| 7.2 | CVE-2026-0288
PAN-OS: Buffer Overflow Vulnerabilities in User-ID Terminal Server Agent | Cloud NGFW PAN-OS 12.1 PAN-OS 11.2 PAN-OS 11.1 PAN-OS 10.2 Prisma Access 11.2.0 Prisma Access 10.2.0 | None on AWS, None on Azure < 12.1.4-h8, < 12.1.7-h2, < 12.1.8 < 11.2.4-h20, < 11.2.7-h18, < 11.2.10-h12, < 11.2.13 < 11.1.4-h35, < 11.1.6-h35, < 11.1.7-h8, < 11.1.10-h30, < 11.1.13-h9, < 11.1.16 < 10.2.7-h36, < 10.2.10-h39, < 10.2.13-h23, < 10.2.16-h9, < 10.2.18-h8 < 11.2.7-h18* < 10.2.10-h39* | All on AWS, All on Azure unless you have been contacted by Palo Alto Networks >= 12.1.4-h8, >= 12.1.7-h2, >= 12.1.8 >= 11.2.4-h20, >= 11.2.7-h18, >= 11.2.10-h12, >= 11.2.13 >= 11.1.4-h35, >= 11.1.6-h35, >= 11.1.7-h8, >= 11.1.10-h30, >= 11.1.13-h9, >= 11.1.16 >= 10.2.7-h36, >= 10.2.10-h39, >= 10.2.13-h23, >= 10.2.16-h9, >= 10.2.18-h8 >= 11.2.7-h18* >= 10.2.10-h39* | 2026-07-08 | 2026-07-08 |
| 6.6 | CVE-2026-0287
PAN-OS: Denial of Service Vulnerabilities in Network Traffic Processing | Cloud NGFW PAN-OS 12.1 PAN-OS 11.2 PAN-OS 11.1 PAN-OS 10.2 Prisma Access 11.2.0 Prisma Access 10.2.0 | All on AWS, All on Azure < 12.1.4-h8, < 12.1.7-h2, < 12.1.8 < 11.2.4-h20, < 11.2.7-h18, < 11.2.10-h12, < 11.2.13 < 11.1.4-h35, < 11.1.6-h35, < 11.1.7-h8, < 11.1.10-h30, < 11.1.13-h9, < 11.1.16 < 10.2.7-h36, < 10.2.10-h39, < 10.2.13-h23, < 10.2.16-h9, < 10.2.18-h8 < 11.2.7-h18* < 10.2.10-h39* | None on AWS, None on Azure >= 12.1.4-h8, >= 12.1.7-h2, >= 12.1.8 >= 11.2.4-h20, >= 11.2.7-h18, >= 11.2.10-h12, >= 11.2.13 >= 11.1.4-h35, >= 11.1.6-h35, >= 11.1.7-h8, >= 11.1.10-h30, >= 11.1.13-h9, >= 11.1.16 >= 10.2.7-h36, >= 10.2.10-h39, >= 10.2.13-h23, >= 10.2.16-h9, >= 10.2.18-h8 >= 11.2.7-h18* >= 10.2.10-h39* | 2026-07-08 | 2026-07-08 |
| 6 | CVE-2026-0286
PAN-OS: Authenticated Command Injection in CLI | Cloud NGFW PAN-OS 12.1 PAN-OS 11.2 PAN-OS 11.1 PAN-OS 10.2 Prisma Access | None < 12.1.4-h8, < 12.1.7-h2, < 12.1.8 < 11.2.4-h20, < 11.2.7-h18, < 11.2.10-h11, < 11.2.13 < 11.1.4-h35, < 11.1.6-h35, < 11.1.7-h8, < 11.1.10-h30, < 11.1.13-h9, < 11.1.16 < 10.2.7-h36, < 10.2.10-h39, < 10.2.13-h23, < 10.2.16-h9, < 10.2.18-h8 None | All >= 12.1.4-h8, >= 12.1.7-h2, >= 12.1.8 >= 11.2.4-h20, >= 11.2.7-h18, >= 11.2.10-h11, >= 11.2.13 >= 11.1.4-h35, >= 11.1.6-h35, >= 11.1.7-h8, >= 11.1.10-h30, >= 11.1.13-h9, >= 11.1.16 >= 10.2.7-h36, >= 10.2.10-h39, >= 10.2.13-h23, >= 10.2.16-h9, >= 10.2.18-h8 All | 2026-07-08 | 2026-07-08 |
| 4.7 | CVE-2026-0285
PAN-OS: Server-Side Request Forgery Vulnerability in Management Web Interface | Cloud NGFW PAN-OS 12.1 PAN-OS 11.2 PAN-OS 11.1 PAN-OS 10.2 Prisma Access | None < 12.1.4-h8, < 12.1.7-h2, < 12.1.8 < 11.2.4-h20, < 11.2.7-h18, < 11.2.10-h11, < 11.2.13 < 11.1.4-h35, < 11.1.6-h35, < 11.1.7-h8, < 11.1.10-h30, < 11.1.13-h9, < 11.1.16 < 10.2.7-h36, < 10.2.10-h39, < 10.2.13-h23, < 10.2.16-h9, < 10.2.18-h8 None | All >= 12.1.4-h8, >= 12.1.7-h2, >= 12.1.8 >= 11.2.4-h20, >= 11.2.7-h18, >= 11.2.10-h11, >= 11.2.13 >= 11.1.4-h35, >= 11.1.6-h35, >= 11.1.7-h8, >= 11.1.10-h30, >= 11.1.13-h9, >= 11.1.16 >= 10.2.7-h36, >= 10.2.10-h39, >= 10.2.13-h23, >= 10.2.16-h9, >= 10.2.18-h8 All | 2026-07-08 | 2026-07-08 |
| 4.7 | CVE-2026-0284
PAN-OS: XML Injection Vulnerability in Large Scale VPN (LSVPN) | Cloud NGFW PAN-OS 12.1 PAN-OS 11.2 PAN-OS 11.1 PAN-OS 10.2 Prisma Access | None < 12.1.4-h8, < 12.1.7-h2, < 12.1.8 < 11.2.4-h20, < 11.2.7-h18, < 11.2.10-h12, < 11.2.13 < 11.1.4-h35, < 11.1.6-h35, < 11.1.7-h8, < 11.1.10-h30, < 11.1.13-h9, < 11.1.16 < 10.2.7-h36, < 10.2.10-h39, < 10.2.13-h23, < 10.2.16-h9, < 10.2.18-h8 None | All >= 12.1.4-h8, >= 12.1.7-h2, >= 12.1.8 >= 11.2.4-h20, >= 11.2.7-h18, >= 11.2.10-h12, >= 11.2.13 >= 11.1.4-h35, >= 11.1.6-h35, >= 11.1.7-h8, >= 11.1.10-h30, >= 11.1.13-h9, >= 11.1.16 >= 10.2.7-h36, >= 10.2.10-h39, >= 10.2.13-h23, >= 10.2.16-h9, >= 10.2.18-h8 All | 2026-07-08 | 2026-07-08 |
| 4.5 | CVE-2026-0283
PAN-OS: Authentication Bypass Vulnerability in Large Scale VPN (LSVPN) | Cloud NGFW PAN-OS 12.1 PAN-OS 11.2 PAN-OS 11.1 PAN-OS 10.2 Prisma Access | None < 12.1.4-h8, < 12.1.7-h2, < 12.1.8 < 11.2.4-h20, < 11.2.7-h18, < 11.2.10-h12, < 11.2.13 < 11.1.4-h35, < 11.1.6-h35, < 11.1.7-h8, < 11.1.10-h30, < 11.1.13-h9, < 11.1.16 < 10.2.7-h36, < 10.2.10-h39, < 10.2.13-h23, < 10.2.16-h9, < 10.2.18-h8 None | All >= 12.1.4-h8, >= 12.1.7-h2, >= 12.1.8 >= 11.2.4-h20, >= 11.2.7-h18, >= 11.2.10-h12, >= 11.2.13 >= 11.1.4-h35, >= 11.1.6-h35, >= 11.1.7-h8, >= 11.1.10-h30, >= 11.1.13-h9, >= 11.1.16 >= 10.2.7-h36, >= 10.2.10-h39, >= 10.2.13-h23, >= 10.2.16-h9, >= 10.2.18-h8 All | 2026-07-08 | 2026-07-08 |
| 2.7 | CVE-2026-0282
PAN-OS: File Deletion Vulnerability in Management Web Interface | Cloud NGFW PAN-OS 12.1 PAN-OS 11.2 PAN-OS 11.1 PAN-OS 10.2 Prisma Access | None < 12.1.8 < 11.2.13 < 11.1.16 All None | All >= 12.1.8 >= 11.2.13 >= 11.1.16 None All | 2026-07-08 | 2026-07-08 |
| 2.1 | CVE-2026-0281
PAN-OS: Information Disclosure Vulnerability in Management Web Interface | Cloud NGFW PAN-OS 12.1 PAN-OS 11.2 PAN-OS 11.1 PAN-OS 10.2 Prisma Access | None < 12.1.8 < 11.2.13 < 11.1.16 All None | All >= 12.1.8 >= 11.2.13 >= 11.1.16 None All | 2026-07-08 | 2026-07-08 |
| 1.7 | CVE-2026-0280
PAN-OS: IPv6 Firewall Policy Bypass | Cloud NGFW PAN-OS 12.1 PAN-OS 11.2 PAN-OS 11.1 PAN-OS 10.2 Panorama Prisma Access 11.2.0 Prisma Access 10.2.0 | None < 12.1.4-h8, < 12.1.7-h2, < 12.1.8 < 11.2.4-h20, < 11.2.7-h18, < 11.2.10-h11, < 11.2.13 < 11.1.4-h35, < 11.1.6-h35, < 11.1.7-h8, < 11.1.10-h30, < 11.1.13-h9, < 11.1.16 < 10.2.7-h36, < 10.2.10-h39, < 10.2.13-h23, < 10.2.16-h9, < 10.2.18-h8 None < 11.2.7-h18* < 10.2.10-h39* | All >= 12.1.4-h8, >= 12.1.7-h2, >= 12.1.8 >= 11.2.4-h20, >= 11.2.7-h18, >= 11.2.10-h11, >= 11.2.13 >= 11.1.4-h35, >= 11.1.6-h35, >= 11.1.7-h8, >= 11.1.10-h30, >= 11.1.13-h9, >= 11.1.16 >= 10.2.7-h36, >= 10.2.10-h39, >= 10.2.13-h23, >= 10.2.16-h9, >= 10.2.18-h8 All >= 11.2.7-h18* >= 10.2.10-h39* | 2026-07-08 | 2026-07-08 |
| 1.3 | CVE-2026-0279
PAN-OS: Multiple Cross-Site Scripting (XSS) Vulnerabilities | Cloud NGFW PAN-OS 12.1 PAN-OS 11.2 PAN-OS 11.1 PAN-OS 10.2 Prisma Access 12.1 Prisma Access 11.2 Prisma Access 10.2 | None < 12.1.8 < 11.2.13 < 11.1.16 All < 12.1.8* All* All* | All >= 12.1.8 >= 11.2.13 >= 11.1.16 None >= 12.1.8* None* None* | 2026-07-08 | 2026-07-08 |
| 5.7 | CVE-2026-0277
Prisma Access Agent: Improper Certificate Validation on iOS | Prisma Access Agent Prisma Access Agent 0 | None on Linux, None on Windows, None on macOS, None on Android, None on ChromeOS < 26.2.1 on iOS | All on Linux, All on Windows, All on macOS, All on Android, All on ChromeOS >= 26.2.1 on iOS | 2026-07-08 | 2026-07-08 |
| 1.1 | CVE-2026-0276
Cortex XDR Broker VM: Privilege Escalation (PE) Vulnerability | Cortex XDR Broker VM 20.0.96 | | | 2026-07-08 | 2026-07-08 |
| 7.2 | PAN-SA-2026-0010
Chromium and Prisma Browser: Monthly Vulnerability Update (July 2026) | | | | 2026-07-08 | 2026-07-08 |