Palo Alto Networks Security Advisories

Palo Alto Networks Security Advisories https://security.paloaltonetworks.com/rss.xmlCVE-2026-0273 PAN-OS: Authenticated Admin Command Injection Vulnerability via CLI or Web UI (Severity: MEDIUM)2026-06-11T01:00:00.000Zhttps://security.paloaltonetworks.com/CVE-2026-0273https://security.paloaltonetworks.com/CVE-2026-0273CVE-2026-0268 Prisma Access Agent: Local Authenticated VPN Enforcement Bypass on Linux (Severity: MEDIUM)2026-06-10T16:00:00.000Zhttps://security.paloaltonetworks.com/CVE-2026-0268https://security.paloaltonetworks.com/CVE-2026-0268CVE-2026-0271 Prisma Access Agent: Local Privilege Escalation by Authorized Users (Severity: MEDIUM)2026-06-10T16:00:00.000Zhttps://security.paloaltonetworks.com/CVE-2026-0271https://security.paloaltonetworks.com/CVE-2026-0271CVE-2026-0274 Cortex XSOAR: Improper Validation of Credentials in CommvaultSecurityIQ integration (Severity: HIGH)2026-06-10T16:00:00.000Zhttps://security.paloaltonetworks.com/CVE-2026-0274https://security.paloaltonetworks.com/CVE-2026-0274CVE-2026-0270 Cortex XSOAR: Path Traversal Vulnerability (Severity: MEDIUM)2026-06-10T16:00:00.000Zhttps://security.paloaltonetworks.com/CVE-2026-0270https://security.paloaltonetworks.com/CVE-2026-0270PAN-SA-2026-0008 Chromium: Monthly Vulnerability Update (June 2026) (Severity: HIGH)2026-06-10T16:00:00.000Zhttps://security.paloaltonetworks.com/PAN-SA-2026-0008https://security.paloaltonetworks.com/PAN-SA-2026-0008CVE-2026-0267 GlobalProtect App: Information Exposure Vulnerability on macOS (Severity: MEDIUM)2026-06-10T16:00:00.000Zhttps://security.paloaltonetworks.com/CVE-2026-0267https://security.paloaltonetworks.com/CVE-2026-0267CVE-2026-0266 PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the Web Interface (Severity: LOW)2026-06-10T16:00:00.000Zhttps://security.paloaltonetworks.com/CVE-2026-0266https://security.paloaltonetworks.com/CVE-2026-0266PAN-SA-2026-0009 Informational Bulletin: Impact assessment of OSS CVEs in Prisma SD-WAN ION (Severity: INFORMATIONAL)2026-06-10T16:00:00.000Zhttps://security.paloaltonetworks.com/PAN-SA-2026-0009https://security.paloaltonetworks.com/PAN-SA-2026-0009CVE-2026-0272 PAN-OS: Privilege Escalation (PE) Vulnerability in the Command Line Interface (CLI) (Severity: MEDIUM)2026-06-10T16:00:00.000Zhttps://security.paloaltonetworks.com/CVE-2026-0272https://security.paloaltonetworks.com/CVE-2026-0272CVE-2026-0269 PAN-OS: Denial of Service (DoS) in Tunnel Traffic Processing (Severity: MEDIUM)2026-06-10T16:00:00.000Zhttps://security.paloaltonetworks.com/CVE-2026-0269https://security.paloaltonetworks.com/CVE-2026-0269CVE-2026-0257 PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities (Severity: HIGH)2026-06-03T05:45:00.000Zhttps://security.paloaltonetworks.com/CVE-2026-0257https://security.paloaltonetworks.com/CVE-2026-0257CVE-2026-0251 GlobalProtect App: Local Privilege Escalation Vulnerabilities (Severity: MEDIUM)2026-06-02T01:15:00.000Zhttps://security.paloaltonetworks.com/CVE-2026-0251https://security.paloaltonetworks.com/CVE-2026-0251CVE-2026-0249 GlobalProtect App: Certificate Validation Bypass Vulnerabilities (Severity: MEDIUM)2026-05-28T23:00:00.000Zhttps://security.paloaltonetworks.com/CVE-2026-0249https://security.paloaltonetworks.com/CVE-2026-0249CVE-2026-0250 GlobalProtect App: Buffer Overflow Vulnerability during connection to Portal or Gateway (Severity: MEDIUM)2026-05-28T23:00:00.000Zhttps://security.paloaltonetworks.com/CVE-2026-0250https://security.paloaltonetworks.com/CVE-2026-0250CVE-2026-0261 PAN-OS: Authenticated Admin Command Injection Vulnerability (Severity: MEDIUM)2026-05-28T21:00:00.000Zhttps://security.paloaltonetworks.com/CVE-2026-0261https://security.paloaltonetworks.com/CVE-2026-0261CVE-2026-0259 WildFire WF-500 and WF-500-B: Arbitrary File Read and Delete Vulnerability in WildFire Appliance (WF-500, WF-500-B) (Severity: MEDIUM)2026-05-28T21:00:00.000Zhttps://security.paloaltonetworks.com/CVE-2026-0259https://security.paloaltonetworks.com/CVE-2026-0259CVE-2026-0258 PAN-OS: Server-Side Request Forgery (SSRF) in IKEv2 Certificate URL Fetching (Severity: MEDIUM)2026-05-28T21:00:00.000Zhttps://security.paloaltonetworks.com/CVE-2026-0258https://security.paloaltonetworks.com/CVE-2026-0258CVE-2026-0262 PAN-OS: Denial of Service Vulnerabilities in Network Traffic Parsing (Severity: MEDIUM)2026-05-28T21:00:00.000Zhttps://security.paloaltonetworks.com/CVE-2026-0262https://security.paloaltonetworks.com/CVE-2026-0262CVE-2026-0263 PAN-OS: Remote Code Execution (RCE) in IKEv2 Processing (Severity: HIGH)2026-05-28T21:00:00.000Zhttps://security.paloaltonetworks.com/CVE-2026-0263https://security.paloaltonetworks.com/CVE-2026-0263CVE-2026-0256 PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the Web Interface (Severity: MEDIUM)2026-05-28T21:00:00.000Zhttps://security.paloaltonetworks.com/CVE-2026-0256https://security.paloaltonetworks.com/CVE-2026-0256CVE-2026-0265 PAN-OS: Authentication Bypass with Cloud Authentication Service (CAS) enabled (Severity: HIGH)2026-05-28T21:00:00.000Zhttps://security.paloaltonetworks.com/CVE-2026-0265https://security.paloaltonetworks.com/CVE-2026-0265CVE-2026-0264 PAN-OS: Heap-Based Buffer Overflow in DNS Proxy and DNS Server Allows Unauthenticated Remote Code Execution (Severity: HIGH)2026-05-28T21:00:00.000Zhttps://security.paloaltonetworks.com/CVE-2026-0264https://security.paloaltonetworks.com/CVE-2026-0264CVE-2026-0300 PAN-OS: Unauthenticated user initiated Buffer Overflow Vulnerability in User-ID™ Authentication Portal (Severity: CRITICAL)2026-05-28T00:00:00.000Zhttps://security.paloaltonetworks.com/CVE-2026-0300https://security.paloaltonetworks.com/CVE-2026-0300CVE-2026-0247 Prisma Access Agent Endpoint DLP: Authorization Bypass Vulnerabilities (Severity: MEDIUM)2026-05-13T16:00:00.000Zhttps://security.paloaltonetworks.com/CVE-2026-0247https://security.paloaltonetworks.com/CVE-2026-0247