PAN-SA-2026-0009 Informational Bulletin: Impact assessment of OSS CVEs in Prisma SD-WAN ION
Informational
Description
The Palo Alto Networks Product Security Assurance team has evaluated the following open source software (OSS) CVEs as they relate to Prisma SD-WAN ION. While Prisma SD-WAN ION may include the affected OSS package, Prisma SD-WAN ION does not offer any scenarios required for an attacker to successfully exploit these vulnerabilities and is not impacted.
| CVE | Summary |
|---|---|
| CVE-2026-35385 | Prisma SD-WAN ION is not affected as the conditions required to exploit this vulnerability do not exist in Prisma SD-WAN ION Devices.. |
| CVE-2026-35386 | Prisma SD-WAN ION is not affected as the conditions required to exploit this vulnerability do not exist in Prisma SD-WAN ION Devices.. |
| CVE-2026-35388 | Prisma SD-WAN ION is not affected as the conditions required to exploit this vulnerability do not exist in Prisma SD-WAN ION Devices.. |
| CVE-2026-35387 | Prisma SD-WAN ION is not affected as the conditions required to exploit this vulnerability do not exist in Prisma SD-WAN ION Devices. |
| CVE-2026-35414 | Prisma SD-WAN ION is not affected as the conditions required to exploit this vulnerability do not exist in Prisma SD-WAN ION Devices.. |
Product Status
| Versions | Affected | Unaffected |
|---|---|---|
| Prisma SD-WAN ION | None | All |
Exploitation Status
Palo Alto Networks is not aware of any malicious exploitation of these issues in Prisma SD-WAN ION.
Solution
No software updates are required at this time.
CPE Applicability
Timeline
Initial Publication.