Palo Alto Networks Security Advisories / PAN-SA-2026-0005

PAN-SA-2026-0005 Informational Bulletin: OSS CVEs Fixed in PAN-OS


Informational

JSON CSAF
Published 2026-04-08
Updated 2026-04-08
Discovered externally

Description

The Palo Alto Networks Product Security Assurance team has evaluated the following open source software (OSS) CVEs as they relate to PAN-OS. While it was not determined that these CVEs have any significant impact on PAN-OS, they have been fixed out of an abundance of caution.

CVESummary
CVE-2022-32149This CVE is fixed in Openconfig plugin PAN-OS 11.0.6, 11.1.8, 11.2.3-h2, 11.2.4 and all later versions of Openconfig plugin PAN-OS
CVE-2024-33599This CVE is fixed in PAN-OS versions 10.1.15, 10.2.15, 11.1.11, 11.2.7, and all later versions.
CVE-2024-33600This CVE is fixed in PAN-OS versions 10.1.15, 10.2.15, 11.1.11, 11.2.7, and all later versions.
CVE-2024-33601This CVE is fixed in PAN-OS versions 10.1.15, 10.2.15, 11.1.11, 11.2.7, and all later versions.
CVE-2024-33602This CVE is fixed in PAN-OS versions 10.1.15, 10.2.15, 11.1.11, 11.2.7, and all later versions.
CVE-2025-49844This CVE is fixed in PAN-OS versions 11.1.14, 11.2.11, 12.1.5, and all later versions.

Product Status

VersionsAffectedUnaffected
PAN-OSNoneAll

Required Configuration for Exposure

PAN-OS OpenConfig Plugin is not vulnerable under any configuration.

Exploitation Status

Palo Alto Networks is not aware of any malicious exploitation of this issue.

Solution

The OSS CVEs are fixed in the respective PAN-OS versions.

CPE Applicability

Timeline

Initial Publication
Terms of usePrivacyProduct Security Assurance and Vulnerability Disclosure PolicyReport vulnerabilitiesManage subscriptions
© 2026 Palo Alto Networks, Inc. All rights reserved.