Security.Paloaltonetworks
Critical Buffer Overflow Vulnerabilities in PAN-OS Affecting Firewalls
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
Palo Alto Networks disclosed two critical buffer overflow vulnerabilities in PAN-OS on May 13, 2026. CVE-2026-0264 allows unauthenticated attackers to cause a denial of service or execute arbitrary code on PA-Series hardware. CVE-2026-0263 also enables remote code execution with elevated privileges via IKEv2 processing. Both vulnerabilities require specific configurations to be exploitable, including enabled DNS Proxy or IKEv2 VPN tunnels with Post Quantum Cryptography. The risk is highest for PA-Series hardware, while Panorama, Cloud NGFW, and Prisma Access are unaffected. Palo Alto Networks has not reported any known exploitation of these vulnerabilities. Users are advised to upgrade to the latest PAN-OS versions to mitigate risks.
Key Points: • CVE-2026-0264 allows DoS or arbitrary code execution on PA-Series hardware. • CVE-2026-0263 enables remote code execution via IKEv2 processing. • Both vulnerabilities are not exploitable on Panorama, Cloud NGFW, or Prisma Access.