Palo Alto Networks Security Advisories

1 - 25 of 551
VersionsAffectedUnaffected
7.2CVE-2026-0288 PAN-OS: Buffer Overflow Vulnerabilities in User-ID Terminal Server Agent
Cloud NGFW
PAN-OS 12.1
PAN-OS 11.2
PAN-OS 11.1
PAN-OS 10.2
Prisma Access 11.2.0
Prisma Access 10.2.0
None on AWS, None on Azure
< 12.1.4-h8, < 12.1.7-h2, < 12.1.8
< 11.2.4-h20, < 11.2.7-h18, < 11.2.10-h12, < 11.2.13
< 11.1.4-h35, < 11.1.6-h35, < 11.1.7-h8, < 11.1.10-h30, < 11.1.13-h9, < 11.1.16
< 10.2.7-h36, < 10.2.10-h39, < 10.2.13-h23, < 10.2.16-h9, < 10.2.18-h8
< 11.2.7-h18*
< 10.2.10-h39*
All on AWS, All on Azure unless you have been contacted by Palo Alto Networks
>= 12.1.4-h8, >= 12.1.7-h2, >= 12.1.8
>= 11.2.4-h20, >= 11.2.7-h18, >= 11.2.10-h12, >= 11.2.13
>= 11.1.4-h35, >= 11.1.6-h35, >= 11.1.7-h8, >= 11.1.10-h30, >= 11.1.13-h9, >= 11.1.16
>= 10.2.7-h36, >= 10.2.10-h39, >= 10.2.13-h23, >= 10.2.16-h9, >= 10.2.18-h8
>= 11.2.7-h18*
>= 10.2.10-h39*
2026-07-082026-07-08
6.6CVE-2026-0287 PAN-OS: Denial of Service Vulnerabilities in Network Traffic Processing
Cloud NGFW
PAN-OS 12.1
PAN-OS 11.2
PAN-OS 11.1
PAN-OS 10.2
Prisma Access 11.2.0
Prisma Access 10.2.0
All on AWS, All on Azure
< 12.1.4-h8, < 12.1.7-h2, < 12.1.8
< 11.2.4-h20, < 11.2.7-h18, < 11.2.10-h12, < 11.2.13
< 11.1.4-h35, < 11.1.6-h35, < 11.1.7-h8, < 11.1.10-h30, < 11.1.13-h9, < 11.1.16
< 10.2.7-h36, < 10.2.10-h39, < 10.2.13-h23, < 10.2.16-h9, < 10.2.18-h8
< 11.2.7-h18*
< 10.2.10-h39*
None on AWS, None on Azure
>= 12.1.4-h8, >= 12.1.7-h2, >= 12.1.8
>= 11.2.4-h20, >= 11.2.7-h18, >= 11.2.10-h12, >= 11.2.13
>= 11.1.4-h35, >= 11.1.6-h35, >= 11.1.7-h8, >= 11.1.10-h30, >= 11.1.13-h9, >= 11.1.16
>= 10.2.7-h36, >= 10.2.10-h39, >= 10.2.13-h23, >= 10.2.16-h9, >= 10.2.18-h8
>= 11.2.7-h18*
>= 10.2.10-h39*
2026-07-082026-07-08
6CVE-2026-0286 PAN-OS: Authenticated Command Injection in CLI
Cloud NGFW
PAN-OS 12.1
PAN-OS 11.2
PAN-OS 11.1
PAN-OS 10.2
Prisma Access
None
< 12.1.4-h8, < 12.1.7-h2, < 12.1.8
< 11.2.4-h20, < 11.2.7-h18, < 11.2.10-h11, < 11.2.13
< 11.1.4-h35, < 11.1.6-h35, < 11.1.7-h8, < 11.1.10-h30, < 11.1.13-h9, < 11.1.16
< 10.2.7-h36, < 10.2.10-h39, < 10.2.13-h23, < 10.2.16-h9, < 10.2.18-h8
None
All
>= 12.1.4-h8, >= 12.1.7-h2, >= 12.1.8
>= 11.2.4-h20, >= 11.2.7-h18, >= 11.2.10-h11, >= 11.2.13
>= 11.1.4-h35, >= 11.1.6-h35, >= 11.1.7-h8, >= 11.1.10-h30, >= 11.1.13-h9, >= 11.1.16
>= 10.2.7-h36, >= 10.2.10-h39, >= 10.2.13-h23, >= 10.2.16-h9, >= 10.2.18-h8
All
2026-07-082026-07-08
4.7CVE-2026-0285 PAN-OS: Server-Side Request Forgery Vulnerability in Management Web Interface
Cloud NGFW
PAN-OS 12.1
PAN-OS 11.2
PAN-OS 11.1
PAN-OS 10.2
Prisma Access
None
< 12.1.4-h8, < 12.1.7-h2, < 12.1.8
< 11.2.4-h20, < 11.2.7-h18, < 11.2.10-h11, < 11.2.13
< 11.1.4-h35, < 11.1.6-h35, < 11.1.7-h8, < 11.1.10-h30, < 11.1.13-h9, < 11.1.16
< 10.2.7-h36, < 10.2.10-h39, < 10.2.13-h23, < 10.2.16-h9, < 10.2.18-h8
None
All
>= 12.1.4-h8, >= 12.1.7-h2, >= 12.1.8
>= 11.2.4-h20, >= 11.2.7-h18, >= 11.2.10-h11, >= 11.2.13
>= 11.1.4-h35, >= 11.1.6-h35, >= 11.1.7-h8, >= 11.1.10-h30, >= 11.1.13-h9, >= 11.1.16
>= 10.2.7-h36, >= 10.2.10-h39, >= 10.2.13-h23, >= 10.2.16-h9, >= 10.2.18-h8
All
2026-07-082026-07-08
4.7CVE-2026-0284 PAN-OS: XML Injection Vulnerability in Large Scale VPN (LSVPN)
Cloud NGFW
PAN-OS 12.1
PAN-OS 11.2
PAN-OS 11.1
PAN-OS 10.2
Prisma Access
None
< 12.1.4-h8, < 12.1.7-h2, < 12.1.8
< 11.2.4-h20, < 11.2.7-h18, < 11.2.10-h12, < 11.2.13
< 11.1.4-h35, < 11.1.6-h35, < 11.1.7-h8, < 11.1.10-h30, < 11.1.13-h9, < 11.1.16
< 10.2.7-h36, < 10.2.10-h39, < 10.2.13-h23, < 10.2.16-h9, < 10.2.18-h8
None
All
>= 12.1.4-h8, >= 12.1.7-h2, >= 12.1.8
>= 11.2.4-h20, >= 11.2.7-h18, >= 11.2.10-h12, >= 11.2.13
>= 11.1.4-h35, >= 11.1.6-h35, >= 11.1.7-h8, >= 11.1.10-h30, >= 11.1.13-h9, >= 11.1.16
>= 10.2.7-h36, >= 10.2.10-h39, >= 10.2.13-h23, >= 10.2.16-h9, >= 10.2.18-h8
All
2026-07-082026-07-08
4.5CVE-2026-0283 PAN-OS: Authentication Bypass Vulnerability in Large Scale VPN (LSVPN)
Cloud NGFW
PAN-OS 12.1
PAN-OS 11.2
PAN-OS 11.1
PAN-OS 10.2
Prisma Access
None
< 12.1.4-h8, < 12.1.7-h2, < 12.1.8
< 11.2.4-h20, < 11.2.7-h18, < 11.2.10-h12, < 11.2.13
< 11.1.4-h35, < 11.1.6-h35, < 11.1.7-h8, < 11.1.10-h30, < 11.1.13-h9, < 11.1.16
< 10.2.7-h36, < 10.2.10-h39, < 10.2.13-h23, < 10.2.16-h9, < 10.2.18-h8
None
All
>= 12.1.4-h8, >= 12.1.7-h2, >= 12.1.8
>= 11.2.4-h20, >= 11.2.7-h18, >= 11.2.10-h12, >= 11.2.13
>= 11.1.4-h35, >= 11.1.6-h35, >= 11.1.7-h8, >= 11.1.10-h30, >= 11.1.13-h9, >= 11.1.16
>= 10.2.7-h36, >= 10.2.10-h39, >= 10.2.13-h23, >= 10.2.16-h9, >= 10.2.18-h8
All
2026-07-082026-07-08
2.7CVE-2026-0282 PAN-OS: File Deletion Vulnerability in Management Web Interface
Cloud NGFW
PAN-OS 12.1
PAN-OS 11.2
PAN-OS 11.1
PAN-OS 10.2
Prisma Access
None
< 12.1.8
< 11.2.13
< 11.1.16
All
None
All
>= 12.1.8
>= 11.2.13
>= 11.1.16
None
All
2026-07-082026-07-08
2.1CVE-2026-0281 PAN-OS: Information Disclosure Vulnerability in Management Web Interface
Cloud NGFW
PAN-OS 12.1
PAN-OS 11.2
PAN-OS 11.1
PAN-OS 10.2
Prisma Access
None
< 12.1.8
< 11.2.13
< 11.1.16
All
None
All
>= 12.1.8
>= 11.2.13
>= 11.1.16
None
All
2026-07-082026-07-08
1.7CVE-2026-0280 PAN-OS: IPv6 Firewall Policy Bypass
Cloud NGFW
PAN-OS 12.1
PAN-OS 11.2
PAN-OS 11.1
PAN-OS 10.2
Panorama
Prisma Access 11.2.0
Prisma Access 10.2.0
None
< 12.1.4-h8, < 12.1.7-h2, < 12.1.8
< 11.2.4-h20, < 11.2.7-h18, < 11.2.10-h11, < 11.2.13
< 11.1.4-h35, < 11.1.6-h35, < 11.1.7-h8, < 11.1.10-h30, < 11.1.13-h9, < 11.1.16
< 10.2.7-h36, < 10.2.10-h39, < 10.2.13-h23, < 10.2.16-h9, < 10.2.18-h8
None
< 11.2.7-h18*
< 10.2.10-h39*
All
>= 12.1.4-h8, >= 12.1.7-h2, >= 12.1.8
>= 11.2.4-h20, >= 11.2.7-h18, >= 11.2.10-h11, >= 11.2.13
>= 11.1.4-h35, >= 11.1.6-h35, >= 11.1.7-h8, >= 11.1.10-h30, >= 11.1.13-h9, >= 11.1.16
>= 10.2.7-h36, >= 10.2.10-h39, >= 10.2.13-h23, >= 10.2.16-h9, >= 10.2.18-h8
All
>= 11.2.7-h18*
>= 10.2.10-h39*
2026-07-082026-07-08
1.3CVE-2026-0279 PAN-OS: Multiple Cross-Site Scripting (XSS) Vulnerabilities
Cloud NGFW
PAN-OS 12.1
PAN-OS 11.2
PAN-OS 11.1
PAN-OS 10.2
Prisma Access 12.1
Prisma Access 11.2
Prisma Access 10.2
None
< 12.1.8
< 11.2.13
< 11.1.16
All
< 12.1.8*
All*
All*
All
>= 12.1.8
>= 11.2.13
>= 11.1.16
None
>= 12.1.8*
None*
None*
2026-07-082026-07-08
5.7CVE-2026-0277 Prisma Access Agent: Improper Certificate Validation on iOS
Prisma Access Agent
Prisma Access Agent 0
None on Linux, None on Windows, None on macOS, None on Android, None on ChromeOS
< 26.2.1 on iOS
All on Linux, All on Windows, All on macOS, All on Android, All on ChromeOS
>= 26.2.1 on iOS
2026-07-082026-07-08
1.1CVE-2026-0276 Cortex XDR Broker VM: Privilege Escalation (PE) Vulnerability
Cortex XDR Broker VM 20.0.96
< 31.0.58
>= 31.0.58
2026-07-082026-07-08
7.2PAN-SA-2026-0010 Chromium and Prisma Browser: Monthly Vulnerability Update (July 2026)
Prisma Browser
< 149.10.3.53
>= 150.33.2.46
2026-07-082026-07-08
8.1CVE-2026-0274 Cortex XSOAR: Improper Validation of Credentials in CommvaultSecurityIQ integration
Cortex XSIAM CommvaultSecurityIQ Marketplace 1.1.0
Cortex XSOAR CommvaultSecurityIQ Marketplace 1.1.0
< 1.2.0
< 1.2.0
>= 1.2.0
>= 1.2.0
2026-06-102026-06-10
6.1CVE-2026-0273 PAN-OS: Authenticated Admin Command Injection Vulnerability via CLI or Web UI
Cloud NGFW
PAN-OS 12.1
PAN-OS 11.2
PAN-OS 11.1
PAN-OS 10.2
Prisma Access
None
< 12.1.4-h7, < 12.1.7
< 11.2.4-h18, < 11.2.7-h16, < 11.2.10-h9, < 11.2.12
< 11.1.4-h34, < 11.1.6-h33, < 11.1.7-h7, < 11.1.10-h27, < 11.1.13-h7, < 11.1.15
< 10.2.7-h35, < 10.2.10-h37, < 10.2.13-h22, < 10.2.16-h8, < 10.2.18-h7
None
All
>= 12.1.4-h7, >= 12.1.7
>= 11.2.4-h18, >= 11.2.7-h16, >= 11.2.10-h9, >= 11.2.12
>= 11.1.4-h34, >= 11.1.6-h33, >= 11.1.7-h7, >= 11.1.10-h27, >= 11.1.13-h7, >= 11.1.15
>= 10.2.7-h35, >= 10.2.10-h37, >= 10.2.13-h22, >= 10.2.16-h8, >= 10.2.18-h7
All
2026-06-102026-06-11
6CVE-2026-0272 PAN-OS: Privilege Escalation (PE) Vulnerability in the Command Line Interface (CLI)
Cloud NGFW
PAN-OS 12.1
PAN-OS 11.2
PAN-OS 11.1
PAN-OS 10.2
Prisma Access
None
< 12.1.4-h7, < 12.1.5
< 11.2.4-h18, < 11.2.7-h16, < 11.2.10-h9, < 11.2.11
< 11.1.4-h34, < 11.1.6-h33, < 11.1.7-h7, < 11.1.10-h27, < 11.1.13-h7, < 11.1.14
< 10.2.7-h35, < 10.2.10-h37, < 10.2.13-h22, < 10.2.16-h8, < 10.2.18-h5
None
All
>= 12.1.4-h7, >= 12.1.5
>= 11.2.4-h18, >= 11.2.7-h16, >= 11.2.10-h9, >= 11.2.11
>= 11.1.4-h34, >= 11.1.6-h33, >= 11.1.7-h7, >= 11.1.10-h27, >= 11.1.13-h7, >= 11.1.14
>= 10.2.7-h35, >= 10.2.10-h37, >= 10.2.13-h22, >= 10.2.16-h8, >= 10.2.18-h5
All
2026-06-102026-06-10
5.9CVE-2026-0271 Prisma Access Agent: Local Privilege Escalation by Authorized Users
Prisma Access Agent
Prisma Access Agent
None on macOS, None on Windows, None on iOS, None on Android, None on Chrome OS
< 26.2.1 on Linux
All on macOS, All on Windows, All on iOS, All on Android, All on Chrome OS
>= 26.2.1 on Linux
2026-06-102026-06-10
4.8CVE-2026-0270 Cortex XSOAR: Path Traversal Vulnerability
Cortex XSOAR 8.13
Cortex XSOAR 8.12
Cortex XSOAR 8.11
Cortex XSOAR 8.10
Cortex XSOAR 6.14
Cortex XSOAR 6.13
Cortex XSOAR 6.12
< 8.13.0.11 on Linux
All
All
All
None
None
None
>= 8.13.0.11 on Linux
None
None
None
All
All
All
2026-06-102026-06-10
4.6CVE-2026-0269 PAN-OS: Denial of Service (DoS) in Tunnel Traffic Processing
Cloud NGFW
PAN-OS 12.1
PAN-OS 11.2
PAN-OS 11.1
PAN-OS 10.2
Panorama
Prisma Access
None
< 12.1.4-h5, < 12.1.5
< 11.2.4-h17, < 11.2.7-h4, < 11.2.10
< 11.1.4-h33, < 11.1.6-h21, < 11.1.10-h7, < 11.1.12
< 10.2.7-h34, < 10.2.10-h36, < 10.2.13-h21, < 10.2.16-h6, < 10.2.18
None
None
All
>= 12.1.4-h5, >= 12.1.5
>= 11.2.4-h17, >= 11.2.7-h4, >= 11.2.10
>= 11.1.4-h33, >= 11.1.6-h21, >= 11.1.10-h7, >= 11.1.12
>= 10.2.7-h34, >= 10.2.10-h36, >= 10.2.13-h21, >= 10.2.16-h6, >= 10.2.18
All
All
2026-06-102026-06-10
4.4CVE-2026-0268 Prisma Access Agent: Local Authenticated VPN Enforcement Bypass on Linux
Prisma Access Agent
Prisma Access Agent
None on Windows, None on macOS, None on iOS, None on Android, None on Chrome OS
< 26.2.1 on Linux
All on Windows, All on macOS, All on iOS, All on Android, All on Chrome OS
>= 26.2.1 on Linux
2026-06-102026-06-10
4.4CVE-2026-0267 GlobalProtect App: Information Exposure Vulnerability on macOS
GlobalProtect App
GlobalProtect App 6.3
GlobalProtect App 6.2
GlobalProtect UWP App
None on Windows, Linux, iOS, Android, Chrome OS
< 6.3.3-h1 on macOS
< 6.2.8-h2 on macOS
None
All on Windows, Linux, iOS, Android, Chrome OS
>= 6.3.3-h1 on macOS
>= 6.2.8-h2 on macOS
All
2026-06-102026-06-10
1.1CVE-2026-0266 PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the Web Interface
Cloud NGFW
PAN-OS 12.1
PAN-OS 11.2
PAN-OS 11.1
PAN-OS 10.2
Prisma Access
None
< 12.1.5
< 11.2.11
< 11.1.14
All
None
All
>= 12.1.5
>= 11.2.11
>= 11.1.14
None
All
2026-06-102026-06-10
8.4PAN-SA-2026-0008 Chromium: Monthly Vulnerability Update (June 2026)
Prisma Browser
< 148.18.4.217
>= 148.18.4.217
2026-06-102026-06-10
iPAN-SA-2026-0009 Informational Bulletin: Impact assessment of OSS CVEs in Prisma SD-WAN ION
Prisma SD-WAN ION
None
All
2026-06-102026-06-10
7.2CVE-2026-0265 PAN-OS: Authentication Bypass with Cloud Authentication Service (CAS) enabled
Cloud NGFW
PAN-OS 12.1
PAN-OS 11.2
PAN-OS 11.1
PAN-OS 10.2
Prisma Access
None
< 12.1.4-h5, < 12.1.7
< 11.2.4-h17, < 11.2.7-h13, < 11.2.10-h6, < 11.2.12
< 11.1.4-h33, < 11.1.6-h32, < 11.1.7-h6, < 11.1.10-h25, < 11.1.13-h5, < 11.1.15
< 10.2.7-h34, < 10.2.10-h36, < 10.2.13-h21, < 10.2.16-h7, < 10.2.18-h6
None
All
>= 12.1.4-h5, >= 12.1.7
>= 11.2.4-h17, >= 11.2.7-h13, >= 11.2.10-h6, >= 11.2.12
>= 11.1.4-h33, >= 11.1.6-h32, >= 11.1.7-h6, >= 11.1.10-h25, >= 11.1.13-h5, >= 11.1.15
>= 10.2.7-h34, >= 10.2.10-h36, >= 10.2.13-h21, >= 10.2.16-h7, >= 10.2.18-h6
All
2026-05-132026-05-28
1 - 25 of 551 Download
© 2026 Palo Alto Networks, Inc. All rights reserved.