Multiple Vulnerabilities in Palo Alto Networks PAN-OS Disclosed

Multiple Vulnerabilities in Palo Alto Networks PAN-OS Disclosed

First seen 9 Jul 2026, 00:48 UTC Security.Paloaltonetworkssecurity.paloaltonetworks.comcwe.mitre.orgcapec.mitre.org 84% similarity 58.5

Article Content

Browse articles
ThreatCluster

Palo Alto Networks disclosed several vulnerabilities in its PAN-OS software, including CVE-2026-0288, a buffer overflow issue that allows unauthenticated attackers to execute arbitrary code or cause denial of service. Other vulnerabilities include CVE-2026-0280, which enables bypassing firewall security policies, and CVE-2026-0281, which allows information disclosure through the management web interface. The vulnerabilities affect various PAN-OS versions and components, including PA-Series and VM-Series firewalls, with some issues requiring user interaction. Palo Alto Networks is set to upgrade all affected customers during scheduled maintenance, and users are advised to restrict access to trusted internal IP addresses to mitigate risks. No active exploitation has been reported for these vulnerabilities.

Key Points: • CVE-2026-0288 allows unauthenticated attackers to exploit buffer overflow vulnerabilities. • CVE-2026-0280 enables bypassing firewall security policies for IPv6 traffic. • Palo Alto Networks will upgrade affected systems during scheduled maintenance.

ThreatCluster AI

Timeline

2026-07-08
CVE-2026-0288 published
Palo Alto Networks disclosed buffer overflow vulnerabilities in PAN-OS affecting User-ID TSA.
Security.Paloaltonetworks
2026-07-09
CVE-2026-0280 and CVE-2026-0281 published
Palo Alto Networks disclosed vulnerabilities allowing firewall policy bypass and information disclosure.
security.paloaltonetworks.com
2026-07-09
CVE-2026-0282 published
A file deletion vulnerability in PAN-OS was disclosed, allowing unauthenticated access to delete files.
security.paloaltonetworks.com

Community

Browse all →