Palo Alto Networks PAN-OS 10.2.x / 11.1.x / 11.2.x / 12.1.x Vulnerability

🗓️ 10 Jun 2026 00:00:00Reported by TenableType

PAN-OS versions 10.2, 11.1, 11.2, and 12.1 allow reboot via a crafted packet, triggering maintenance mode.

Reporter	Title	Published	Views	Family All 8
Circl	CVE-2026-0269	10 Jun 202619:03	–	circl
CNNVD	Palo Alto Networks PAN-OS 代码问题漏洞	10 Jun 202600:00	–	cnnvd
CVE	CVE-2026-0269	10 Jun 202620:54	–	cve
Cvelist	CVE-2026-0269 PAN-OS: Denial of Service (DoS) in Tunnel Traffic Processing	10 Jun 202620:54	–	cvelist
EUVD	EUVD-2026-36145	11 Jun 202600:32	–	euvd
NVD	CVE-2026-0269	10 Jun 202622:16	–	nvd
Positive Technologies	PT-2026-48486	10 Jun 202600:00	–	ptsecurity
Vulnrichment	CVE-2026-0269 PAN-OS: Denial of Service (DoS) in Tunnel Traffic Processing	10 Jun 202620:54	–	vulnrichment

Source	Link
security	www.security.paloaltonetworks.com/CVE-2026-0269
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(320381);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/06/12");

  script_cve_id("CVE-2026-0269");
  script_xref(name:"IAVA", value:"2026-A-0592");

  script_name(english:"Palo Alto Networks PAN-OS 10.2.x / 11.1.x / 11.2.x / 12.1.x Vulnerability");

  script_set_attribute(attribute:"synopsis", value:
"The remote PAN-OS host is affected by a vulnerability");
  script_set_attribute(attribute:"description", value:
"The version of Palo Alto Networks PAN-OS running on the remote host is a vulnerable version of 10.2.x, 11.1.x, 11.2.x,
or 12.1.x. It is, therefore, affected by a vulnerability.

    A memory corruption vulnerability in the processing of tunnel traffic in Palo Alto Networks PAN-OS
    software allows an authenticated user to initiate system reboots using a maliciously crafted packet.
    Repeated attempts to initiate a reboot causes the firewall to enter maintenance mode.

    Panorama, Cloud NGFW, and Prisma Access are not impacted by this vulnerability.

Tenable has extracted the preceding description block directly from the PAN-OS security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://security.paloaltonetworks.com/CVE-2026-0269");
  script_set_attribute(attribute:"solution", value:
"Upgrade to a fixed version");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss4_vector", value:"CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N");
  script_set_attribute(attribute:"cvss4_supplemental", value:"CVSS:4.0/AU:N/R:A/V:D/RE:M/U:Amber");
  script_set_attribute(attribute:"cvss4_threat_vector", value:"CVSS:4.0/E:U");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2026-0269");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(754);

  script_set_attribute(attribute:"vuln_publication_date", value:"2026/06/10");
  script_set_attribute(attribute:"patch_publication_date", value:"2026/06/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/06/10");

  script_set_attribute(attribute:"potential_vulnerability", value:"true");
  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:paloaltonetworks:pan-os");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Palo Alto Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("palo_alto_version.nbin");
  script_require_keys("Host/Palo_Alto/Firewall/Version", "Host/Palo_Alto/Firewall/Full_Version", "Host/Palo_Alto/Firewall/Source", "Settings/ParanoidReport");

  exit(0);
}

include('vcf.inc');
include('vcf_extras.inc');

vcf::palo_alto::initialize();

var app_name = 'Palo Alto Networks PAN-OS';

var app_info = vcf::get_app_info(app:app_name, kb_ver:'Host/Palo_Alto/Firewall/Full_Version', kb_source:'Host/Palo_Alto/Firewall/Source');

if (report_paranoia < 2) audit(AUDIT_PARANOID);

var constraints = [
  { 'min_version' : '10.2.7', 'fixed_version' : '10.2.7-h34' },
  { 'min_version' : '10.2.10', 'fixed_version' : '10.2.10-h36' },
  { 'min_version' : '10.2.13', 'fixed_version' : '10.2.13-h21' },
  { 'min_version' : '10.2.16', 'fixed_version' : '10.2.16-h6', 'fixed_display' : '10.2.16-h6 / 10.2.18' },
  { 'min_version' : '11.1.4', 'fixed_version' : '11.1.4-h33' },
  { 'min_version' : '11.1.6', 'fixed_version' : '11.1.6-h21' },
  { 'min_version' : '11.1.10', 'fixed_version' : '11.1.10-h7', 'fixed_display' : '11.1.10-h7 / 11.1.12' },
  { 'min_version' : '11.2.4', 'fixed_version' : '11.2.4-h17' },
  { 'min_version' : '11.2.7', 'fixed_version' : '11.2.7-h4', 'fixed_display' : '11.2.7-h4 / 11.2.10' },
  { 'min_version' : '12.1.4', 'fixed_version' : '12.1.4-h5', 'fixed_display' : '12.1.4-h5 / 12.1.5' }
];

vcf::check_version_and_report(
    app_info:app_info,
    constraints:constraints,
    severity:SECURITY_HOLE
);

12 Jun 2026 00:00Current

5.5Medium risk

Vulners AI Score5.5

CVSS 46.9

EPSS0.00182

SSVC