Palo Alto Networks threat watch

PSIRT advisories for PAN-OS, Prisma, Cortex XDR/XSIAM/XSOAR, and adjacent managed security products.

Watch items

Recent Palo Alto Networks watch items

Showing the 20 most recent items, newest first. Each row links to the official advisory.

20 rows · sorted newest first

Operations view

idira secrets manager edge vulnerability (CVE-2026-45177)

CRITICAL
watchNVDCVE-2026-45177

Idira Secrets Manager SaaS Edge versions prior to 1.8 exhibit improper access control within its internal authentication components. A remote, unauthenticated attacker could exploit this by submitting a specially crafted request. Under specific circumstances, this could allow the attacker to manipulate internal validation mechanisms, potentially leading to a bypass of identity verification and the unauthorized acquisition of an access token. CyberArk Security Bulletin: CA26-20

Jun 11, 2026, 2:16 PMOfficial source

Chromium: Monthly Vulnerability Update (June 2026) (PAN-SA-2026-0008)

critical
activeVendor advisory

Palo Alto Networks incorporated the following Chromium security fixes into our products: * https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_28.html

Jun 10, 2026, 11:00 AMOfficial source

Cortex XSOAR: Improper Validation of Credentials in CommvaultSecurityIQ integration (CVE-2026-0274)

critical
activeVendor advisoryCVE-2026-0274

An improper validation of credentials vulnerability in the CommvaultSecurityIQ integration for Cortex XSOAR and Cortex XSIAM allows an unauthenticated attacker to access and modify protected resources.

Jun 10, 2026, 11:00 AMOfficial source

Prisma Access Agent: Local Privilege Escalation by Authorized Users (CVE-2026-0271)

high
activeVendor advisoryCVE-2026-0271

A privilege escalation (PE) vulnerability in the Palo Alto Networks Prisma Access Agent app on Linux devices enables a local user to execute code with elevated privileges. This does not impact Prisma Access Agent on Windows, macOS, iOS, Android, or ChromeOS.

Jun 10, 2026, 11:00 AMOfficial source

PAN-OS: Privilege Escalation (PE) Vulnerability in the Command Line Interface (CLI) (CVE-2026-0272)

high
activeVendor advisoryCVE-2026-0272

A privilege escalation vulnerability in Palo Alto Networks PAN-OS® software allows an authenticated administrator with access to the Command Line Interface (CLI) to perform actions on the device with root privileges. The security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators and by restricting access to the management interface to only trusted internal IP addresses according to our recommended best practice deployment guidelines (https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431). This issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series). Cloud NGFW, and Prisma® Access are not impacted by this vulnerability.

Jun 10, 2026, 11:00 AMOfficial source

Cortex XSOAR: Path Traversal Vulnerability (CVE-2026-0270)

high
activeVendor advisoryCVE-2026-0270

A path traversal vulnerability in Palo Alto Networks Cortex XSOAR engine software running on Linux allows an unauthenticated attacker on an adjacent network, with the ability to intercept and manipulate network response traffic via a man-in-the-middle (MITM) attack, to write arbitrary files to the host.

Jun 10, 2026, 11:00 AMOfficial source

PAN-OS: Authenticated Admin Command Injection Vulnerability via CLI or Web UI (CVE-2026-0273)

high
activeVendor advisoryCVE-2026-0273

A command injection vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. To be able to exploit this issue, the user must have access to the PAN-OS CLI or Web UI. The security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators and by restricting access to the management web interface to only trusted internal IP addresses according to our recommended best practice deployment guidelines (https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431). This issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series). Cloud NGFW and Prisma® Access are not affected by this vulnerability.

Jun 10, 2026, 11:00 AMOfficial source

PAN-OS: Denial of Service (DoS) in Tunnel Traffic Processing (CVE-2026-0269)

medium
watchVendor advisoryCVE-2026-0269

A memory corruption vulnerability in the processing of tunnel traffic in Palo Alto Networks PAN-OS® software allows an authenticated user to initiate system reboots using a maliciously crafted packet. Repeated attempts to initiate a reboot causes the firewall to enter maintenance mode. Panorama, Cloud NGFW, and Prisma® Access are not impacted by this vulnerability.

Jun 10, 2026, 11:00 AMOfficial source

Prisma Access Agent: Local Authenticated VPN Enforcement Bypass on Linux (CVE-2026-0268)

medium
watchVendor advisoryCVE-2026-0268

A security control bypass vulnerability in Prisma Access Agent for Linux allows a local attacker to route network traffic outside the VPN tunnel. This does not impact Prisma Access Agent on Windows, macOS, iOS, Android, or ChromeOS.

Jun 10, 2026, 11:00 AMOfficial source

PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the Web Interface (CVE-2026-0266)

medium
watchVendor advisoryCVE-2026-0266

A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS® software enables a malicious authenticated administrator to store a JavaScript payload using the web interface. This issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series). Cloud NGFW and Prisma® Access are not affected by this vulnerability.

Jun 10, 2026, 11:00 AMOfficial source

GlobalProtect App: Information Exposure Vulnerability on macOS (CVE-2026-0267)

medium
watchVendor advisoryCVE-2026-0267

An information exposure vulnerability in the Palo Alto Networks GlobalProtect app on macOS enables a local user to learn the configured passcodes for disabling, disconnecting, or uninstalling the GlobalProtect app. After the passcode is known, the user can perform these actions even if the GlobalProtect app configuration would not normally permit them to do so.

Jun 10, 2026, 11:00 AMOfficial source

Informational Bulletin: Impact assessment of OSS CVEs in Prisma SD-WAN ION (PAN-SA-2026-0009)

informational
watchVendor advisory

The Palo Alto Networks Product Security Assurance team has evaluated the following open source software (OSS) CVEs as they relate to Prisma SD-WAN ION. While Prisma SD-WAN ION may include the affected OSS package, Prisma SD-WAN ION does not offer any scenarios required for an attacker to successfully exploit these vulnerabilities and is not impacted.

Jun 10, 2026, 11:00 AMOfficial source

Palo Alto Networks PAN-OS Authentication Bypass Vulnerability

critical
activeCISA KEVCVE-2026-0257

Palo Alto Networks PAN-OS contains an authentication bypass vulnerability that allows attackers to bypass security restrictions and establish an unauthorized VPN connection.

May 28, 2026, 7:00 PMOfficial source

PAN-OS: Heap-Based Buffer Overflow in DNS Proxy and DNS Server Allows Unauthenticated Remote Code Execution (CVE-2026-0264)

critical
activeVendor advisoryCVE-2026-0264

A buffer overflow vulnerability in the DNS proxy and DNS Server features of Palo Alto Networks PAN-OS® Software allows an unauthenticated attacker with network access to cause a denial of service (DoS) condition (all PAN-OS platforms except Cloud NGFW and Prisma Access) or potentially execute arbitrary code by sending specially crafted network traffic (PA-Series hardware only). Panorama, Cloud NGFW, and Prisma® Access are not impacted by this vulnerability.

May 13, 2026, 11:00 AMOfficial source

PAN-OS: Remote Code Execution (RCE) in IKEv2 Processing (CVE-2026-0263)

critical
activeVendor advisoryCVE-2026-0263

A buffer overflow vulnerability in the IKEv2 processing of Palo Alto Networks PAN-OS® software allows an unauthenticated network-based attacker to execute arbitrary code with elevated privileges on the firewall, or cause a denial of service (DoS) condition. Panorama, Cloud NGFW, and Prisma® Access are not impacted by these vulnerabilities.

May 13, 2026, 11:00 AMOfficial source

PAN-OS: Authentication Bypass with Cloud Authentication Service (CAS) enabled (CVE-2026-0265)

critical
activeVendor advisoryCVE-2026-0265

An authentication bypass vulnerability in Palo Alto Networks PAN-OS® software enables an unauthenticated attacker with network access to bypass authentication controls when Cloud Authentication Service (CAS) is enabled. The risk is higher if CAS is enabled on the management interface and lower when any other login interfaces are used. The risk of this issue is greatly reduced if you secure access to the management web interface by restricting access to only trusted internal IP addresses according to our recommended best practice deployment guidelines (https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431). This issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series). Cloud NGFW and Prisma Access® are not impacted by this vulnerability.

May 13, 2026, 11:00 AMOfficial source

GlobalProtect App: Buffer Overflow Vulnerability during connection to Portal or Gateway (CVE-2026-0250)

high
activeVendor advisoryCVE-2026-0250

A buffer overflow vulnerability exists in the Palo Alto Networks GlobalProtect™ app that enables a man in the middle attacker to disrupt system processes and potentially execute arbitrary code with SYSTEM privileges. This vulnerability is triggered during the processing of requests and responses exchanged between Portal and Gateway. The GlobalProtect app on iOS is not affected.

May 13, 2026, 11:00 AMOfficial source

PAN-OS: Server-Side Request Forgery (SSRF) in IKEv2 Certificate URL Fetching (CVE-2026-0258)

high
activeVendor advisoryCVE-2026-0258

A server-side request forgery (SSRF) vulnerability in the IKEv2 implementation of Palo Alto Networks PAN-OS® software allows an unauthenticated attacker to cause the firewall to send network requests to unintended destinations or cause a denial of service (DoS) condition. Panorama, Cloud NGFW and Prisma® Access are not impacted by these vulnerabilities.

May 13, 2026, 11:00 AMOfficial source

WildFire WF-500 and WF-500-B: Arbitrary File Read and Delete Vulnerability in WildFire Appliance (WF-500, WF-500-B) (CVE-2026-0259)

high
activeVendor advisoryCVE-2026-0259

An arbitrary File Read and Delete Vulnerability in Palo Alto Networks WildFire® WF-500 and WF-500-B appliances enables users to read sensitive information and delete arbitrary files. This vulnerability affects WF-500 and WF-500-B appliances running in the default non-FIPS configuration mode. The WildFire Appliance (WF-500, WF-500-B) software update is now available to customers that use the WildFire Appliance (WF-500, WF-500-B) for on-premise sandboxing. Please note that customers using the WildFire Public cloud service are NOT impacted by this vulnerability.

May 13, 2026, 11:00 AMOfficial source

GlobalProtect App: Certificate Validation Bypass Vulnerabilities (CVE-2026-0249)

high
activeVendor advisoryCVE-2026-0249

Multiple improper certificate validation vulnerabilities in the Palo Alto Networks GlobalProtect™ app enables an attacker to intercept encrypted communications and potentially compromise the endpoint. This can enable a local non-administrative operating system user or an attacker on the same subnet to redirect traffic to an unauthorized server and facilitate the installation of malicious software. The GlobalProtect app on Linux, Windows, iOS and GlobalProtect UWP app are not affected.

May 13, 2026, 11:00 AMOfficial source

Vendor watch hub

What this page covers

The Palo Alto Networkswatch hub is a vendor-specific view inside ITECS MSP Threat Radar. We pull the latest security advisories, incidents, and known-exploited CVEs directly from the official feeds below, score each one for MSP relevance, and surface what's most likely to need attention this week.

  • Confirm whether recent Palo Alto Networks activity overlaps with your environment.
  • Prioritize advisories by MSP-relevance score, severity, and status.
  • Turn the signal into an assessment, briefing, or managed-service engagement with ITECS.

At a glance

Tracked

96

Active

57

Featured

65

Unique CVEs

18

Most recent entry

Jun 11, 2026, 2:16 PM

Feed refreshes daily · 5:15 a.m. Central

Sources·Palo Alto Networks security advisories JSON, CISA KEV, and NVD

"Most recent entry" is the newest item the upstream feed has published — not our sync time.

Related vendors

Other security vendors in the radar

Vendor watch FAQ

Common questions

What is the Palo Alto Networks threat watch page?

It is the Palo Alto Networks-specific view inside ITECS Threat Radar, built to track recent advisories, incidents, and watch items that may affect Dallas-area business operations.

How should teams use the Palo Alto Networks watch page?

Use it to confirm whether current Palo Alto Networks issues overlap with your environment, prioritize remediation, and decide whether you need an assessment, managed security follow-through, or vendor-specific hardening work.

Can ITECS help respond to Palo Alto Networks security issues?

Yes. ITECS can help map Palo Alto Networks advisories against your systems, validate affected services, prioritize remediation, and connect the issue to broader managed cybersecurity or managed IT workflows.