{"document":{"category":"csaf_vex","csaf_version":"2.1","notes":[{"category":"summary","text":"Palo Alto Networks PSIRT provided VEX document. This document is autogenerated.","title":"Informational Bulletin: OSS CVEs Fixed in PAN-OS"}],"publisher":{"category":"vendor","name":"Palo Alto Networks","namespace":"https://security.paloaltonetworks.com"},"title":"Palo Alto Networks PSIRT provided VEX document: PAN-SA-2026-0005","distribution":{"text":"Copyright © 2024 Palo Alto Networks. All rights reserved.","tlp":{"label":"CLEAR","url":"https://www.first.org/tlp/"}},"tracking":{"current_release_date":"2026-04-08T18:14:04.757Z","generator":{"date":"2026-04-08T18:14:04.757Z","engine":{"name":"Vulnogram","version":"0.1.0-dev"}},"id":"PAN-SA-2026-0005","initial_release_date":"2026-04-08T16:00:00.000Z","revision_history":[{"number":"1","date":"2026-04-08T09:00:00.000Z","summary":"Initial Publication"}],"status":"final","version":"1"}},"product_tree":{"branches":[{"name":"Palo Alto Networks","category":"vendor","branches":[{"name":"PAN-OS","category":"product_name","branches":[{"category":"product_version_range","name":"vers:generic/PAN-OS <11.0.6|<11.1.8|<11.2.3|<11.2.4","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-803"}},{"category":"product_version_range","name":"vers:generic/PAN-OS >=11.0.6|>=11.1.8|>=11.2.3|>=11.2.4","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-804"}},{"category":"product_version_range","name":"vers:generic/PAN-OS <10.1.15|<10.2.15|<11.1.11|<11.2.7","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-805"}},{"category":"product_version_range","name":"vers:generic/PAN-OS >=10.1.15|>=10.2.15|>=11.1.11|>=11.2.7","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-806"}},{"category":"product_version_range","name":"vers:generic/PAN-OS <11.1.14|<11.2.11|<12.1.5","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-807"}},{"category":"product_version_range","name":"vers:generic/PAN-OS >=11.1.14|>=11.2.11|>=12.1.5","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-808"}}]}]}]},"vulnerabilities":[{"cve":"CVE-2022-32149","product_status":{"fixed":["PANW-PAN-OS-804"],"known_affected":["PANW-PAN-OS-803"]},"notes":[{"category":"description","text":"This CVE is fixed in Openconfig plugin PAN-OS 11.0.6, 11.1.8, 11.2.3-h2, 11.2.4 and all later versions of Openconfig plugin PAN-OS"}],"references":[{"category":"external","summary":"NVD - CVE-2022-32149","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-32149"},{"category":"self","summary":"Palo Alto Networks Security Advisory PAN-SA-2026-0005","url":"https://security.paloaltonetworks.com/PAN-SA-2026-0005"}],"threats":[{"category":"impact","description":"This CVE is fixed in Openconfig plugin PAN-OS 11.0.6, 11.1.8, 11.2.3-h2, 11.2.4 and all later versions of Openconfig plugin PAN-OS"}]},{"cve":"CVE-2024-33599","product_status":{"fixed":["PANW-PAN-OS-806"],"known_affected":["PANW-PAN-OS-805"]},"notes":[{"category":"description","text":"This CVE is fixed in PAN-OS versions 10.1.15, 10.2.15, 11.1.11, 11.2.7, and all later versions. "}],"references":[{"category":"external","summary":"NVD - CVE-2024-33599","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-33599"},{"category":"self","summary":"Palo Alto Networks Security Advisory PAN-SA-2026-0005","url":"https://security.paloaltonetworks.com/PAN-SA-2026-0005"}],"threats":[{"category":"impact","description":"This CVE is fixed in PAN-OS versions 10.1.15, 10.2.15, 11.1.11, 11.2.7, and all later versions. "}]},{"cve":"CVE-2024-33600","product_status":{"fixed":["PANW-PAN-OS-806"],"known_affected":["PANW-PAN-OS-805"]},"notes":[{"category":"description","text":"This CVE is fixed in PAN-OS versions 10.1.15, 10.2.15, 11.1.11, 11.2.7, and all later versions. "}],"references":[{"category":"external","summary":"NVD - CVE-2024-33600","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-33600"},{"category":"self","summary":"Palo Alto Networks Security Advisory PAN-SA-2026-0005","url":"https://security.paloaltonetworks.com/PAN-SA-2026-0005"}],"threats":[{"category":"impact","description":"This CVE is fixed in PAN-OS versions 10.1.15, 10.2.15, 11.1.11, 11.2.7, and all later versions. "}]},{"cve":"CVE-2024-33601","product_status":{"fixed":["PANW-PAN-OS-806"],"known_affected":["PANW-PAN-OS-805"]},"notes":[{"category":"description","text":"This CVE is fixed in PAN-OS versions 10.1.15, 10.2.15, 11.1.11, 11.2.7, and all later versions. "}],"references":[{"category":"external","summary":"NVD - CVE-2024-33601","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-33601"},{"category":"self","summary":"Palo Alto Networks Security Advisory PAN-SA-2026-0005","url":"https://security.paloaltonetworks.com/PAN-SA-2026-0005"}],"threats":[{"category":"impact","description":"This CVE is fixed in PAN-OS versions 10.1.15, 10.2.15, 11.1.11, 11.2.7, and all later versions. "}]},{"cve":"CVE-2024-33602","product_status":{"fixed":["PANW-PAN-OS-806"],"known_affected":["PANW-PAN-OS-805"]},"notes":[{"category":"description","text":"This CVE is fixed in PAN-OS versions 10.1.15, 10.2.15, 11.1.11, 11.2.7, and all later versions. "}],"references":[{"category":"external","summary":"NVD - CVE-2024-33602","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-33602"},{"category":"self","summary":"Palo Alto Networks Security Advisory PAN-SA-2026-0005","url":"https://security.paloaltonetworks.com/PAN-SA-2026-0005"}],"threats":[{"category":"impact","description":"This CVE is fixed in PAN-OS versions 10.1.15, 10.2.15, 11.1.11, 11.2.7, and all later versions. "}]},{"cve":"CVE-2025-49844","product_status":{"fixed":["PANW-PAN-OS-808"],"known_affected":["PANW-PAN-OS-807"]},"notes":[{"category":"description","text":"This CVE is fixed in PAN-OS versions 11.1.14, 11.2.11, 12.1.5, and all later versions. "}],"references":[{"category":"external","summary":"NVD - CVE-2025-49844","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-49844"},{"category":"self","summary":"Palo Alto Networks Security Advisory PAN-SA-2026-0005","url":"https://security.paloaltonetworks.com/PAN-SA-2026-0005"}],"threats":[{"category":"impact","description":"This CVE is fixed in PAN-OS versions 11.1.14, 11.2.11, 12.1.5, and all later versions. "}]}]}