Palo Alto Networks Security Advisories

Clear
Published Date
version
severity
product
Clear
1 - 25 of 538
VersionsAffectedUnaffected
8.1CVE-2026-0274 Cortex XSOAR: Improper Validation of Credentials in CommvaultSecurityIQ integration
Cortex XSIAM CommvaultSecurityIQ Marketplace 1.1.0
Cortex XSOAR CommvaultSecurityIQ Marketplace 1.1.0
< 1.2.0
< 1.2.0
>= 1.2.0
>= 1.2.0
2026-06-102026-06-10
6.1CVE-2026-0273 PAN-OS: Authenticated Admin Command Injection Vulnerability via CLI or Web UI
Cloud NGFW
PAN-OS 12.1
PAN-OS 11.2
PAN-OS 11.1
PAN-OS 10.2
Prisma Access
None
< 12.1.4-h7, < 12.1.7
< 11.2.4-h18, < 11.2.7-h16, < 11.2.10-h9, < 11.2.12
< 11.1.4-h34, < 11.1.6-h33, < 11.1.7-h7, < 11.1.10-h27, < 11.1.13-h7, < 11.1.15
< 10.2.7-h35, < 10.2.10-h37, < 10.2.13-h22, < 10.2.16-h8, < 10.2.18-h7
None
All
>= 12.1.4-h7, >= 12.1.7
>= 11.2.4-h18, >= 11.2.7-h16, >= 11.2.10-h9, >= 11.2.12
>= 11.1.4-h34, >= 11.1.6-h33, >= 11.1.7-h7, >= 11.1.10-h27, >= 11.1.13-h7, >= 11.1.15
>= 10.2.7-h35, >= 10.2.10-h37, >= 10.2.13-h22, >= 10.2.16-h8, >= 10.2.18-h7
All
2026-06-102026-06-11
6CVE-2026-0272 PAN-OS: Privilege Escalation (PE) Vulnerability in the Command Line Interface (CLI)
Cloud NGFW
PAN-OS 12.1
PAN-OS 11.2
PAN-OS 11.1
PAN-OS 10.2
Prisma Access
None
< 12.1.4-h7, < 12.1.5
< 11.2.4-h18, < 11.2.7-h16, < 11.2.10-h9, < 11.2.11
< 11.1.4-h34, < 11.1.6-h33, < 11.1.7-h7, < 11.1.10-h27, < 11.1.13-h7, < 11.1.14
< 10.2.7-h35, < 10.2.10-h37, < 10.2.13-h22, < 10.2.16-h8, < 10.2.18-h5
None
All
>= 12.1.4-h7, >= 12.1.5
>= 11.2.4-h18, >= 11.2.7-h16, >= 11.2.10-h9, >= 11.2.11
>= 11.1.4-h34, >= 11.1.6-h33, >= 11.1.7-h7, >= 11.1.10-h27, >= 11.1.13-h7, >= 11.1.14
>= 10.2.7-h35, >= 10.2.10-h37, >= 10.2.13-h22, >= 10.2.16-h8, >= 10.2.18-h5
All
2026-06-102026-06-10
5.9CVE-2026-0271 Prisma Access Agent: Local Privilege Escalation by Authorized Users
Prisma Access Agent
Prisma Access Agent
None on macOS, None on Windows, None on iOS, None on Android, None on Chrome OS
< 26.2.1 on Linux
All on macOS, All on Windows, All on iOS, All on Android, All on Chrome OS
>= 26.2.1 on Linux
2026-06-102026-06-10
4.8CVE-2026-0270 Cortex XSOAR: Path Traversal Vulnerability
Cortex XSOAR 8.13
Cortex XSOAR 8.12
Cortex XSOAR 8.11
Cortex XSOAR 8.10
Cortex XSOAR 6.14
Cortex XSOAR 6.13
Cortex XSOAR 6.12
< 8.13.0.11 on Linux
All
All
All
None
None
None
>= 8.13.0.11 on Linux
None
None
None
All
All
All
2026-06-102026-06-10
4.6CVE-2026-0269 PAN-OS: Denial of Service (DoS) in Tunnel Traffic Processing
Cloud NGFW
PAN-OS 12.1
PAN-OS 11.2
PAN-OS 11.1
PAN-OS 10.2
Panorama
Prisma Access
None
< 12.1.4-h5, < 12.1.5
< 11.2.4-h17, < 11.2.7-h4, < 11.2.10
< 11.1.4-h33, < 11.1.6-h21, < 11.1.10-h7, < 11.1.12
< 10.2.7-h34, < 10.2.10-h36, < 10.2.13-h21, < 10.2.16-h6, < 10.2.18
None
None
All
>= 12.1.4-h5, >= 12.1.5
>= 11.2.4-h17, >= 11.2.7-h4, >= 11.2.10
>= 11.1.4-h33, >= 11.1.6-h21, >= 11.1.10-h7, >= 11.1.12
>= 10.2.7-h34, >= 10.2.10-h36, >= 10.2.13-h21, >= 10.2.16-h6, >= 10.2.18
All
All
2026-06-102026-06-10
4.4CVE-2026-0268 Prisma Access Agent: Local Authenticated VPN Enforcement Bypass on Linux
Prisma Access Agent
Prisma Access Agent
None on Windows, None on macOS, None on iOS, None on Android, None on Chrome OS
< 26.2.1 on Linux
All on Windows, All on macOS, All on iOS, All on Android, All on Chrome OS
>= 26.2.1 on Linux
2026-06-102026-06-10
4.4CVE-2026-0267 GlobalProtect App: Information Exposure Vulnerability on macOS
GlobalProtect App
GlobalProtect App 6.3
GlobalProtect App 6.2
GlobalProtect UWP App
None on Windows, Linux, iOS, Android, Chrome OS
< 6.3.3-h1 on macOS
< 6.2.8-h2 on macOS
None
All on Windows, Linux, iOS, Android, Chrome OS
>= 6.3.3-h1 on macOS
>= 6.2.8-h2 on macOS
All
2026-06-102026-06-10
1.1CVE-2026-0266 PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the Web Interface
Cloud NGFW
PAN-OS 12.1
PAN-OS 11.2
PAN-OS 11.1
PAN-OS 10.2
Prisma Access
None
< 12.1.5
< 11.2.11
< 11.1.14
All
None
All
>= 12.1.5
>= 11.2.11
>= 11.1.14
None
All
2026-06-102026-06-10
8.4PAN-SA-2026-0008 Chromium: Monthly Vulnerability Update (June 2026)
Prisma Browser
< 148.18.4.217
>= 148.18.4.217
2026-06-102026-06-10
iPAN-SA-2026-0009 Informational Bulletin: Impact assessment of OSS CVEs in Prisma SD-WAN ION
Prisma SD-WAN ION
None
All
2026-06-102026-06-10
7.2CVE-2026-0265 PAN-OS: Authentication Bypass with Cloud Authentication Service (CAS) enabled
Cloud NGFW
PAN-OS 12.1
PAN-OS 11.2
PAN-OS 11.1
PAN-OS 10.2
Prisma Access
None
< 12.1.4-h5, < 12.1.7
< 11.2.4-h17, < 11.2.7-h13, < 11.2.10-h6, < 11.2.12
< 11.1.4-h33, < 11.1.6-h32, < 11.1.7-h6, < 11.1.10-h25, < 11.1.13-h5, < 11.1.15
< 10.2.7-h34, < 10.2.10-h36, < 10.2.13-h21, < 10.2.16-h7, < 10.2.18-h6
None
All
>= 12.1.4-h5, >= 12.1.7
>= 11.2.4-h17, >= 11.2.7-h13, >= 11.2.10-h6, >= 11.2.12
>= 11.1.4-h33, >= 11.1.6-h32, >= 11.1.7-h6, >= 11.1.10-h25, >= 11.1.13-h5, >= 11.1.15
>= 10.2.7-h34, >= 10.2.10-h36, >= 10.2.13-h21, >= 10.2.16-h7, >= 10.2.18-h6
All
2026-05-132026-05-28
7.2CVE-2026-0264 PAN-OS: Heap-Based Buffer Overflow in DNS Proxy and DNS Server Allows Unauthenticated Remote Code Execution
Cloud NGFW
PAN-OS 12.1
PAN-OS 11.2
PAN-OS 11.1
PAN-OS 10.2
Prisma Access
None on AWS, None on Azure
< 12.1.4-h5, < 12.1.7
< 11.2.4-h17, < 11.2.7-h13, < 11.2.10-h6, < 11.2.12
< 11.1.4-h33, < 11.1.6-h32, < 11.1.7-h6, < 11.1.10-h25, < 11.1.13-h5, < 11.1.15
< 10.2.7-h34, < 10.2.10-h36, < 10.2.13-h21, < 10.2.16-h7, < 10.2.18-h6
None
All on AWS, All on Azure unless you have been contacted by Palo Alto Networks
>= 12.1.4-h5, >= 12.1.7
>= 11.2.4-h17, >= 11.2.7-h13, >= 11.2.10-h6, >= 11.2.12
>= 11.1.4-h33, >= 11.1.6-h32, >= 11.1.7-h6, >= 11.1.10-h25, >= 11.1.13-h5, >= 11.1.15
>= 10.2.7-h34, >= 10.2.10-h36, >= 10.2.13-h21, >= 10.2.16-h7, >= 10.2.18-h6
All
2026-05-132026-05-28
7.2CVE-2026-0263 PAN-OS: Remote Code Execution (RCE) in IKEv2 Processing
Cloud NGFW
PAN-OS 12.1
PAN-OS 11.2
PAN-OS 11.1
PAN-OS 10.2
Prisma Access
None
< 12.1.4-h5, < 12.1.7
< 11.2.4-h17, < 11.2.7-h13, < 11.2.10-h6, < 11.2.12
< 11.1.4-h33, < 11.1.6-h32, < 11.1.7-h6, < 11.1.10-h25, < 11.1.13-h5, < 11.1.15
None
None
All
>= 12.1.4-h5, >= 12.1.7
>= 11.2.4-h17, >= 11.2.7-h13, >= 11.2.10-h6, >= 11.2.12
>= 11.1.4-h33, >= 11.1.6-h32, >= 11.1.7-h6, >= 11.1.10-h25, >= 11.1.13-h5, >= 11.1.15
All
All
2026-05-132026-05-28
6.6CVE-2026-0262 PAN-OS: Denial of Service Vulnerabilities in Network Traffic Parsing
Cloud NGFW
PAN-OS 12.1
PAN-OS 11.2
PAN-OS 11.1
PAN-OS 10.2
Prisma Access
None on Azure/AWS
< 12.1.4-h5, < 12.1.7
< 11.2.4-h17, < 11.2.7-h13, < 11.2.10-h6, < 11.2.12
< 11.1.4-h33, < 11.1.6-h32, < 11.1.7-h6, < 11.1.10-h25, < 11.1.13-h5, < 11.1.15
< 10.2.7-h34, < 10.2.10-h36, < 10.2.13-h21, < 10.2.16-h7, < 10.2.18-h6
None*
All on Azure/AWS
>= 12.1.4-h5, >= 12.1.7
>= 11.2.4-h17, >= 11.2.7-h13, >= 11.2.10-h6, >= 11.2.12
>= 11.1.4-h33, >= 11.1.6-h32, >= 11.1.7-h6, >= 11.1.10-h25, >= 11.1.13-h5, >= 11.1.15
>= 10.2.7-h34, >= 10.2.10-h36, >= 10.2.13-h21, >= 10.2.16-h7, >= 10.2.18-h6
All*
2026-05-132026-05-28
6.1CVE-2026-0261 PAN-OS: Authenticated Admin Command Injection Vulnerability
Cloud NGFW
PAN-OS 12.1
PAN-OS 11.2
PAN-OS 11.1
PAN-OS 10.2
Prisma Access
None
< 12.1.4-h5, < 12.1.7
< 11.2.4-h17, < 11.2.7-h13, < 11.2.10-h6, < 11.2.12
< 11.1.4-h33, < 11.1.6-h32, < 11.1.7-h6, < 11.1.10-h25, < 11.1.13-h5, < 11.1.15
< 10.2.7-h34, < 10.2.10-h36, < 10.2.13-h21, < 10.2.16-h7, < 10.2.18-h6
None
All
>= 12.1.4-h5, >= 12.1.7
>= 11.2.4-h17, >= 11.2.7-h13, >= 11.2.10-h6, >= 11.2.12
>= 11.1.4-h33, >= 11.1.6-h32, >= 11.1.7-h6, >= 11.1.10-h25, >= 11.1.13-h5, >= 11.1.15
>= 10.2.7-h34, >= 10.2.10-h36, >= 10.2.13-h21, >= 10.2.16-h7, >= 10.2.18-h6
All
2026-05-132026-05-28
5CVE-2026-0259 WildFire WF-500 and WF-500-B: Arbitrary File Read and Delete Vulnerability in WildFire Appliance (WF-500, WF-500-B)
WildFire WF-500 and WF-500-B 12.1.0
WildFire WF-500 and WF-500-B 11.2.0
WildFire WF-500 and WF-500-B 11.1.0
WildFire WF-500 and WF-500-B 10.2.0
< 12.1.4-h5, < 12.1.7
< 11.2.4-h17, < 11.2.7-h13, < 11.2.10-h6, < 11.2.12
< 11.1.4-h33, < 11.1.6-h32, < 11.1.7-h6, < 11.1.10-h25, < 11.1.13-h5, < 11.1.15
< 10.2.7-h34, < 10.2.10-h36, < 10.2.13-h21, < 10.2.16-h7, < 10.2.18-h6
>= 12.1.4-h5, >= 12.1.7
>= 11.2.4-h17, >= 11.2.7-h13, >= 11.2.10-h6, >= 11.2.12
>= 11.1.4-h33, >= 11.1.6-h32, >= 11.1.7-h6, >= 11.1.10-h25, >= 11.1.13-h5, >= 11.1.15
>= 10.2.7-h34, >= 10.2.10-h36, >= 10.2.13-h21, >= 10.2.16-h7, >= 10.2.18-h6
2026-05-132026-05-28
4.8CVE-2026-0258 PAN-OS: Server-Side Request Forgery (SSRF) in IKEv2 Certificate URL Fetching
Cloud NGFW
PAN-OS 12.1
PAN-OS 11.2
PAN-OS 11.1
PAN-OS 10.2
Prisma Access
None
< 12.1.4-h5, < 12.1.7
< 11.2.4-h17, < 11.2.7-h13, < 11.2.10-h6, < 11.2.12
< 11.1.4-h33, < 11.1.6-h32, < 11.1.7-h6, < 11.1.10-h25, < 11.1.13-h5, < 11.1.15
< 10.2.7-h34, < 10.2.10-h36, < 10.2.13-h21, < 10.2.16-h7, < 10.2.18-h6
None
All
>= 12.1.4-h5, >= 12.1.7
>= 11.2.4-h17, >= 11.2.7-h13, >= 11.2.10-h6, >= 11.2.12
>= 11.1.4-h33, >= 11.1.6-h32, >= 11.1.7-h6, >= 11.1.10-h25, >= 11.1.13-h5, >= 11.1.15
>= 10.2.7-h34, >= 10.2.10-h36, >= 10.2.13-h21, >= 10.2.16-h7, >= 10.2.18-h6
All
2026-05-132026-05-28
7.8CVE-2026-0257 PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities
Cloud NGFW
PAN-OS 12.1
PAN-OS 11.2
PAN-OS 11.1
PAN-OS 10.2
Prisma Access 11.2.0
Prisma Access 10.2.0
None
< 12.1.4-h6, < 12.1.7
< 11.2.4-h17, < 11.2.7-h14, < 11.2.10-h7, < 11.2.12
< 11.1.4-h33, < 11.1.6-h32, < 11.1.7-h6, < 11.1.10-h25, < 11.1.13-h5, < 11.1.15
< 10.2.7-h34, < 10.2.10-h36, < 10.2.13-h21, < 10.2.16-h7, < 10.2.18-h6
< 11.2.7-h13*
< 10.2.10-h36*
All
>= 12.1.4-h6, >= 12.1.7
>= 11.2.4-h17, >= 11.2.7-h14, >= 11.2.10-h7, >= 11.2.12
>= 11.1.4-h33, >= 11.1.6-h32, >= 11.1.7-h6, >= 11.1.10-h25, >= 11.1.13-h5, >= 11.1.15
>= 10.2.7-h34, >= 10.2.10-h36, >= 10.2.13-h21, >= 10.2.16-h7, >= 10.2.18-h6
>= 11.2.7-h13*
>= 10.2.10-h36*
2026-05-132026-06-03
4.4CVE-2026-0256 PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the Web Interface
Cloud NGFW
PAN-OS 12.1
PAN-OS 11.2
PAN-OS 11.1
PAN-OS 10.2
Prisma Access
None
< 12.1.4-h5, < 12.1.7
< 11.2.4-h17, < 11.2.7-h13, < 11.2.10-h6, < 11.2.12
< 11.1.4-h33, < 11.1.6-h32, < 11.1.7-h6, < 11.1.10-h25, < 11.1.13-h5, < 11.1.15
< 10.2.7-h34, < 10.2.10-h36, < 10.2.13-h21, < 10.2.16-h7, < 10.2.18-h6
None
All
>= 12.1.4-h5, >= 12.1.7
>= 11.2.4-h17, >= 11.2.7-h13, >= 11.2.10-h6, >= 11.2.12
>= 11.1.4-h33, >= 11.1.6-h32, >= 11.1.7-h6, >= 11.1.10-h25, >= 11.1.13-h5, >= 11.1.15
>= 10.2.7-h34, >= 10.2.10-h36, >= 10.2.13-h21, >= 10.2.16-h7, >= 10.2.18-h6
All
2026-05-132026-05-28
5.9CVE-2026-0251 GlobalProtect App: Local Privilege Escalation Vulnerabilities
GlobalProtect App
GlobalProtect App 6.3
GlobalProtect App 6.2
GlobalProtect App 6.0
None on Android, None on ChromeOS, None on iOS, None on UWP
< 6.3.3-h11 (6.3.3-c1016) on Windows, < 6.3.3-h11 (6.3.3-c1016) on macOS, < 6.3.3-h2 (6.3.3-c42) on Linux
< 6.2.8-h10 (6.2.8-948) on Windows, < 6.2.8-h10 (6.2.8-948) on macOS
< 6.0.13 on Windows, < 6.0.13 on macOS, < 6.0.11 on Linux
All on Android, All on ChromeOS, All on iOS, All on UWP
>= 6.3.3-h11 (6.3.3-c1016) on Windows, >= 6.3.3-h11 (6.3.3-c1016) on macOS, >= 6.3.3-h2 (6.3.3-c42) on Linux
>= 6.2.8-h10 (6.2.8-948) on Windows, >= 6.2.8-h10 (6.2.8-948) on macOS
>= 6.0.13 on Windows, >= 6.0.13 on macOS, >= 6.0.11 on Linux (ETA: 06/10)
2026-05-132026-06-02
5.2CVE-2026-0250 GlobalProtect App: Buffer Overflow Vulnerability during connection to Portal or Gateway
GlobalProtect App
GlobalProtect App 6.3
GlobalProtect App 6.2
GlobalProtect App 6.1
GlobalProtect App 6.0
GlobalProtect UWP App 6.3
None on iOS
< 6.3.3-h9 (6.3.3-999) on Windows, < 6.3.3-h9 (6.3.3-999) on macOS, < 6.3.4 on Android, < 6.3.4 on ChromeOS, < 6.3.3-h3 on Linux
< 6.2.8-h10 (6.2.8-948) on Windows, < 6.2.8-h10 (6.2.8-948) on macOS
< 6.1.14 on Android, < 6.1.14 on ChromeOS
< 6.0.12 on Linux, < 6.0.13 on Windows, < 6.0.13 on macOS, < 6.0.15 on Android, < 6.0.15 on ChromeOS
< 6.3.3-h10 on Windows
All on iOS
>= 6.3.3-h9 (6.3.3-999) on Windows, >= 6.3.3-h9 (6.3.3-999) on macOS, >= 6.3.4 on Android (ETA: 06/30), >= 6.3.4 on ChromeOS (ETA: 06/30), >= 6.3.3-h3 on Linux (ETA: 06/30)
>= 6.2.8-h10 (6.2.8-948) on Windows, >= 6.2.8-h10 (6.2.8-948) on macOS
>= 6.1.14 on Android (ETA: 06/17), >= 6.1.14 on ChromeOS (ETA: 06/17)
>= 6.0.12 on Linux (ETA: 06/30), >= 6.0.13 on Windows, >= 6.0.13 on macOS, >= 6.0.15 on Android (ETA: 06/30), >= 6.0.15 on ChromeOS (ETA: 06/30)
>= 6.3.3-h10 on Windows (ETA: 06/04)
2026-05-132026-06-13
4.9CVE-2026-0249 GlobalProtect App: Certificate Validation Bypass Vulnerabilities
GlobalProtect App
GlobalProtect App 6.3
GlobalProtect App 6.2
GlobalProtect App 6.1
GlobalProtect App 6.0
None on Windows, None on Linux, None on iOS, None on Windows UWP
< 6.3.3-h9 (6.3.3-999) on macOS
< 6.2.8-h10 (6.2.8-948) on macOS
< 6.1.14 on Android, < 6.1.14 on ChromeOS
< 6.0.14 on Android, < 6.0.14 on ChromeOS, < 6.0.13 on macOS
All on Windows, All on Linux, All on iOS, All on Windows UWP
>= 6.3.3-h9 (6.3.3-999) on macOS
>= 6.2.8-h10 (6.2.8-948) on macOS
>= 6.1.14 on Android (ETA: 06/17), >= 6.1.14 on ChromeOS (ETA: 06/17)
>= 6.0.14 on Android (ETA: 06/04), >= 6.0.14 on ChromeOS (ETA: 06/04), >= 6.0.13 on macOS
2026-05-132026-06-13
6.2CVE-2026-0248 Prisma Access Agent: Improper Certificate Validation Vulnerability
Prisma Access Agent
Prisma Access Agent
None on iOS, None on Linux, None on macOS, None on Windows
< 26.2.1 on Android, < 26.2.1 on Chrome OS
All on iOS, All on Linux, All on macOS, All on Windows
>= 26.2.1 on Android, >= 26.2.1 on Chrome OS
2026-05-132026-05-13
5.9CVE-2026-0247 Prisma Access Agent Endpoint DLP: Authorization Bypass Vulnerabilities
Prisma Access Agent (Endpoint DLP)
< 26.2.1 on macOS, < 26.2.1 on Windows
>= 26.2.1 on macOS, >= 26.2.1 on Windows
2026-05-132026-05-13
1 - 25 of 538 Download
Terms of usePrivacyProduct Security Assurance and Vulnerability Disclosure PolicyReport vulnerabilitiesManage subscriptions
© 2026 Palo Alto Networks, Inc. All rights reserved.