The Palo Alto Networkswatch hub is a vendor-specific view inside ITECS MSP Threat Radar. We pull the latest security advisories, incidents, and known-exploited CVEs directly from the official feeds below, score each one for MSP relevance, and surface what's most likely to need attention this week.
Confirm whether recent Palo Alto Networks activity overlaps with your environment.
Prioritize advisories by MSP-relevance score, severity, and status.
Turn the signal into an assessment, briefing, or managed-service engagement with ITECS.
At a glance
Tracked
49
Active
30
Featured
33
Unique CVEs
11
Most recent entry
May 6, 2026, 2:16 PM
Feed refreshes daily · 5:15 a.m. Central
Sources·Palo Alto Networks security advisories JSON, CISA KEV, and NVD
"Most recent entry" is the newest item the upstream feed has published — not our sync time.
Watch items
Recent Palo Alto Networks watch items
Showing the 20 most recent items, newest first. Each row links to the official advisory.
20 rows · sorted newest first
Operations view
pan-os vulnerability (CVE-2026-0300)
CRITICAL
activeCISA KEVCVE-2026-0300
A buffer overflow vulnerability in the User-ID™ Authentication Portal (aka Captive Portal) service of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets.
The risk of this issue is greatly reduced if you secure access to the User-ID™ Authentication Portal per the best practice guidelines https://knowledgebase.paloaltonetworks.com/KCSArticleDetail by restricting access to only trusted internal IP addresses.
Prisma Access, Cloud NGFW and Panorama appliances are not impacted by this vulnerability.
Cortex XSOAR: Improper Verification of Cryptographic Signature in Microsoft Teams integration (CVE-2026-0234)
critical
activeVendor advisoryCVE-2026-0234
An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR and Cortex XSIAM platforms during integration of Microsoft Teams that enables an unauthenticated user to access and modify protected resources.
Autonomous Digital Experience Manager: Improper validation of ADEM certificate (CVE-2026-0233)
high
activeVendor advisoryCVE-2026-0233
A certificate validation vulnerability in Palo Alto Networks Autonomous Digital Experience Manager on Windows allows an unauthenticated attacker with adjacent network access to execute arbitrary code with NT AUTHORITY\SYSTEM privileges.
Palo Alto Networks incorporated the following Chromium security fixes into our products:
* https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_28.html
Cortex XDR Agent: Local Administrator can disable the agent on Windows (CVE-2026-0232)
medium
watchVendor advisoryCVE-2026-0232
A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows allows a local Windows administrator to disable the agent. This issue may be leveraged by malware to perform malicious activity without detection.
Informational Bulletin: Precautionary Fixes for Non-Exploitable OSS CVEs in PAN-OS (PAN-SA-2026-0005)
informational
watchVendor advisory
The Palo Alto Networks Product Security Assurance team has evaluated the following open source software (OSS) CVEs as they relate to PAN-OS. These CVEs were determined to have no impact on PAN-OS, but they have been fixed out of an abundance of caution.
Informational Bulletin: Impact assessment of OSS CVEs in PAN-OS (PAN-SA-2026-0006)
informational
watchVendor advisory
The Palo Alto Networks Product Security Assurance team has evaluated the following open source software (OSS) CVEs as they relate to PAN-OS software. While PAN-OS software may include the affected OSS package, PAN-OS does not offer any scenarios required for an attacker to successfully exploit these vulnerabilities and is not impacted.
Cortex XDR Broker VM: Sensitive Information Disclosure Vulnerability (CVE-2026-0231)
high
activeVendor advisoryCVE-2026-0231
An information disclosure vulnerability in Palo Alto Networks Cortex XDR® Broker VM allows an authenticated user to obtain and modify sensitive information by triggering live terminal session via Cortex UI and modifying any configuration setting.
The attacker must have network access to the Broker VM to exploit this issue.
Palo Alto Networks incorporated the following Chromium security fixes into our products:
* https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_28.html
Cortex XDR Agent: Local Administrator can disable the agent on macOS (CVE-2026-0230)
medium
watchVendor advisoryCVE-2026-0230
A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on macOS allows a local administrator to disable the agent. This issue could be leveraged by malware to perform malicious activity without detection.
Palo Alto Networks incorporated the following Chromium security fixes into our products:
* https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_28.html
PAN-OS: Denial of Service in Advanced DNS Security Feature (CVE-2026-0229)
high
activeVendor advisoryCVE-2026-0229
A denial-of-service (DoS) vulnerability in the Advanced DNS Security (ADNS) feature of Palo Alto Networks PAN-OS® software enables an unauthenticated attacker to initiate system reboots using a maliciously crafted packet. Repeated attempts to initiate a reboot causes the firewall to enter maintenance mode.
Panorama, Cloud NGFW, and Prisma Access® are not impacted by this vulnerability.
PAN-OS: Improper Validation of Terminal Server Agent Certificate (CVE-2026-0228)
medium
watchVendor advisoryCVE-2026-0228
An improper certificate validation vulnerability in PAN-OS allows users to connect Terminal Server Agents on Windows to PAN-OS using expired certificates even if the PAN-OS configuration would not normally permit them to do so.
Palo Alto Networks incorporated the following Chromium security fixes into our products:
* https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_28.html
PAN-OS: Firewall Denial of Service (DoS) in GlobalProtect Gateway and Portal (CVE-2026-0227)
high
activeVendor advisoryCVE-2026-0227
A vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to cause a denial of service (DoS) to the firewall. Repeated attempts to trigger this issue results in the firewall entering into maintenance mode.
PAN-OS: Firewall Denial of Service (DoS) Using Specially Crafted Packets (CVE-2025-4619)
high
activeVendor advisoryCVE-2025-4619
A denial-of-service (DoS) vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to reboot a firewall by sending a specially crafted packet through the dataplane. Repeated attempts to initiate a reboot causes the firewall to enter maintenance mode.
This issue is applicable to the PAN-OS software versions listed below on PA-Series firewalls, VM-Series firewalls, and Prisma® Access software. This issue does not affect Cloud NGFW.
We have successfully completed the Prisma Access upgrade for all customers, with the exception of those facing issues such as conflicting maintenance windows. Remaining customers will be promptly scheduled for an upgrade through our standard upgrade process.
Chromium and Prisma Browser: Monthly Vulnerability Update (November 2025) (PAN-SA-2025-0018)
high
activeVendor advisory
Palo Alto Networks incorporated the following Chromium security fixes into our products:
* https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_28.html
Informational Bulletin: Impact of OSS CVEs in Prisma SD-WAN ION (PAN-SA-2025-0017)
informational
watchVendor advisory
The Palo Alto Networks Product Security Assurance team has evaluated the following open source software (OSS) CVEs as they relate to Prisma SD-WAN ION. While Prisma SD-WAN ION may include the affected OSS package, Prisma SD-WAN ION does not offer any scenarios required for an attacker to successfully exploit these vulnerabilities and is not impacted.
PAN-OS: Improper Neutralization of Input in the Management Web Interface (CVE-2025-4615)
medium
watchVendor advisoryCVE-2025-4615
An improper input neutralization vulnerability in the management web interface of the Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and execute arbitrary commands.
The security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators.
Cloud NGFW and Prisma® Access are not affected by this vulnerability.
A buffer overflow vulnerability in the User-ID™ Authentication Portal (aka Captive Portal) service of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets.
The risk of this issue is greatly reduced if you secure access to the User-ID™ Authentication Portal per the best practice guidelines https://knowledgebase.paloaltonetworks.com/KCSArticleDetail by restricting access to only trusted internal IP addresses.
Prisma Access, Cloud NGFW and Panorama appliances are not impacted by this vulnerability.
pan-os
CRITICALCVE-2026-0300
Critical
Priority score blends severity, KEV, recency, source signal, and EPSS where available. 5.3% EPSS.
Cortex XSOAR: Improper Verification of Cryptographic Signature in Microsoft Teams integration (CVE-2026-0234)
An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR and Cortex XSIAM platforms during integration of Microsoft Teams that enables an unauthenticated user to access and modify protected resources.
Cortex XSOAR Microsoft Teams Marketplace
criticalCVE-2026-0234
High
Priority score blends severity, KEV, recency, source signal, and EPSS where available. 0.0% EPSS.
Autonomous Digital Experience Manager: Improper validation of ADEM certificate (CVE-2026-0233)
A certificate validation vulnerability in Palo Alto Networks Autonomous Digital Experience Manager on Windows allows an unauthenticated attacker with adjacent network access to execute arbitrary code with NT AUTHORITY\SYSTEM privileges.
Autonomous Digital Experience Manager
highCVE-2026-0233
High
Priority score blends severity, KEV, recency, source signal, and EPSS where available. 0.0% EPSS.
Palo Alto Networks incorporated the following Chromium security fixes into our products:
* https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_28.html
Prisma Browser
high
High
Priority score blends severity, KEV, recency, source signal, and EPSS where available. No EPSS.
Cortex XDR Agent: Local Administrator can disable the agent on Windows (CVE-2026-0232)
A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows allows a local Windows administrator to disable the agent. This issue may be leveraged by malware to perform malicious activity without detection.
Cortex XDR Agent
mediumCVE-2026-0232
Watch
Priority score blends severity, KEV, recency, source signal, and EPSS where available. 0.0% EPSS.
Informational Bulletin: Precautionary Fixes for Non-Exploitable OSS CVEs in PAN-OS (PAN-SA-2026-0005)
The Palo Alto Networks Product Security Assurance team has evaluated the following open source software (OSS) CVEs as they relate to PAN-OS. These CVEs were determined to have no impact on PAN-OS, but they have been fixed out of an abundance of caution.
PAN-OS
informational
Watch
Priority score blends severity, KEV, recency, source signal, and EPSS where available. No EPSS.
Informational Bulletin: Impact assessment of OSS CVEs in PAN-OS (PAN-SA-2026-0006)
The Palo Alto Networks Product Security Assurance team has evaluated the following open source software (OSS) CVEs as they relate to PAN-OS software. While PAN-OS software may include the affected OSS package, PAN-OS does not offer any scenarios required for an attacker to successfully exploit these vulnerabilities and is not impacted.
PAN-OS
informational
Watch
Priority score blends severity, KEV, recency, source signal, and EPSS where available. No EPSS.
Cortex XDR Broker VM: Sensitive Information Disclosure Vulnerability (CVE-2026-0231)
An information disclosure vulnerability in Palo Alto Networks Cortex XDR® Broker VM allows an authenticated user to obtain and modify sensitive information by triggering live terminal session via Cortex UI and modifying any configuration setting.
The attacker must have network access to the Broker VM to exploit this issue.
Cortex XDR Broker VM
highCVE-2026-0231
High
Priority score blends severity, KEV, recency, source signal, and EPSS where available. 0.0% EPSS.
Palo Alto Networks incorporated the following Chromium security fixes into our products:
* https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_28.html
Prisma Browser
high
High
Priority score blends severity, KEV, recency, source signal, and EPSS where available. No EPSS.
Cortex XDR Agent: Local Administrator can disable the agent on macOS (CVE-2026-0230)
A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on macOS allows a local administrator to disable the agent. This issue could be leveraged by malware to perform malicious activity without detection.
Cortex XDR Agent
mediumCVE-2026-0230
Watch
Priority score blends severity, KEV, recency, source signal, and EPSS where available. 0.0% EPSS.
Palo Alto Networks incorporated the following Chromium security fixes into our products:
* https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_28.html
Prisma Browser
critical
High
Priority score blends severity, KEV, recency, source signal, and EPSS where available. No EPSS.
PAN-OS: Denial of Service in Advanced DNS Security Feature (CVE-2026-0229)
A denial-of-service (DoS) vulnerability in the Advanced DNS Security (ADNS) feature of Palo Alto Networks PAN-OS® software enables an unauthenticated attacker to initiate system reboots using a maliciously crafted packet. Repeated attempts to initiate a reboot causes the firewall to enter maintenance mode.
Panorama, Cloud NGFW, and Prisma Access® are not impacted by this vulnerability.
Cloud NGFW
highCVE-2026-0229
High
Priority score blends severity, KEV, recency, source signal, and EPSS where available. 0.0% EPSS.
PAN-OS: Improper Validation of Terminal Server Agent Certificate (CVE-2026-0228)
An improper certificate validation vulnerability in PAN-OS allows users to connect Terminal Server Agents on Windows to PAN-OS using expired certificates even if the PAN-OS configuration would not normally permit them to do so.
Cloud NGFW
mediumCVE-2026-0228
Watch
Priority score blends severity, KEV, recency, source signal, and EPSS where available. 0.0% EPSS.
Palo Alto Networks incorporated the following Chromium security fixes into our products:
* https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_28.html
Prisma Browser
high
High
Priority score blends severity, KEV, recency, source signal, and EPSS where available. No EPSS.
PAN-OS: Firewall Denial of Service (DoS) in GlobalProtect Gateway and Portal (CVE-2026-0227)
A vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to cause a denial of service (DoS) to the firewall. Repeated attempts to trigger this issue results in the firewall entering into maintenance mode.
Cloud NGFW
highCVE-2026-0227
High
Priority score blends severity, KEV, recency, source signal, and EPSS where available. 0.0% EPSS.
PAN-OS: Firewall Denial of Service (DoS) Using Specially Crafted Packets (CVE-2025-4619)
A denial-of-service (DoS) vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to reboot a firewall by sending a specially crafted packet through the dataplane. Repeated attempts to initiate a reboot causes the firewall to enter maintenance mode.
This issue is applicable to the PAN-OS software versions listed below on PA-Series firewalls, VM-Series firewalls, and Prisma® Access software. This issue does not affect Cloud NGFW.
We have successfully completed the Prisma Access upgrade for all customers, with the exception of those facing issues such as conflicting maintenance windows. Remaining customers will be promptly scheduled for an upgrade through our standard upgrade process.
Cloud NGFW
highCVE-2025-4619
High
Priority score blends severity, KEV, recency, source signal, and EPSS where available. 0.1% EPSS.
Chromium and Prisma Browser: Monthly Vulnerability Update (November 2025) (PAN-SA-2025-0018)
Palo Alto Networks incorporated the following Chromium security fixes into our products:
* https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_28.html
Prisma Browser
high
High
Priority score blends severity, KEV, recency, source signal, and EPSS where available. No EPSS.
Informational Bulletin: Impact of OSS CVEs in Prisma SD-WAN ION (PAN-SA-2025-0017)
The Palo Alto Networks Product Security Assurance team has evaluated the following open source software (OSS) CVEs as they relate to Prisma SD-WAN ION. While Prisma SD-WAN ION may include the affected OSS package, Prisma SD-WAN ION does not offer any scenarios required for an attacker to successfully exploit these vulnerabilities and is not impacted.
Prisma SD-WAN ION
informational
Watch
Priority score blends severity, KEV, recency, source signal, and EPSS where available. No EPSS.
PAN-OS: Improper Neutralization of Input in the Management Web Interface (CVE-2025-4615)
An improper input neutralization vulnerability in the management web interface of the Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and execute arbitrary commands.
The security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators.
Cloud NGFW and Prisma® Access are not affected by this vulnerability.
Cloud NGFW
mediumCVE-2025-4615
Watch
Priority score blends severity, KEV, recency, source signal, and EPSS where available. 0.1% EPSS.
It is the Palo Alto Networks-specific view inside ITECS Threat Radar, built to track recent advisories, incidents, and watch items that may affect Dallas-area business operations.
How should teams use the Palo Alto Networks watch page?
Use it to confirm whether current Palo Alto Networks issues overlap with your environment, prioritize remediation, and decide whether you need an assessment, managed security follow-through, or vendor-specific hardening work.
Can ITECS help respond to Palo Alto Networks security issues?
Yes. ITECS can help map Palo Alto Networks advisories against your systems, validate affected services, prioritize remediation, and connect the issue to broader managed cybersecurity or managed IT workflows.
