Palo Alto Networks Security Advisories

Clear
version
severity
product
Clear
1 - 25 of 175
VersionsAffectedUnaffected
1.1CVE-2026-0266 PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the Web Interface
Cloud NGFW
PAN-OS 12.1
PAN-OS 11.2
PAN-OS 11.1
PAN-OS 10.2
Prisma Access
None
< 12.1.5
< 11.2.11
< 11.1.14
All
None
All
>= 12.1.5
>= 11.2.11
>= 11.1.14
None
All
2026-06-102026-06-10
6.1CVE-2026-0273 PAN-OS: Authenticated Admin Command Injection Vulnerability via CLI or Web UI
Cloud NGFW
PAN-OS 12.1
PAN-OS 11.2
PAN-OS 11.1
PAN-OS 10.2
Prisma Access
None
< 12.1.4-h7, < 12.1.7
< 11.2.4-h18, < 11.2.7-h16, < 11.2.10-h9, < 11.2.12
< 11.1.4-h34, < 11.1.6-h33, < 11.1.7-h7, < 11.1.10-h27, < 11.1.13-h7, < 11.1.15
< 10.2.7-h35, < 10.2.10-h37, < 10.2.13-h22, < 10.2.16-h8, < 10.2.18-h7
None
All
>= 12.1.4-h7, >= 12.1.7
>= 11.2.4-h18, >= 11.2.7-h16, >= 11.2.10-h9, >= 11.2.12
>= 11.1.4-h34, >= 11.1.6-h33, >= 11.1.7-h7, >= 11.1.10-h27, >= 11.1.13-h7, >= 11.1.15
>= 10.2.7-h35, >= 10.2.10-h37, >= 10.2.13-h22, >= 10.2.16-h8, >= 10.2.18-h7
All
2026-06-102026-06-11
4.4CVE-2026-0256 PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the Web Interface
Cloud NGFW
PAN-OS 12.1
PAN-OS 11.2
PAN-OS 11.1
PAN-OS 10.2
Prisma Access
None
< 12.1.4-h5, < 12.1.7
< 11.2.4-h17, < 11.2.7-h13, < 11.2.10-h6, < 11.2.12
< 11.1.4-h33, < 11.1.6-h32, < 11.1.7-h6, < 11.1.10-h25, < 11.1.13-h5, < 11.1.15
< 10.2.7-h34, < 10.2.10-h36, < 10.2.13-h21, < 10.2.16-h7, < 10.2.18-h6
None
All
>= 12.1.4-h5, >= 12.1.7
>= 11.2.4-h17, >= 11.2.7-h13, >= 11.2.10-h6, >= 11.2.12
>= 11.1.4-h33, >= 11.1.6-h32, >= 11.1.7-h6, >= 11.1.10-h25, >= 11.1.13-h5, >= 11.1.15
>= 10.2.7-h34, >= 10.2.10-h36, >= 10.2.13-h21, >= 10.2.16-h7, >= 10.2.18-h6
All
2026-05-132026-05-28
7.2CVE-2026-0265 PAN-OS: Authentication Bypass with Cloud Authentication Service (CAS) enabled
Cloud NGFW
PAN-OS 12.1
PAN-OS 11.2
PAN-OS 11.1
PAN-OS 10.2
Prisma Access
None
< 12.1.4-h5, < 12.1.7
< 11.2.4-h17, < 11.2.7-h13, < 11.2.10-h6, < 11.2.12
< 11.1.4-h33, < 11.1.6-h32, < 11.1.7-h6, < 11.1.10-h25, < 11.1.13-h5, < 11.1.15
< 10.2.7-h34, < 10.2.10-h36, < 10.2.13-h21, < 10.2.16-h7, < 10.2.18-h6
None
All
>= 12.1.4-h5, >= 12.1.7
>= 11.2.4-h17, >= 11.2.7-h13, >= 11.2.10-h6, >= 11.2.12
>= 11.1.4-h33, >= 11.1.6-h32, >= 11.1.7-h6, >= 11.1.10-h25, >= 11.1.13-h5, >= 11.1.15
>= 10.2.7-h34, >= 10.2.10-h36, >= 10.2.13-h21, >= 10.2.16-h7, >= 10.2.18-h6
All
2026-05-132026-05-28
6.1PAN-SA-2026-0007 Chromium and Prisma Browser: Monthly Vulnerability Update (May 2026)
Prisma Browser
< 146.10.7.154
>= 148.6.3.96
2026-05-132026-05-13
6.1CVE-2026-0261 PAN-OS: Authenticated Admin Command Injection Vulnerability
Cloud NGFW
PAN-OS 12.1
PAN-OS 11.2
PAN-OS 11.1
PAN-OS 10.2
Prisma Access
None
< 12.1.4-h5, < 12.1.7
< 11.2.4-h17, < 11.2.7-h13, < 11.2.10-h6, < 11.2.12
< 11.1.4-h33, < 11.1.6-h32, < 11.1.7-h6, < 11.1.10-h25, < 11.1.13-h5, < 11.1.15
< 10.2.7-h34, < 10.2.10-h36, < 10.2.13-h21, < 10.2.16-h7, < 10.2.18-h6
None
All
>= 12.1.4-h5, >= 12.1.7
>= 11.2.4-h17, >= 11.2.7-h13, >= 11.2.10-h6, >= 11.2.12
>= 11.1.4-h33, >= 11.1.6-h32, >= 11.1.7-h6, >= 11.1.10-h25, >= 11.1.13-h5, >= 11.1.15
>= 10.2.7-h34, >= 10.2.10-h36, >= 10.2.13-h21, >= 10.2.16-h7, >= 10.2.18-h6
All
2026-05-132026-05-28
1.1CVE-2025-4614 PAN-OS: Session Token Disclosure Vulnerability
Cloud NGFW
PAN-OS 12.1
PAN-OS 11.2
PAN-OS 11.1
PAN-OS 10.2
Prisma Access
None
None
< 11.2.8
< 11.1.6-h21
< 10.2.17
None
All
All
>= 11.2.8
>= 11.1.6-h21
>= 10.2.17
All
2025-10-082025-10-08
5.4CVE-2025-4615 PAN-OS: Improper Neutralization of Input in the Management Web Interface
Cloud NGFW
PAN-OS 12.1
PAN-OS 11.2
PAN-OS 11.1
PAN-OS 10.2
Prisma Access
None
None
< 11.2.8
< 11.1.4-h27, < 11.1.6-h21, < 11.1.10-h7
< 10.2.17
None
All
All
>= 11.2.8
>= 11.1.4-h27, >= 11.1.6-h21, >= 11.1.10-h7
>= 10.2.17
All
2025-10-082026-04-01
3.3CVE-2025-2182 PAN-OS: Firewall Clusters using the MACsec Protocol Expose the Connectivity Association Key (CAK)
Cloud NGFW
PAN-OS
PAN-OS 11.2
PAN-OS 11.1
PAN-OS 10.2
PAN-OS 10.1
Prisma Access
None
None on devices other than PA-7500
< 11.2.8 on PA-7500
< 11.1.10 on PA-7500
None on PA-7500
None on PA-7500
None
All
All on devices other than PA-7500
>= 11.2.8 on PA-7500
>= 11.1.10 on PA-7500
All on PA-7500
All on PA-7500
All
2025-08-132025-08-13
4.3CVE-2025-2179 GlobalProtect App: Non Admin User Can Disable the GlobalProtect App
GlobalProtect App
GlobalProtect App 6.2
GlobalProtect App 6.1
GlobalProtect App 6.0
GlobalProtect UWP App
None on Android, None on Chrome OS, None on iOS, None on Windows, None on macOS
< 6.2.9 on Linux
All on Linux
All on Linux
None
All on Android, All on Chrome OS, All on iOS, All on Windows, All on macOS
>= 6.2.9 on Linux
None on Linux
None on Linux
All
2025-07-282025-07-28
6.1CVE-2025-4231 PAN-OS: Authenticated Admin Command Injection Vulnerability in the Management Web Interface
Cloud NGFW
PAN-OS 11.2
PAN-OS 11.1
PAN-OS 11.0
PAN-OS 10.2
PAN-OS 10.1
Prisma Access
None
None
None
< 11.0.3
< 10.2.8
All
None
All
All
All
>= 11.0.3
>= 10.2.8
None
All
2025-06-112025-06-11
2.3CVE-2025-4229 PAN-OS: Traffic Information Disclosure Vulnerability
Cloud NGFW
PAN-OS 11.2
PAN-OS 11.1
PAN-OS 10.2
PAN-OS 10.1
Prisma Access
None
< 11.2.7
< 11.1.10
< 10.2.16-h1, < 10.2.17
< 10.1.14-h16
None
All
>= 11.2.7
>= 11.1.10
>= 10.2.16-h1, >= 10.2.17
>= 10.1.14-h16
All
2025-06-112025-06-30
0.3CVE-2025-0138 Prisma Cloud Compute Edition: Insufficient Session Expiration Vulnerability in the Web Interface
Compute in Prisma Cloud Enterprise Edition
Prisma Cloud Compute Edition
None
< 34.01.129
All
>= 34.01.129
2025-05-142025-06-23
1.1CVE-2025-0137 PAN-OS: Improper Neutralization of Input in the Management Web Interface
Cloud NGFW
PAN-OS 11.2
PAN-OS 11.1
PAN-OS 10.2
PAN-OS 10.1
Prisma Access
None
< 11.2.5
< 11.1.6-h14, < 11.1.8
< 10.2.13
< 10.1.14-h14
None
All
>= 11.2.5
>= 11.1.6-h14, >= 11.1.8
>= 10.2.13
>= 10.1.14-h14
All
2025-05-142025-07-11
2CVE-2025-0133 PAN-OS: Reflected Cross-Site Scripting (XSS) Vulnerability in GlobalProtect Gateway and Portal
Cloud NGFW
PAN-OS 11.2
PAN-OS 11.1
PAN-OS 10.2
PAN-OS 10.1
Prisma Access
All
< 11.2.4-h9, < 11.2.7
< 11.1.6-h14, < 11.1.10-h1
< 10.2.16-h1
All
All
None (See Mitigations and Workarounds)
>= 11.2.4-h9, >= 11.2.7
>= 11.1.6-h14, >= 11.1.10-h1
>= 10.2.16-h1
None
None (See Mitigations and Workarounds)
2025-05-142025-07-09
4.6CVE-2025-0130 PAN-OS: Firewall Denial-of-Service (DoS) in the Web-Proxy Feature via a Burst of Maliciously Crafted Packets
Cloud NGFW
PAN-OS 11.2
PAN-OS 11.1
PAN-OS 10.2
PAN-OS 10.1
Prisma Access
None
< 11.2.5
< 11.1.6-h1, < 11.1.7-h2, < 11.1.8
None
None
None
All
>= 11.2.5
>= 11.1.6-h1, >= 11.1.7-h2, >= 11.1.8
All
All
All
2025-05-142025-05-14
5.6CVE-2025-0126 PAN-OS: Session Fixation Vulnerability in GlobalProtect SAML Login
Cloud NGFW
PAN-OS 11.2
PAN-OS 11.1
PAN-OS 11.0
PAN-OS 10.2
PAN-OS 10.1
Prisma Access
None
< 11.2.3
< 11.1.5
< 11.0.6
< 10.2.4-h25, < 10.2.9-h13, < 10.2.10-h6, < 10.2.11
< 10.1.14-h11
< 10.2.4-h36 on PAN-OS, < 10.2.10-h16 on PAN-OS, < 11.2.4-h5 on PAN-OS
All
>= 11.2.3
>= 11.1.5
>= 11.0.6
>= 10.2.4-h25, >= 10.2.9-h13, >= 10.2.10-h6, >= 10.2.11
>= 10.1.14-h11
>= 10.2.4-h36 on PAN-OS, >= 10.2.10-h16 on PAN-OS, >= 11.2.4-h5 on PAN-OS
2025-04-092025-04-09
4.4CVE-2025-0125 PAN-OS: Improper Neutralization of Input in the Management Web Interface
Cloud NGFW
PAN-OS 11.2
PAN-OS 11.1
PAN-OS 11.0
PAN-OS 10.2
PAN-OS 10.1
Prisma Access
None
< 11.2.5
< 11.1.5
< 11.0.6
< 10.2.10-h19, < 10.2.11
< 10.1.14-h11
None
All
>= 11.2.5
>= 11.1.5
>= 11.0.6
>= 10.2.10-h19, >= 10.2.11
>= 10.1.14-h11
All
2025-04-092025-06-12
1.9CVE-2025-0123 PAN-OS: Information Disclosure Vulnerability in HTTP/2 Packet Captures
Cloud NGFW
PAN-OS 11.2
PAN-OS 11.1
PAN-OS 10.2
PAN-OS 10.1
Prisma Access
None
< 11.2.6
< 11.1.6-h10, < 11.1.8
< 10.2.10-h21, < 10.2.15
< 10.1.14-h13
None
All
>= 11.2.6
>= 11.1.6-h10, >= 11.1.8
>= 10.2.10-h21, >= 10.2.15
>= 10.1.14-h13
All
2025-04-092025-07-11
2CVE-2025-0124 PAN-OS: Authenticated File Deletion Vulnerability on the Management Web Interface
Cloud NGFW
PAN-OS 11.2
PAN-OS 11.1
PAN-OS 11.0
PAN-OS 10.2
PAN-OS 10.1
Prisma Access
All
< 11.2.1
< 11.1.5
< 11.0.6
< 10.2.10
< 10.1.14-h11
None
None (ETA end of April)
>= 11.2.1
>= 11.1.5
>= 11.0.6
>= 10.2.10
>= 10.1.14-h11
All
2025-04-092025-04-09
2.2CVE-2025-0118 GlobalProtect App: Execution of Unsafe ActiveX Control Vulnerability
GlobalProtect App
GlobalProtect App 6.3
GlobalProtect App 6.2
GlobalProtect App 6.1
GlobalProtect App 6.0
GlobalProtect UWP App
None on macOS, Linux, iOS, Android, Chrome OS
< 6.3.3 on Windows
< 6.2.5 on Windows
< 6.1.6 on Windows
< 6.0.11 on Windows
None
All on macOS, Linux, iOS, Android, Chrome OS
>= 6.3.3 on Windows
>= 6.2.5 on Windows
>= 6.1.6 on Windows
>= 6.0.11 on Windows
All
2025-03-122025-03-12
4.6CVE-2025-0114 PAN-OS: Denial of Service (DoS) in GlobalProtect
Cloud NGFW
PAN-OS 11.2
PAN-OS 11.1
PAN-OS 11.0
PAN-OS 10.2
PAN-OS 10.1
Prisma Access
None
None
None
< 11.0.2
< 10.2.5
< 10.1.14-h11
None
All
All
All
>= 11.0.2
>= 10.2.5
>= 10.1.14-h11
All
2025-03-122025-03-12
4.3CVE-2025-0116 PAN-OS: Firewall Denial of Service (DoS) Using a Specially Crafted LLDP Frame
Cloud NGFW
PAN-OS 11.2
PAN-OS 11.1
PAN-OS 10.2
PAN-OS 10.1
Prisma Access
None
< 11.2.5
< 11.1.4-h17, < 11.1.6-h6, < 11.1.8
< 10.2.10-h17, < 10.2.13-h5, < 10.2.14
< 10.1.14-h11
None
All
>= 11.2.5
>= 11.1.4-h17, >= 11.1.6-h6, >= 11.1.8
>= 10.2.10-h17, >= 10.2.13-h5, >= 10.2.14
>= 10.1.14-h11
All
2025-03-122025-04-04
4.3CVE-2025-0115 PAN-OS: Authenticated Admin File Read Vulnerability in PAN-OS CLI
Cloud NGFW
PAN-OS 11.2
PAN-OS 11.1
PAN-OS 11.0
PAN-OS 10.2
PAN-OS 10.1
Prisma Access
None
< 11.2.3
< 11.1.4-h17, < 11.1.5
< 11.0.6
< 10.2.10-h18, < 10.2.11
< 10.1.14-h11
None
All
>= 11.2.3
>= 11.1.4-h17, >= 11.1.5
>= 11.0.6
>= 10.2.10-h18, >= 10.2.11
>= 10.1.14-h11
All
2025-03-122025-06-12
8.8CVE-2025-0108 PAN-OS: Authentication Bypass in the Management Web Interface
Cloud NGFW
PAN-OS 11.2
PAN-OS 11.1
PAN-OS 10.2
PAN-OS 10.1
Prisma Access
None
< 11.2.4-h4, < 11.2.5
< 11.1.2-h18, < 11.1.4-h13, < 11.1.6-h1
< 10.2.7-h24, < 10.2.8-h21, < 10.2.9-h21, < 10.2.10-h14, < 10.2.11-h12, < 10.2.12-h6, < 10.2.13-h3
< 10.1.14-h9
None
All
>= 11.2.4-h4, >= 11.2.5
>= 11.1.2-h18, >= 11.1.4-h13, >= 11.1.6-h1
>= 10.2.7-h24, >= 10.2.8-h21, >= 10.2.9-h21, >= 10.2.10-h14, >= 10.2.11-h12, >= 10.2.12-h6, >= 10.2.13-h3
>= 10.1.14-h9
All
2025-02-122025-03-06
1 - 25 of 175 Download
Terms of usePrivacyProduct Security Assurance and Vulnerability Disclosure PolicyReport vulnerabilitiesManage subscriptions
© 2026 Palo Alto Networks, Inc. All rights reserved.