366 matches found
VulnCheck KEV: CVE-2026-0257
Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS® software allows the attacker to bypass security restrictions and establish an unauthorized VPN connection. Panorama and Cloud NGFW are not impacted by these issues...
Exploit for CVE-2026-0265
CVE-2026-0265 Vulnerability Assessment Tool Safely detect whe...
Exploit for CVE-2026-0265
CVE-2026-0265 Risk Checker for Palo Alto PAN-OS A Python script...
CVE-2026-0265
An authentication bypass vulnerability in Palo Alto Networks PAN-OS® software enables an unauthenticated attacker with network access to bypass authentication controls when Cloud Authentication Service CAS is enabled. The risk is higher if CAS is enabled on the management interface and lower when...
CVE-2026-0265: Authentication Bypass in Palo Alto Networks PAN-OS
Overview On May 13, 2026, Palo Alto Networks published a security advisory for CVE-2026-0265, a signature verification vulnerability that facilitates authentication bypass on PAN-OS, the operating system that most Palo Alto Networks firewalls run. This vulnerability allows a remote unauthenticate...
EUVD-2026-30107
Multiple command injection vulnerabilities in Palo Alto Networks PAN-OS® software enable an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. To be able to exploit this issue, the user must have access to the PAN-OS CLI or Web UI. The security ri...
EUVD-2026-30108
Multiple denial of service vulnerabilities in Palo Alto Networks PAN-OS® software allow an unauthenticated attacker with network access to cause a denial of service DoS condition by sending specially crafted network traffic. Panorama and Cloud NGFW are not impacted by these vulnerabilities...
EUVD-2026-30103
A stored cross-site scripting XSS vulnerability in Palo Alto Networks PAN-OS® software enables a malicious authenticated administrator to store a JavaScript payload using the web interface. This issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama virtual an...
CVE-2026-0261
Multiple command injection vulnerabilities in Palo Alto Networks PAN-OS® software enable an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. To be able to exploit this issue, the user must have access to the PAN-OS CLI or Web UI. The security ri...
CVE-2026-0262
Multiple denial of service vulnerabilities in Palo Alto Networks PAN-OS® software allow an unauthenticated attacker with network access to cause a denial of service DoS condition by sending specially crafted network traffic. Panorama and Cloud NGFW are not impacted by these vulnerabilities...
CVE-2026-0258
A server-side request forgery SSRF vulnerability in the IKEv2 implementation of Palo Alto Networks PAN-OS® software allows an unauthenticated attacker to cause the firewall to send network requests to unintended destinations or cause a denial of service DoS condition. Panorama, Cloud NGFW and...
CVE-2026-0256
A stored cross-site scripting XSS vulnerability in Palo Alto Networks PAN-OS® software enables a malicious authenticated administrator to store a JavaScript payload using the web interface. This issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama virtual an...
CVE-2026-0256 PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the Web Interface
A stored cross-site scripting XSS vulnerability in Palo Alto Networks PAN-OS® software enables a malicious authenticated administrator to store a JavaScript payload using the web interface. This issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama virtual an...
CVE-2026-0256
A stored cross-site scripting XSS vulnerability in Palo Alto Networks PAN-OS® software enables a malicious authenticated administrator to store a JavaScript payload using the web interface. This issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama virtual an...
CVE-2026-0256
CVE-2026-0256 describes a stored cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software that allows a malicious authenticated administrator to store a JavaScript payload via the web interface. Affected products include PAN-OS on PA-Series and VM-Series firewalls and Panora...
CVE-2026-0256 PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the Web Interface
A stored cross-site scripting XSS vulnerability in Palo Alto Networks PAN-OS® software enables a malicious authenticated administrator to store a JavaScript payload using the web interface. This issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama virtual an...
CVE-2026-0265
An authentication bypass vulnerability in Palo Alto Networks PAN-OS® software enables an unauthenticated attacker with network access to bypass authentication controls when Cloud Authentication Service CAS is enabled. The risk is higher if CAS is enabled on the management interface and lower when...
CVE-2026-0257 PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities
Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS® software allows the attacker to bypass security restrictions and establish an unauthorized VPN connection. Panorama and Cloud NGFW are not impacted by these issues...
CVE-2026-0257 PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities
Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS® software allows the attacker to bypass security restrictions and establish an unauthorized VPN connection. Panorama and Cloud NGFW are not impacted by these issues...
CVE-2026-0257
CVE-2026-0257 affects Palo Alto Networks PAN-OS GlobalProtect Portal and GlobalProtect Gateway (not Panorama/Cloud NGFW). The vulnerability is an authentication bypass (CWE-565) that can allow an unauthenticated attacker to bypass security restrictions and establish an unauthorized VPN connection...