PSIRT advisories for PAN-OS, Prisma, Cortex XDR/XSIAM/XSOAR, and adjacent managed security products.
Vendor watch hub
The Palo Alto Networkswatch hub is a vendor-specific view inside ITECS MSP Threat Radar. We pull the latest security advisories, incidents, and known-exploited CVEs directly from the official feeds below, score each one for MSP relevance, and surface what's most likely to need attention this week.
At a glance
Tracked
Active
Featured
Unique CVEs
Most recent entry
Apr 8, 2026, 11:00 AM
Feed refreshes daily · 05:15 UTC
Sources·Palo Alto Networks security advisories JSON, CISA KEV, and NVD
"Most recent entry" is the newest item the upstream feed has published — not our sync time.
Watch items
Showing the 20 most recent items, newest first. Each row links to the official advisory.
20 rows · sorted newest first
Operations viewAn improper verification of cryptographic signature vulnerability exists in Cortex XSOAR and Cortex XSIAM platforms during integration of Microsoft Teams that enables an unauthenticated user to access and modify protected resources.
Palo Alto Networks incorporated the following Chromium security fixes into our products: * https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_28.html
A certificate validation vulnerability in Palo Alto Networks Autonomous Digital Experience Manager on Windows allows an unauthenticated attacker with adjacent network access to execute arbitrary code with NT AUTHORITY\SYSTEM privileges.
A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows allows a local Windows administrator to disable the agent. This issue may be leveraged by malware to perform malicious activity without detection.
The Palo Alto Networks Product Security Assurance team has evaluated the following open source software (OSS) CVEs as they relate to PAN-OS software. While PAN-OS software may include the affected OSS package, PAN-OS does not offer any scenarios required for an attacker to successfully exploit these vulnerabilities and is not impacted.
The Palo Alto Networks Product Security Assurance team has evaluated the following open source software (OSS) CVEs as they relate to PAN-OS. These CVEs were determined to have no impact on PAN-OS, but they have been fixed out of an abundance of caution.
Palo Alto Networks incorporated the following Chromium security fixes into our products: * https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_28.html
An information disclosure vulnerability in Palo Alto Networks Cortex XDR® Broker VM allows an authenticated user to obtain and modify sensitive information by triggering live terminal session via Cortex UI and modifying any configuration setting. The attacker must have network access to the Broker VM to exploit this issue.
A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on macOS allows a local administrator to disable the agent. This issue could be leveraged by malware to perform malicious activity without detection.
Palo Alto Networks incorporated the following Chromium security fixes into our products: * https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_28.html
A denial-of-service (DoS) vulnerability in the Advanced DNS Security (ADNS) feature of Palo Alto Networks PAN-OS® software enables an unauthenticated attacker to initiate system reboots using a maliciously crafted packet. Repeated attempts to initiate a reboot causes the firewall to enter maintenance mode. Panorama, Cloud NGFW, and Prisma Access® are not impacted by this vulnerability.
An improper certificate validation vulnerability in PAN-OS allows users to connect Terminal Server Agents on Windows to PAN-OS using expired certificates even if the PAN-OS configuration would not normally permit them to do so.
A vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to cause a denial of service (DoS) to the firewall. Repeated attempts to trigger this issue results in the firewall entering into maintenance mode.
Palo Alto Networks incorporated the following Chromium security fixes into our products: * https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_28.html
A denial-of-service (DoS) vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to reboot a firewall by sending a specially crafted packet through the dataplane. Repeated attempts to initiate a reboot causes the firewall to enter maintenance mode. This issue is applicable to the PAN-OS software versions listed below on PA-Series firewalls, VM-Series firewalls, and Prisma® Access software. This issue does not affect Cloud NGFW. We have successfully completed the Prisma Access upgrade for all customers, with the exception of those facing issues such as conflicting maintenance windows. Remaining customers will be promptly scheduled for an upgrade through our standard upgrade process.
Palo Alto Networks incorporated the following Chromium security fixes into our products: * https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_28.html
The Palo Alto Networks Product Security Assurance team has evaluated the following open source software (OSS) CVEs as they relate to Prisma SD-WAN ION. While Prisma SD-WAN ION may include the affected OSS package, Prisma SD-WAN ION does not offer any scenarios required for an attacker to successfully exploit these vulnerabilities and is not impacted.
Palo Alto Networks incorporated the following Chromium security fixes into our products: * https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_23.html * https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_17.html * https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_9.html
An information disclosure vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to view session tokens of users authenticated to the firewall web UI. This may allow impersonation of users whose session tokens are leaked. The security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators. Cloud NGFW and Prisma® Access are not affected by this vulnerability.
An improper input neutralization vulnerability in the management web interface of the Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and execute arbitrary commands. The security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators. Cloud NGFW and Prisma® Access are not affected by this vulnerability.
| Alert | Exposure | Status | Published | Source |
|---|---|---|---|---|
Cortex XSOAR: Improper Verification of Cryptographic Signature in Microsoft Teams integration (CVE-2026-0234)An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR and Cortex XSIAM platforms during integration of Microsoft Teams that enables an unauthenticated user to access and modify protected resources. Cortex XSOAR Microsoft Teams Marketplace | criticalCVE-2026-0234 Score 80 | active | Apr 8, 2026, 11:00 AM | Vendor advisoryOpen source |
Chromium: Monthly Vulnerability Update (April 2026) (PAN-SA-2026-0004)Palo Alto Networks incorporated the following Chromium security fixes into our products: * https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_28.html Prisma Browser | highPAN-SA-2026-0004 Score 74 | active | Apr 8, 2026, 11:00 AM | Vendor advisoryOpen source |
Autonomous Digital Experience Manager: Improper validation of ADEM certificate (CVE-2026-0233)A certificate validation vulnerability in Palo Alto Networks Autonomous Digital Experience Manager on Windows allows an unauthenticated attacker with adjacent network access to execute arbitrary code with NT AUTHORITY\SYSTEM privileges. Autonomous Digital Experience Manager | highCVE-2026-0233 Score 74 | active | Apr 8, 2026, 11:00 AM | Vendor advisoryOpen source |
Cortex XDR Agent: Local Administrator can disable the agent on Windows (CVE-2026-0232)A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows allows a local Windows administrator to disable the agent. This issue may be leveraged by malware to perform malicious activity without detection. Cortex XDR Agent | mediumCVE-2026-0232 Score 33 | watch | Apr 8, 2026, 11:00 AM | Vendor advisoryOpen source |
Informational Bulletin: Impact assessment of OSS CVEs in PAN-OS (PAN-SA-2026-0006)The Palo Alto Networks Product Security Assurance team has evaluated the following open source software (OSS) CVEs as they relate to PAN-OS software. While PAN-OS software may include the affected OSS package, PAN-OS does not offer any scenarios required for an attacker to successfully exploit these vulnerabilities and is not impacted. PAN-OS | informationalPAN-SA-2026-0006 Score 23 | watch | Apr 8, 2026, 11:00 AM | Vendor advisoryOpen source |
Informational Bulletin: Precautionary Fixes for Non-Exploitable OSS CVEs in PAN-OS (PAN-SA-2026-0005)The Palo Alto Networks Product Security Assurance team has evaluated the following open source software (OSS) CVEs as they relate to PAN-OS. These CVEs were determined to have no impact on PAN-OS, but they have been fixed out of an abundance of caution. PAN-OS | informationalPAN-SA-2026-0005 Score 23 | watch | Apr 8, 2026, 11:00 AM | Vendor advisoryOpen source |
Chromium: Monthly Vulnerability Update (March 2026) (PAN-SA-2026-0003)Palo Alto Networks incorporated the following Chromium security fixes into our products: * https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_28.html Prisma Browser | highPAN-SA-2026-0003 Score 74 | active | Mar 11, 2026, 11:00 AM | Vendor advisoryOpen source |
Cortex XDR Broker VM: Sensitive Information Disclosure Vulnerability (CVE-2026-0231)An information disclosure vulnerability in Palo Alto Networks Cortex XDR® Broker VM allows an authenticated user to obtain and modify sensitive information by triggering live terminal session via Cortex UI and modifying any configuration setting. The attacker must have network access to the Broker VM to exploit this issue. Cortex XDR Broker VM | highCVE-2026-0231 Score 74 | active | Mar 11, 2026, 11:00 AM | Vendor advisoryOpen source |
Cortex XDR Agent: Local Administrator can disable the agent on macOS (CVE-2026-0230)A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on macOS allows a local administrator to disable the agent. This issue could be leveraged by malware to perform malicious activity without detection. Cortex XDR Agent | mediumCVE-2026-0230 Score 33 | watch | Mar 11, 2026, 11:00 AM | Vendor advisoryOpen source |
Chromium: Monthly Vulnerability Update (February 2026) (PAN-SA-2026-0002)Palo Alto Networks incorporated the following Chromium security fixes into our products: * https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_28.html Prisma Browser | criticalPAN-SA-2026-0002 Score 80 | active | Feb 11, 2026, 11:00 AM | Vendor advisoryOpen source |
PAN-OS: Denial of Service in Advanced DNS Security Feature (CVE-2026-0229)A denial-of-service (DoS) vulnerability in the Advanced DNS Security (ADNS) feature of Palo Alto Networks PAN-OS® software enables an unauthenticated attacker to initiate system reboots using a maliciously crafted packet. Repeated attempts to initiate a reboot causes the firewall to enter maintenance mode. Panorama, Cloud NGFW, and Prisma Access® are not impacted by this vulnerability. Cloud NGFW | highCVE-2026-0229 Score 74 | active | Feb 11, 2026, 11:00 AM | Vendor advisoryOpen source |
PAN-OS: Improper Validation of Terminal Server Agent Certificate (CVE-2026-0228)An improper certificate validation vulnerability in PAN-OS allows users to connect Terminal Server Agents on Windows to PAN-OS using expired certificates even if the PAN-OS configuration would not normally permit them to do so. Cloud NGFW | mediumCVE-2026-0228 Score 33 | watch | Feb 11, 2026, 11:00 AM | Vendor advisoryOpen source |
PAN-OS: Firewall Denial of Service (DoS) in GlobalProtect Gateway and Portal (CVE-2026-0227)A vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to cause a denial of service (DoS) to the firewall. Repeated attempts to trigger this issue results in the firewall entering into maintenance mode. Cloud NGFW | highCVE-2026-0227 Score 74 | active | Jan 14, 2026, 11:00 AM | Vendor advisoryOpen source |
Chromium: Monthly Vulnerability Update (January 2026) (PAN-SA-2026-0001)Palo Alto Networks incorporated the following Chromium security fixes into our products: * https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_28.html Prisma Browser | highPAN-SA-2026-0001 Score 74 | active | Jan 14, 2026, 11:00 AM | Vendor advisoryOpen source |
PAN-OS: Firewall Denial of Service (DoS) Using Specially Crafted Packets (CVE-2025-4619)A denial-of-service (DoS) vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to reboot a firewall by sending a specially crafted packet through the dataplane. Repeated attempts to initiate a reboot causes the firewall to enter maintenance mode. This issue is applicable to the PAN-OS software versions listed below on PA-Series firewalls, VM-Series firewalls, and Prisma® Access software. This issue does not affect Cloud NGFW. We have successfully completed the Prisma Access upgrade for all customers, with the exception of those facing issues such as conflicting maintenance windows. Remaining customers will be promptly scheduled for an upgrade through our standard upgrade process. Cloud NGFW | highCVE-2025-4619 Score 74 | active | Nov 12, 2025, 11:00 AM | Vendor advisoryOpen source |
Chromium and Prisma Browser: Monthly Vulnerability Update (November 2025) (PAN-SA-2025-0018)Palo Alto Networks incorporated the following Chromium security fixes into our products: * https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_28.html Prisma Browser | highPAN-SA-2025-0018 Score 74 | active | Nov 12, 2025, 11:00 AM | Vendor advisoryOpen source |
Informational Bulletin: Impact of OSS CVEs in Prisma SD-WAN ION (PAN-SA-2025-0017)The Palo Alto Networks Product Security Assurance team has evaluated the following open source software (OSS) CVEs as they relate to Prisma SD-WAN ION. While Prisma SD-WAN ION may include the affected OSS package, Prisma SD-WAN ION does not offer any scenarios required for an attacker to successfully exploit these vulnerabilities and is not impacted. Prisma SD-WAN ION | informationalPAN-SA-2025-0017 Score 23 | watch | Nov 2, 2025, 11:00 AM | Vendor advisoryOpen source |
Chromium: Monthly Vulnerability Update (October 2025) (PAN-SA-2025-0016)Palo Alto Networks incorporated the following Chromium security fixes into our products: * https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_23.html * https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_17.html * https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_9.html Prisma Browser | highPAN-SA-2025-0016 Score 74 | active | Oct 8, 2025, 11:00 AM | Vendor advisoryOpen source |
PAN-OS: Session Token Disclosure Vulnerability (CVE-2025-4614)An information disclosure vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to view session tokens of users authenticated to the firewall web UI. This may allow impersonation of users whose session tokens are leaked. The security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators. Cloud NGFW and Prisma® Access are not affected by this vulnerability. Cloud NGFW | mediumCVE-2025-4614 Score 33 | watch | Oct 8, 2025, 11:00 AM | Vendor advisoryOpen source |
PAN-OS: Improper Neutralization of Input in the Management Web Interface (CVE-2025-4615)An improper input neutralization vulnerability in the management web interface of the Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and execute arbitrary commands. The security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators. Cloud NGFW and Prisma® Access are not affected by this vulnerability. Cloud NGFW | mediumCVE-2025-4615 Score 33 | watch | Oct 8, 2025, 11:00 AM | Vendor advisoryOpen source |
ITECS response pathways
These pathways connect the vendor watch feed into service-owner resources that already carry commercial authority.
Use the managed firewall services pathway when this vendor alert needs an ITECS-managed response plan.
Connect the vendor watch page to broader managed detection, response, and governance planning.
Translate current watch items into a faster risk snapshot and prioritized remediation plan.
Return to the hub for cross-vendor prioritization, live filtering, and broader MSP threat context.
Vendor watch FAQ
It is the Palo Alto Networks-specific view inside ITECS Threat Radar, built to track recent advisories, incidents, and watch items that may affect Dallas-area business operations.
Use it to confirm whether current Palo Alto Networks issues overlap with your environment, prioritize remediation, and decide whether you need an assessment, managed security follow-through, or vendor-specific hardening work.
Yes. ITECS can help map Palo Alto Networks advisories against your systems, validate affected services, prioritize remediation, and connect the issue to broader managed cybersecurity or managed IT workflows.