Palo Alto Networks Security Advisories

Found 13
VersionsAffectedUnaffected
7.2CVE-2026-0288 PAN-OS: Buffer Overflow Vulnerabilities in User-ID Terminal Server Agent
Cloud NGFW
PAN-OS 12.1
PAN-OS 11.2
PAN-OS 11.1
PAN-OS 10.2
Prisma Access 11.2.0
Prisma Access 10.2.0
None on AWS, None on Azure
< 12.1.4-h8, < 12.1.7-h2, < 12.1.8
< 11.2.4-h20, < 11.2.7-h18, < 11.2.10-h12, < 11.2.13
< 11.1.4-h35, < 11.1.6-h35, < 11.1.7-h8, < 11.1.10-h30, < 11.1.13-h9, < 11.1.16
< 10.2.7-h36, < 10.2.10-h39, < 10.2.13-h23, < 10.2.16-h9, < 10.2.18-h8
< 11.2.7-h18*
< 10.2.10-h39*
All on AWS, All on Azure unless you have been contacted by Palo Alto Networks
>= 12.1.4-h8, >= 12.1.7-h2, >= 12.1.8
>= 11.2.4-h20, >= 11.2.7-h18, >= 11.2.10-h12, >= 11.2.13
>= 11.1.4-h35, >= 11.1.6-h35, >= 11.1.7-h8, >= 11.1.10-h30, >= 11.1.13-h9, >= 11.1.16
>= 10.2.7-h36, >= 10.2.10-h39, >= 10.2.13-h23, >= 10.2.16-h9, >= 10.2.18-h8
>= 11.2.7-h18*
>= 10.2.10-h39*
2026-07-082026-07-08
6.6CVE-2026-0287 PAN-OS: Denial of Service Vulnerabilities in Network Traffic Processing
Cloud NGFW
PAN-OS 12.1
PAN-OS 11.2
PAN-OS 11.1
PAN-OS 10.2
Prisma Access 11.2.0
Prisma Access 10.2.0
All on AWS, All on Azure
< 12.1.4-h8, < 12.1.7-h2, < 12.1.8
< 11.2.4-h20, < 11.2.7-h18, < 11.2.10-h12, < 11.2.13
< 11.1.4-h35, < 11.1.6-h35, < 11.1.7-h8, < 11.1.10-h30, < 11.1.13-h9, < 11.1.16
< 10.2.7-h36, < 10.2.10-h39, < 10.2.13-h23, < 10.2.16-h9, < 10.2.18-h8
< 11.2.7-h18*
< 10.2.10-h39*
None on AWS, None on Azure
>= 12.1.4-h8, >= 12.1.7-h2, >= 12.1.8
>= 11.2.4-h20, >= 11.2.7-h18, >= 11.2.10-h12, >= 11.2.13
>= 11.1.4-h35, >= 11.1.6-h35, >= 11.1.7-h8, >= 11.1.10-h30, >= 11.1.13-h9, >= 11.1.16
>= 10.2.7-h36, >= 10.2.10-h39, >= 10.2.13-h23, >= 10.2.16-h9, >= 10.2.18-h8
>= 11.2.7-h18*
>= 10.2.10-h39*
2026-07-082026-07-08
6CVE-2026-0286 PAN-OS: Authenticated Command Injection in CLI
Cloud NGFW
PAN-OS 12.1
PAN-OS 11.2
PAN-OS 11.1
PAN-OS 10.2
Prisma Access
None
< 12.1.4-h8, < 12.1.7-h2, < 12.1.8
< 11.2.4-h20, < 11.2.7-h18, < 11.2.10-h11, < 11.2.13
< 11.1.4-h35, < 11.1.6-h35, < 11.1.7-h8, < 11.1.10-h30, < 11.1.13-h9, < 11.1.16
< 10.2.7-h36, < 10.2.10-h39, < 10.2.13-h23, < 10.2.16-h9, < 10.2.18-h8
None
All
>= 12.1.4-h8, >= 12.1.7-h2, >= 12.1.8
>= 11.2.4-h20, >= 11.2.7-h18, >= 11.2.10-h11, >= 11.2.13
>= 11.1.4-h35, >= 11.1.6-h35, >= 11.1.7-h8, >= 11.1.10-h30, >= 11.1.13-h9, >= 11.1.16
>= 10.2.7-h36, >= 10.2.10-h39, >= 10.2.13-h23, >= 10.2.16-h9, >= 10.2.18-h8
All
2026-07-082026-07-08
4.7CVE-2026-0285 PAN-OS: Server-Side Request Forgery Vulnerability in Management Web Interface
Cloud NGFW
PAN-OS 12.1
PAN-OS 11.2
PAN-OS 11.1
PAN-OS 10.2
Prisma Access
None
< 12.1.4-h8, < 12.1.7-h2, < 12.1.8
< 11.2.4-h20, < 11.2.7-h18, < 11.2.10-h11, < 11.2.13
< 11.1.4-h35, < 11.1.6-h35, < 11.1.7-h8, < 11.1.10-h30, < 11.1.13-h9, < 11.1.16
< 10.2.7-h36, < 10.2.10-h39, < 10.2.13-h23, < 10.2.16-h9, < 10.2.18-h8
None
All
>= 12.1.4-h8, >= 12.1.7-h2, >= 12.1.8
>= 11.2.4-h20, >= 11.2.7-h18, >= 11.2.10-h11, >= 11.2.13
>= 11.1.4-h35, >= 11.1.6-h35, >= 11.1.7-h8, >= 11.1.10-h30, >= 11.1.13-h9, >= 11.1.16
>= 10.2.7-h36, >= 10.2.10-h39, >= 10.2.13-h23, >= 10.2.16-h9, >= 10.2.18-h8
All
2026-07-082026-07-08
4.7CVE-2026-0284 PAN-OS: XML Injection Vulnerability in Large Scale VPN (LSVPN)
Cloud NGFW
PAN-OS 12.1
PAN-OS 11.2
PAN-OS 11.1
PAN-OS 10.2
Prisma Access
None
< 12.1.4-h8, < 12.1.7-h2, < 12.1.8
< 11.2.4-h20, < 11.2.7-h18, < 11.2.10-h12, < 11.2.13
< 11.1.4-h35, < 11.1.6-h35, < 11.1.7-h8, < 11.1.10-h30, < 11.1.13-h9, < 11.1.16
< 10.2.7-h36, < 10.2.10-h39, < 10.2.13-h23, < 10.2.16-h9, < 10.2.18-h8
None
All
>= 12.1.4-h8, >= 12.1.7-h2, >= 12.1.8
>= 11.2.4-h20, >= 11.2.7-h18, >= 11.2.10-h12, >= 11.2.13
>= 11.1.4-h35, >= 11.1.6-h35, >= 11.1.7-h8, >= 11.1.10-h30, >= 11.1.13-h9, >= 11.1.16
>= 10.2.7-h36, >= 10.2.10-h39, >= 10.2.13-h23, >= 10.2.16-h9, >= 10.2.18-h8
All
2026-07-082026-07-08
4.5CVE-2026-0283 PAN-OS: Authentication Bypass Vulnerability in Large Scale VPN (LSVPN)
Cloud NGFW
PAN-OS 12.1
PAN-OS 11.2
PAN-OS 11.1
PAN-OS 10.2
Prisma Access
None
< 12.1.4-h8, < 12.1.7-h2, < 12.1.8
< 11.2.4-h20, < 11.2.7-h18, < 11.2.10-h12, < 11.2.13
< 11.1.4-h35, < 11.1.6-h35, < 11.1.7-h8, < 11.1.10-h30, < 11.1.13-h9, < 11.1.16
< 10.2.7-h36, < 10.2.10-h39, < 10.2.13-h23, < 10.2.16-h9, < 10.2.18-h8
None
All
>= 12.1.4-h8, >= 12.1.7-h2, >= 12.1.8
>= 11.2.4-h20, >= 11.2.7-h18, >= 11.2.10-h12, >= 11.2.13
>= 11.1.4-h35, >= 11.1.6-h35, >= 11.1.7-h8, >= 11.1.10-h30, >= 11.1.13-h9, >= 11.1.16
>= 10.2.7-h36, >= 10.2.10-h39, >= 10.2.13-h23, >= 10.2.16-h9, >= 10.2.18-h8
All
2026-07-082026-07-08
2.7CVE-2026-0282 PAN-OS: File Deletion Vulnerability in Management Web Interface
Cloud NGFW
PAN-OS 12.1
PAN-OS 11.2
PAN-OS 11.1
PAN-OS 10.2
Prisma Access
None
< 12.1.8
< 11.2.13
< 11.1.16
All
None
All
>= 12.1.8
>= 11.2.13
>= 11.1.16
None
All
2026-07-082026-07-08
2.1CVE-2026-0281 PAN-OS: Information Disclosure Vulnerability in Management Web Interface
Cloud NGFW
PAN-OS 12.1
PAN-OS 11.2
PAN-OS 11.1
PAN-OS 10.2
Prisma Access
None
< 12.1.8
< 11.2.13
< 11.1.16
All
None
All
>= 12.1.8
>= 11.2.13
>= 11.1.16
None
All
2026-07-082026-07-08
1.7CVE-2026-0280 PAN-OS: IPv6 Firewall Policy Bypass
Cloud NGFW
PAN-OS 12.1
PAN-OS 11.2
PAN-OS 11.1
PAN-OS 10.2
Panorama
Prisma Access 11.2.0
Prisma Access 10.2.0
None
< 12.1.4-h8, < 12.1.7-h2, < 12.1.8
< 11.2.4-h20, < 11.2.7-h18, < 11.2.10-h11, < 11.2.13
< 11.1.4-h35, < 11.1.6-h35, < 11.1.7-h8, < 11.1.10-h30, < 11.1.13-h9, < 11.1.16
< 10.2.7-h36, < 10.2.10-h39, < 10.2.13-h23, < 10.2.16-h9, < 10.2.18-h8
None
< 11.2.7-h18*
< 10.2.10-h39*
All
>= 12.1.4-h8, >= 12.1.7-h2, >= 12.1.8
>= 11.2.4-h20, >= 11.2.7-h18, >= 11.2.10-h11, >= 11.2.13
>= 11.1.4-h35, >= 11.1.6-h35, >= 11.1.7-h8, >= 11.1.10-h30, >= 11.1.13-h9, >= 11.1.16
>= 10.2.7-h36, >= 10.2.10-h39, >= 10.2.13-h23, >= 10.2.16-h9, >= 10.2.18-h8
All
>= 11.2.7-h18*
>= 10.2.10-h39*
2026-07-082026-07-08
1.3CVE-2026-0279 PAN-OS: Multiple Cross-Site Scripting (XSS) Vulnerabilities
Cloud NGFW
PAN-OS 12.1
PAN-OS 11.2
PAN-OS 11.1
PAN-OS 10.2
Prisma Access 12.1
Prisma Access 11.2
Prisma Access 10.2
None
< 12.1.8
< 11.2.13
< 11.1.16
All
< 12.1.8*
All*
All*
All
>= 12.1.8
>= 11.2.13
>= 11.1.16
None
>= 12.1.8*
None*
None*
2026-07-082026-07-08
5.7CVE-2026-0277 Prisma Access Agent: Improper Certificate Validation on iOS
Prisma Access Agent
Prisma Access Agent 0
None on Linux, None on Windows, None on macOS, None on Android, None on ChromeOS
< 26.2.1 on iOS
All on Linux, All on Windows, All on macOS, All on Android, All on ChromeOS
>= 26.2.1 on iOS
2026-07-082026-07-08
1.1CVE-2026-0276 Cortex XDR Broker VM: Privilege Escalation (PE) Vulnerability
Cortex XDR Broker VM 20.0.96
< 31.0.58
>= 31.0.58
2026-07-082026-07-08
7.2PAN-SA-2026-0010 Chromium and Prisma Browser: Monthly Vulnerability Update (July 2026)
Prisma Browser
< 149.10.3.53
>= 150.33.2.46
2026-07-082026-07-08
© 2026 Palo Alto Networks, Inc. All rights reserved.