{"document":{"category":"csaf_vex","csaf_version":"2.1","notes":[{"category":"summary","text":"Palo Alto Networks PSIRT provided VEX document. This document is autogenerated.","title":"PAN-OS: IPv6 Firewall Policy Bypass"}],"publisher":{"category":"vendor","name":"Palo Alto Networks","namespace":"https://security.paloaltonetworks.com"},"title":"Palo Alto Networks PSIRT provided VEX document: CVE-2026-0280","distribution":{"text":"Copyright © 2024 Palo Alto Networks. All rights reserved.","tlp":{"label":"CLEAR","url":"https://www.first.org/tlp/"}},"tracking":{"current_release_date":"2026-07-08T20:40:35.874Z","generator":{"date":"2026-07-08T20:40:35.874Z","engine":{"name":"Vulnogram","version":"0.1.0-dev"}},"id":"CVE-2026-0280","initial_release_date":"2026-07-08T16:00:00.000Z","revision_history":[{"number":"1","date":"2026-07-08T09:00:00.000Z","summary":"Initial Publication"}],"status":"final","version":"1"}},"product_tree":{"branches":[{"name":"Palo Alto Networks","category":"vendor","branches":[{"name":"Cloud NGFW","category":"product_name","branches":[{"category":"product_version","name":"Cloud NGFW All","product":{"name":"Palo Alto Networks Cloud NGFW","product_id":"PANW-Cloud-NGFW-1"}}]},{"name":"PAN-OS","category":"product_name","branches":[{"category":"product_version_range","name":"vers:generic/PAN-OS<12.1.8","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-852"}},{"category":"product_version_range","name":"vers:generic/PAN-OS>=12.1.8","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-852"}},{"category":"product_version_range","name":"vers:generic/PAN-OS>=12.1.7-h2","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-855"}},{"category":"product_version_range","name":"vers:generic/PAN-OS>=12.1.4-h8","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-856"}},{"category":"product_version_range","name":"vers:generic/PAN-OS<11.2.13","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-853"}},{"category":"product_version_range","name":"vers:generic/PAN-OS>=11.2.13","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-853"}},{"category":"product_version_range","name":"vers:generic/PAN-OS>=11.2.10-h11","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-857"}},{"category":"product_version_range","name":"vers:generic/PAN-OS>=11.2.7-h18","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-858"}},{"category":"product_version_range","name":"vers:generic/PAN-OS>=11.2.4-h20","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-859"}},{"category":"product_version_range","name":"vers:generic/PAN-OS<11.1.16","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-854"}},{"category":"product_version_range","name":"vers:generic/PAN-OS>=11.1.16","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-854"}},{"category":"product_version_range","name":"vers:generic/PAN-OS>=11.1.13-h9","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-860"}},{"category":"product_version_range","name":"vers:generic/PAN-OS>=11.1.10-h30","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-861"}},{"category":"product_version_range","name":"vers:generic/PAN-OS>=11.1.7-h8","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-862"}},{"category":"product_version_range","name":"vers:generic/PAN-OS>=11.1.6-h35","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-863"}},{"category":"product_version_range","name":"vers:generic/PAN-OS>=11.1.4-h35","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-864"}},{"category":"product_version_range","name":"vers:generic/PAN-OS<10.2.18-h8","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-865"}},{"category":"product_version_range","name":"vers:generic/PAN-OS>=10.2.18-h8","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-865"}},{"category":"product_version_range","name":"vers:generic/PAN-OS>=10.2.16-h9","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-866"}},{"category":"product_version_range","name":"vers:generic/PAN-OS>=10.2.13-h23","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-867"}},{"category":"product_version_range","name":"vers:generic/PAN-OS>=10.2.10-h39","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-868"}},{"category":"product_version_range","name":"vers:generic/PAN-OS>=10.2.7-h36","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-869"}}]},{"name":"Panorama","category":"product_name","branches":[{"category":"product_version","name":"Panorama All","product":{"name":"Palo Alto Networks Panorama","product_id":"PANW-Panorama-1"}}]},{"name":"Prisma Access","category":"product_name","branches":[{"category":"product_version_range","name":"vers:generic/Prisma Access<11.2.7-h18","product":{"name":"Palo Alto Networks Prisma Access","product_id":"PANW-Prisma-Access-54"}},{"category":"product_version_range","name":"vers:generic/Prisma Access>=11.2.7-h18","product":{"name":"Palo Alto Networks Prisma Access","product_id":"PANW-Prisma-Access-54"}},{"category":"product_version_range","name":"vers:generic/Prisma Access<10.2.10-h39","product":{"name":"Palo Alto Networks Prisma Access","product_id":"PANW-Prisma-Access-55"}},{"category":"product_version_range","name":"vers:generic/Prisma Access>=10.2.10-h39","product":{"name":"Palo Alto Networks Prisma Access","product_id":"PANW-Prisma-Access-55"}}]}]}]},"vulnerabilities":[{"cve":"CVE-2026-0280","product_status":{"fixed":["PANW-PAN-OS-852","PANW-PAN-OS-855","PANW-PAN-OS-856","PANW-PAN-OS-853","PANW-PAN-OS-857","PANW-PAN-OS-858","PANW-PAN-OS-859","PANW-PAN-OS-854","PANW-PAN-OS-860","PANW-PAN-OS-861","PANW-PAN-OS-862","PANW-PAN-OS-863","PANW-PAN-OS-864","PANW-PAN-OS-865","PANW-PAN-OS-866","PANW-PAN-OS-867","PANW-PAN-OS-868","PANW-PAN-OS-869","PANW-Prisma-Access-54","PANW-Prisma-Access-55"],"known_affected":["PANW-PAN-OS-852","PANW-PAN-OS-853","PANW-PAN-OS-854","PANW-PAN-OS-865","PANW-Prisma-Access-54","PANW-Prisma-Access-55"],"known_not_affected":["PANW-Cloud-NGFW-1","PANW-Panorama-1"]},"notes":[{"category":"description","text":"An IPv6 packet processing vulnerability in the dataplane of Palo Alto Networks PAN-OS® software enables an unauthenticated attacker to bypass firewall security policy enforcement, allowing network traffic that should be blocked to reach protected services.\n\nCloud NGFW and Panorama are not impacted by this vulnerability.\n"}],"references":[{"category":"external","summary":"NVD - CVE-2026-0280","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-0280"},{"category":"self","summary":"Palo Alto Networks Security Advisory CVE-2026-0280","url":"https://security.paloaltonetworks.com/CVE-2026-0280"}],"threats":[{"category":"impact","description":"An IPv6 packet processing vulnerability in the dataplane of Palo Alto Networks PAN-OS® software enables an unauthenticated attacker to bypass firewall security policy enforcement, allowing network traffic that should be blocked to reach protected services.\n\nCloud NGFW and Panorama are not impacted by this vulnerability.\n"}],"scores":[{"cvss_v4":{"version":"4.0","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","subConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","subIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subAvailabilityImpact":"NONE","Safety":"NOT_DEFINED","Automatable":"YES","Recovery":"NOT_DEFINED","valueDensity":"DIFFUSE","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"AMBER","exploitMaturity":"UNREPORTED","baseSeverity":"MEDIUM","baseScore":6.3,"threatSeverity":"LOW","threatScore":1.7,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/AU:Y/V:D/RE:M/U:Amber"},"products":["PANW-PAN-OS-852","PANW-PAN-OS-853","PANW-PAN-OS-854","PANW-PAN-OS-865","PANW-Prisma-Access-54","PANW-Prisma-Access-55"]}]}]}