-h23, < 10.2.16-h9, < 10.2.18-h8 None | All >= 12.1.4-h8, >= 12.1.7-h2, >= 12.1.8 >= 11.2.4-h20, >= 11.2.7-h18, >= 11.2.10-h11, >= 11.2.13 >= 11.1.4-h35, >= 11.1.6-h35, >= 11.1.7-h8, >= 11.1.10-h30, >= 11.1.13-h9, >= 11.1.16 >= 10.2.7-h36, >= 10.2.10-h39, >= 10.2.13-h23, >= 10.2.16-h9, >= 10.2.18-h8 All | 2026-07-08 | 2026-07-08 |
| 4.7 | CVE-2026-0285
PAN-OS: Server-Side Request Forgery Vulnerability in Management Web Interface | Cloud NGFW PAN-OS 12.1 PAN-OS 11.2 PAN-OS 11.1 PAN-OS 10.2 Prisma Access | None < 12.1.4-h8, < 12.1.7-h2, < 12.1.8 < 11.2.4-h20, < 11.2.7-h18, < 11.2.10-h11, < 11.2.13 < 11.1.4-h35, < 11.1.6-h35, < 11.1.7-h8, < 11.1.10-h30, < 11.1.13-h9, < 11.1.16 < 10.2.7-h36, < 10.2.10-h39, < 10.2.13-h23, < 10.2.16-h9, < 10.2.18-h8 None | All >= 12.1.4-h8, >= 12.1.7-h2, >= 12.1.8 >= 11.2.4-h20, >= 11.2.7-h18, >= 11.2.10-h11, >= 11.2.13 >= 11.1.4-h35, >= 11.1.6-h35, >= 11.1.7-h8, >= 11.1.10-h30, >= 11.1.13-h9, >= 11.1.16 >= 10.2.7-h36, >= 10.2.10-h39, >= 10.2.13-h23, >= 10.2.16-h9, >= 10.2.18-h8 All | 2026-07-08 | 2026-07-08 |
| 4.7 | CVE-2026-0284
PAN-OS: XML Injection Vulnerability in Large Scale VPN (LSVPN) | Cloud NGFW PAN-OS 12.1 PAN-OS 11.2 PAN-OS 11.1 PAN-OS 10.2 Prisma Access | None < 12.1.4-h8, < 12.1.7-h2, < 12.1.8 < 11.2.4-h20, < 11.2.7-h18, < 11.2.10-h12, < 11.2.13 < 11.1.4-h35, < 11.1.6-h35, < 11.1.7-h8, < 11.1.10-h30, < 11.1.13-h9, < 11.1.16 < 10.2.7-h36, < 10.2.10-h39, < 10.2.13-h23, < 10.2.16-h9, < 10.2.18-h8 None | All >= 12.1.4-h8, >= 12.1.7-h2, >= 12.1.8 >= 11.2.4-h20, >= 11.2.7-h18, >= 11.2.10-h12, >= 11.2.13 >= 11.1.4-h35, >= 11.1.6-h35, >= 11.1.7-h8, >= 11.1.10-h30, >= 11.1.13-h9, >= 11.1.16 >= 10.2.7-h36, >= 10.2.10-h39, >= 10.2.13-h23, >= 10.2.16-h9, >= 10.2.18-h8 All | 2026-07-08 | 2026-07-08 |
| 4.5 | CVE-2026-0283
PAN-OS: Authentication Bypass Vulnerability in Large Scale VPN (LSVPN) | Cloud NGFW PAN-OS 12.1 PAN-OS 11.2 PAN-OS 11.1 PAN-OS 10.2 Prisma Access | None < 12.1.4-h8, < 12.1.7-h2, < 12.1.8 < 11.2.4-h20, < 11.2.7-h18, < 11.2.10-h12, < 11.2.13 < 11.1.4-h35, < 11.1.6-h35, < 11.1.7-h8, < 11.1.10-h30, < 11.1.13-h9, < 11.1.16 < 10.2.7-h36, < 10.2.10-h39, < 10.2.13-h23, < 10.2.16-h9, < 10.2.18-h8 None | All >= 12.1.4-h8, >= 12.1.7-h2, >= 12.1.8 >= 11.2.4-h20, >= 11.2.7-h18, >= 11.2.10-h12, >= 11.2.13 >= 11.1.4-h35, >= 11.1.6-h35, >= 11.1.7-h8, >= 11.1.10-h30, >= 11.1.13-h9, >= 11.1.16 >= 10.2.7-h36, >= 10.2.10-h39, >= 10.2.13-h23, >= 10.2.16-h9, >= 10.2.18-h8 All | 2026-07-08 | 2026-07-08 |
| 2.7 | CVE-2026-0282
PAN-OS: File Deletion Vulnerability in Management Web Interface | Cloud NGFW PAN-OS 12.1 PAN-OS 11.2 PAN-OS 11.1 PAN-OS 10.2 Prisma Access | None < 12.1.8 < 11.2.13 < 11.1.16 All None | All >= 12.1.8 >= 11.2.13 >= 11.1.16 None All | 2026-07-08 | 2026-07-08 |
| 2.1 | CVE-2026-0281
PAN-OS: Information Disclosure Vulnerability in Management Web Interface | Cloud NGFW PAN-OS 12.1 PAN-OS 11.2 PAN-OS 11.1 PAN-OS 10.2 Prisma Access | None < 12.1.8 < 11.2.13 < 11.1.16 All None | All >= 12.1.8 >= 11.2.13 >= 11.1.16 None All | 2026-07-08 | 2026-07-08 |
| 1.7 | CVE-2026-0280
PAN-OS: IPv6 Firewall Policy Bypass | Cloud NGFW PAN-OS 12.1 PAN-OS 11.2 PAN-OS 11.1 PAN-OS 10.2 Panorama Prisma Access 11.2.0 Prisma Access 10.2.0 | None < 12.1.4-h8, < 12.1.7-h2, < 12.1.8 < 11.2.4-h20, < 11.2.7-h18, < 11.2.10-h11, < 11.2.13 < 11.1.4-h35, < 11.1.6-h35, < 11.1.7-h8, < 11.1.10-h30, < 11.1.13-h9, < 11.1.16 < 10.2.7-h36, < 10.2.10-h39, < 10.2.13-h23, < 10.2.16-h9, < 10.2.18-h8 None < 11.2.7-h18* < 10.2.10-h39* | All >= 12.1.4-h8, >= 12.1.7-h2, >= 12.1.8 >= 11.2.4-h20, >= 11.2.7-h18, >= 11.2.10-h11, >= 11.2.13 >= 11.1.4-h35, >= 11.1.6-h35, >= 11.1.7-h8, >= 11.1.10-h30, >= 11.1.13-h9, >= 11.1.16 >= 10.2.7-h36, >= 10.2.10-h39, >= 10.2.13-h23, >= 10.2.16-h9, >= 10.2.18-h8 All >= 11.2.7-h18* >= 10.2.10-h39* | 2026-07-08 | 2026-07-08 |
| 1.3 | CVE-2026-0279
PAN-OS: Multiple Cross-Site Scripting (XSS) Vulnerabilities | Cloud NGFW PAN-OS 12.1 PAN-OS 11.2 PAN-OS 11.1 PAN-OS 10.2 Prisma Access 12.1 Prisma Access 11.2 Prisma Access 10.2 | None < 12.1.8 < 11.2.13 < 11.1.16 All < 12.1.8* All* All* | All >= 12.1.8 >= 11.2.13 >= 11.1.16 None >= 12.1.8* None* None* | 2026-07-08 | 2026-07-08 |
| 5.7 | CVE-2026-0277
Prisma Access Agent: Improper Certificate Validation on iOS | Prisma Access Agent Prisma Access Agent 0 | None on Linux, None on Windows, None on macOS, None on Android, None on ChromeOS < 26.2.1 on iOS | All on Linux, All on Windows, All on macOS, All on Android, All on ChromeOS >= 26.2.1 on iOS | 2026-07-08 | 2026-07-08 |
| 1.1 | CVE-2026-0276
Cortex XDR Broker VM: Privilege Escalation (PE) Vulnerability | Cortex XDR Broker VM 20.0.96 | | | 2026-07-08 | 2026-07-08 |
| 7.2 | PAN-SA-2026-0010
Chromium and Prisma Browser: Monthly Vulnerability Update (July 2026) | | | | 2026-07-08 | 2026-07-08 |
| 8.1 | CVE-2026-0274
Cortex XSOAR: Improper Validation of Credentials in CommvaultSecurityIQ integration | Cortex XSIAM CommvaultSecurityIQ Marketplace 1.1.0 Cortex XSOAR CommvaultSecurityIQ Marketplace 1.1.0 | | | 2026-06-10 | 2026-06-10 |
| 6.1 | CVE-2026-0273
PAN-OS: Authenticated Admin Command Injection Vulnerability via CLI or Web UI | Cloud NGFW PAN-OS 12.1 PAN-OS 11.2 PAN-OS 11.1 PAN-OS 10.2 Prisma Access | None < 12.1.4-h7, < 12.1.7 < 11.2.4-h18, < 11.2.7-h16, < 11.2.10-h9, < 11.2.12 < 11.1.4-h34, < 11.1.6-h33, < 11.1.7-h7, < 11.1.10-h27, < 11.1.13-h7, < 11.1.15 < 10.2.7-h35, < 10.2.10-h37, < 10.2.13-h22, < 10.2.16-h8, < 10.2.18-h7 None | All >= 12.1.4-h7, >= 12.1.7 >= 11.2.4-h18, >= 11.2.7-h16, >= 11.2.10-h9, >= 11.2.12 >= 11.1.4-h34, >= 11.1.6-h33, >= 11.1.7-h7, >= 11.1.10-h27, >= 11.1.13-h7, >= 11.1.15 >= 10.2.7-h35, >= 10.2.10-h37, >= 10.2.13-h22, >= 10.2.16-h8, >= 10.2.18-h7 All | 2026-06-10 | 2026-06-11 |
| 6 | CVE-2026-0272
PAN-OS: Privilege Escalation (PE) Vulnerability in the Command Line Interface (CLI) | Cloud NGFW PAN-OS 12.1 PAN-OS 11.2 PAN-OS 11.1 PAN-OS 10.2 Prisma Access | None < 12.1.4-h7, < 12.1.5 < 11.2.4-h18, < 11.2.7-h16, < 11.2.10-h9, < 11.2.11 < 11.1.4-h34, < 11.1.6-h33, < 11.1.7-h7, < 11.1.10-h27, < 11.1.13-h7, < 11.1.14 < 10.2.7-h35, < 10.2.10-h37, < 10.2.13-h22, < 10.2.16-h8, < 10.2.18-h5 None | All >= 12.1.4-h7, >= 12.1.5 >= 11.2.4-h18, >= 11.2.7-h16, >= 11.2.10-h9, >= 11.2.11 >= 11.1.4-h34, >= 11.1.6-h33, >= 11.1.7-h7, >= 11.1.10-h27, >= 11.1.13-h7, >= 11.1.14 >= 10.2.7-h35, >= 10.2.10-h37, >= 10.2.13-h22, >= 10.2.16-h8, >= 10.2.18-h5 All | 2026-06-10 | 2026-06-10 |
| 5.9 | CVE-2026-0271
Prisma Access Agent: Local Privilege Escalation by Authorized Users | Prisma Access Agent Prisma Access Agent | None on macOS, None on Windows, None on iOS, None on Android, None on Chrome OS < 26.2.1 on Linux | All on macOS, All on Windows, All on iOS, All on Android, All on Chrome OS >= 26.2.1 on Linux | 2026-06-10 | 2026-06-10 |
| 4.8 | CVE-2026-0270
Cortex XSOAR: Path Traversal Vulnerability | Cortex XSOAR 8.13 Cortex XSOAR 8.12 Cortex XSOAR 8.11 Cortex XSOAR 8.10 Cortex XSOAR 6.14 Cortex XSOAR 6.13 Cortex XSOAR 6.12 | < 8.13.0.11 on Linux All All All None None None | >= 8.13.0.11 on Linux None None None All All All | 2026-06-10 | 2026-06-10 |
| 4.6 | CVE-2026-0269
PAN-OS: Denial of Service (DoS) in Tunnel Traffic Processing | Cloud NGFW PAN-OS 12.1 PAN-OS 11.2 PAN-OS 11.1 PAN-OS 10.2 Panorama Prisma Access | None < 12.1.4-h5, < 12.1.5 < 11.2.4-h17, < 11.2.7-h4, < 11.2.10 < 11.1.4-h33, < 11.1.6-h21, < 11.1.10-h7, < 11.1.12 < 10.2.7-h34, < 10.2.10-h36, < 10.2.13-h21, < 10.2.16-h6, < 10.2.18 None None | All >= 12.1.4-h5, >= 12.1.5 >= 11.2.4-h17, >= 11.2.7-h4, >= 11.2.10 >= 11.1.4-h33, >= 11.1.6-h21, >= 11.1.10-h7, >= 11.1.12 >= 10.2.7-h34, >= 10.2.10-h36, >= 10.2.13-h21, >= 10.2.16-h6, >= 10.2.18 All All | 2026-06-10 | 2026-06-10 |
| 4.4 | CVE-2026-0268
Prisma Access Agent: Local Authenticated VPN Enforcement Bypass on Linux | Prisma Access Agent Prisma Access Agent | None on Windows, None on macOS, None on iOS, None on Android, None on Chrome OS < 26.2.1 on Linux | All on Windows, All on macOS, All on iOS, All on Android, All on Chrome OS >= 26.2.1 on Linux | 2026-06-10 | 2026-06-10 |
| 4.4 | CVE-2026-0267
GlobalProtect App: Information Exposure Vulnerability on macOS | GlobalProtect App GlobalProtect App 6.3 GlobalProtect App 6.2 GlobalProtect UWP App | None on Windows, Linux, iOS, Android, Chrome OS < 6.3.3-h1 on macOS < 6.2.8-h2 on macOS None | All on Windows, Linux, iOS, Android, Chrome OS >= 6.3.3-h1 on macOS >= 6.2.8-h2 on macOS All | 2026-06-10 | 2026-06-10 |
| 1.1 | CVE-2026-0266
PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the Web Interface | Cloud NGFW PAN-OS 12.1 PAN-OS 11.2 PAN-OS 11.1 PAN-OS 10.2 Prisma Access | None < 12.1.5 < 11.2.11 < 11.1.14 All None | All >= 12.1.5 >= 11.2.11 >= 11.1.14 None All | 2026-06-10 | 2026-06-10 |
| 8.4 | PAN-SA-2026-0008
Chromium: Monthly Vulnerability Update (June 2026) | | | | 2026-06-10 | 2026-06-10 |
| i | PAN-SA-2026-0009
Informational Bulletin: Impact assessment of OSS CVEs in Prisma SD-WAN ION | | | | 2026-06-10 | 2026-06-10 |
| 7.2 | CVE-2026-0265
PAN-OS: Authentication Bypass with Cloud Authentication Service (CAS) enabled | Cloud NGFW PAN-OS 12.1 PAN-OS 11.2 PAN-OS 11.1 PAN-OS 10.2 Prisma Access | None < 12.1.4-h5, < 12.1.7 < 11.2.4-h17, < 11.2.7-h13, < 11.2.10-h6, < 11.2.12 < 11.1.4-h33, < 11.1.6-h32, < 11.1.7-h6, < 11.1.10-h25, < 11.1.13-h5, < 11.1.15 < 10.2.7-h34, < 10.2.10-h36, < 10.2.13-h21, < 10.2.16-h7, < 10.2.18-h6 None | All >= 12.1.4-h5, >= 12.1.7 >= 11.2.4-h17, >= 11.2.7-h13, >= 11.2.10-h6, >= 11.2.12 >= 11.1.4-h33, >= 11.1.6-h32, >= 11.1.7-h6, >= 11.1.10-h25, >= 11.1.13-h5, >= 11.1.15 >= 10.2.7-h34, >= 10.2.10-h36, >= 10.2.13-h21, >= 10.2.16-h7, >= 10.2.18-h6 All | 2026-05-13 | 2026-05-28 |