Idira Secrets Manager SaaS Edge versions prior to 1.8 exhibit improper access control within its internal authentication components. A remote, unauthenticated attacker could exploit this by submitting a specially crafted request. Under specific circumstances, this could allow the attacker to manipulate internal validation mechanisms, potentially leading to a bypass of identity verification and the unauthorized acquisition of an access token. CyberArk Security Bulletin: CA26-20
Palo Alto Networks incorporated the following Chromium security fixes into our products:
* https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_28.html
Cortex XSOAR: Improper Validation of Credentials in CommvaultSecurityIQ integration (CVE-2026-0274)
critical
activeVendor advisoryCVE-2026-0274
An improper validation of credentials vulnerability in the CommvaultSecurityIQ integration for Cortex XSOAR and Cortex XSIAM allows an unauthenticated attacker to access and modify protected resources.
Prisma Access Agent: Local Privilege Escalation by Authorized Users (CVE-2026-0271)
high
activeVendor advisoryCVE-2026-0271
A privilege escalation (PE) vulnerability in the Palo Alto Networks Prisma Access Agent app on Linux devices enables a local user to execute code with elevated privileges.
This does not impact Prisma Access Agent on Windows, macOS, iOS, Android, or ChromeOS.
PAN-OS: Privilege Escalation (PE) Vulnerability in the Command Line Interface (CLI) (CVE-2026-0272)
high
activeVendor advisoryCVE-2026-0272
A privilege escalation vulnerability in Palo Alto Networks PAN-OS® software allows an authenticated administrator with access to the Command Line Interface (CLI) to perform actions on the device with root privileges.
The security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators and by restricting access to the management interface to only trusted internal IP addresses according to our recommended best practice deployment guidelines (https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431).
This issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series).
Cloud NGFW, and Prisma® Access are not impacted by this vulnerability.
A path traversal vulnerability in Palo Alto Networks Cortex XSOAR engine software running on Linux allows an unauthenticated attacker on an adjacent network, with the ability to intercept and manipulate network response traffic via a man-in-the-middle (MITM) attack, to write arbitrary files to the host.
PAN-OS: Authenticated Admin Command Injection Vulnerability via CLI or Web UI (CVE-2026-0273)
high
activeVendor advisoryCVE-2026-0273
A command injection vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. To be able to exploit this issue, the user must have access to the PAN-OS CLI or Web UI.
The security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators and by restricting access to the management web interface to only trusted internal IP addresses according to our recommended best practice deployment guidelines (https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431).
This issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series).
Cloud NGFW and Prisma® Access are not affected by this vulnerability.
PAN-OS: Denial of Service (DoS) in Tunnel Traffic Processing (CVE-2026-0269)
medium
watchVendor advisoryCVE-2026-0269
A memory corruption vulnerability in the processing of tunnel traffic in Palo Alto Networks PAN-OS® software allows an authenticated user to initiate system reboots using a maliciously crafted packet. Repeated attempts to initiate a reboot causes the firewall to enter maintenance mode.
Panorama, Cloud NGFW, and Prisma® Access are not impacted by this vulnerability.
Prisma Access Agent: Local Authenticated VPN Enforcement Bypass on Linux (CVE-2026-0268)
medium
watchVendor advisoryCVE-2026-0268
A security control bypass vulnerability in Prisma Access Agent for Linux allows a local attacker to route network traffic outside the VPN tunnel.
This does not impact Prisma Access Agent on Windows, macOS, iOS, Android, or ChromeOS.
PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the Web Interface (CVE-2026-0266)
medium
watchVendor advisoryCVE-2026-0266
A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS® software enables a malicious authenticated administrator to store a JavaScript payload using the web interface.
This issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series).
Cloud NGFW and Prisma® Access are not affected by this vulnerability.
GlobalProtect App: Information Exposure Vulnerability on macOS (CVE-2026-0267)
medium
watchVendor advisoryCVE-2026-0267
An information exposure vulnerability in the Palo Alto Networks GlobalProtect app on macOS enables a local user to learn the configured passcodes for disabling, disconnecting, or uninstalling the GlobalProtect app. After the passcode is known, the user can perform these actions even if the GlobalProtect app configuration would not normally permit them to do so.
Informational Bulletin: Impact assessment of OSS CVEs in Prisma SD-WAN ION (PAN-SA-2026-0009)
informational
watchVendor advisory
The Palo Alto Networks Product Security Assurance team has evaluated the following open source software (OSS) CVEs as they relate to Prisma SD-WAN ION. While Prisma SD-WAN ION may include the affected OSS package, Prisma SD-WAN ION does not offer any scenarios required for an attacker to successfully exploit these vulnerabilities and is not impacted.
Palo Alto Networks PAN-OS contains an authentication bypass vulnerability that allows attackers to bypass security restrictions and establish an unauthorized VPN connection.
PAN-OS: Heap-Based Buffer Overflow in DNS Proxy and DNS Server Allows Unauthenticated Remote Code Execution (CVE-2026-0264)
critical
activeVendor advisoryCVE-2026-0264
A buffer overflow vulnerability in the DNS proxy and DNS Server features of Palo Alto Networks PAN-OS® Software allows an unauthenticated attacker with network access to cause a denial of service (DoS) condition (all PAN-OS platforms except Cloud NGFW and Prisma Access) or potentially execute arbitrary code by sending specially crafted network traffic (PA-Series hardware only).
Panorama, Cloud NGFW, and Prisma® Access are not impacted by this vulnerability.
PAN-OS: Remote Code Execution (RCE) in IKEv2 Processing (CVE-2026-0263)
critical
activeVendor advisoryCVE-2026-0263
A buffer overflow vulnerability in the IKEv2 processing of Palo Alto Networks PAN-OS® software allows an unauthenticated network-based attacker to execute arbitrary code with elevated privileges on the firewall, or cause a denial of service (DoS) condition.
Panorama, Cloud NGFW, and Prisma® Access are not impacted by these vulnerabilities.
PAN-OS: Authentication Bypass with Cloud Authentication Service (CAS) enabled (CVE-2026-0265)
critical
activeVendor advisoryCVE-2026-0265
An authentication bypass vulnerability in Palo Alto Networks PAN-OS® software enables an unauthenticated attacker with network access to bypass authentication controls when Cloud Authentication Service (CAS) is enabled.
The risk is higher if CAS is enabled on the management interface and lower when any other login interfaces are used.
The risk of this issue is greatly reduced if you secure access to the management web interface by restricting access to only trusted internal IP addresses according to our recommended best practice deployment guidelines (https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431).
This issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series).
Cloud NGFW and Prisma Access® are not impacted by this vulnerability.
GlobalProtect App: Buffer Overflow Vulnerability during connection to Portal or Gateway (CVE-2026-0250)
high
activeVendor advisoryCVE-2026-0250
A buffer overflow vulnerability exists in the Palo Alto Networks GlobalProtect™ app that enables a man in the middle attacker to disrupt system processes and potentially execute arbitrary code with SYSTEM privileges. This vulnerability is triggered during the processing of requests and responses exchanged between Portal and Gateway.
The GlobalProtect app on iOS is not affected.
A server-side request forgery (SSRF) vulnerability in the IKEv2 implementation of Palo Alto Networks PAN-OS® software allows an unauthenticated attacker to cause the firewall to send network requests to unintended destinations or cause a denial of service (DoS) condition.
Panorama, Cloud NGFW and Prisma® Access are not impacted by these vulnerabilities.
WildFire WF-500 and WF-500-B: Arbitrary File Read and Delete Vulnerability in WildFire Appliance (WF-500, WF-500-B) (CVE-2026-0259)
high
activeVendor advisoryCVE-2026-0259
An arbitrary File Read and Delete Vulnerability in Palo Alto Networks WildFire® WF-500 and WF-500-B appliances enables users to read sensitive information and delete arbitrary files. This vulnerability affects WF-500 and WF-500-B appliances running in the default non-FIPS configuration mode.
The WildFire Appliance (WF-500, WF-500-B) software update is now available to customers that use the WildFire Appliance (WF-500, WF-500-B) for on-premise sandboxing.
Please note that customers using the WildFire Public cloud service are NOT impacted by this vulnerability.
Multiple improper certificate validation vulnerabilities in the Palo Alto Networks GlobalProtect™ app enables an attacker to intercept encrypted communications and potentially compromise the endpoint. This can enable a local non-administrative operating system user or an attacker on the same subnet to redirect traffic to an unauthorized server and facilitate the installation of malicious software.
The GlobalProtect app on Linux, Windows, iOS and GlobalProtect UWP app are not affected.
Idira Secrets Manager SaaS Edge versions prior to 1.8 exhibit improper access control within its internal authentication components. A remote, unauthenticated attacker could exploit this by submitting a specially crafted request. Under specific circumstances, this could allow the attacker to manipulate internal validation mechanisms, potentially leading to a bypass of identity verification and the unauthorized acquisition of an access token. CyberArk Security Bulletin: CA26-20
idira secrets manager edge
CRITICALCVE-2026-45177
Watch
Priority score blends severity, KEV, recency, source signal, and EPSS where available. 0.5% EPSS.
Palo Alto Networks incorporated the following Chromium security fixes into our products:
* https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_28.html
Prisma Browser
critical
High
Priority score blends severity, KEV, recency, source signal, and EPSS where available. No EPSS.
Cortex XSOAR: Improper Validation of Credentials in CommvaultSecurityIQ integration (CVE-2026-0274)
An improper validation of credentials vulnerability in the CommvaultSecurityIQ integration for Cortex XSOAR and Cortex XSIAM allows an unauthenticated attacker to access and modify protected resources.
Cortex XSIAM CommvaultSecurityIQ Marketplace
criticalCVE-2026-0274
High
Priority score blends severity, KEV, recency, source signal, and EPSS where available. 0.3% EPSS.
Prisma Access Agent: Local Privilege Escalation by Authorized Users (CVE-2026-0271)
A privilege escalation (PE) vulnerability in the Palo Alto Networks Prisma Access Agent app on Linux devices enables a local user to execute code with elevated privileges.
This does not impact Prisma Access Agent on Windows, macOS, iOS, Android, or ChromeOS.
Prisma Access Agent
highCVE-2026-0271
High
Priority score blends severity, KEV, recency, source signal, and EPSS where available. 0.1% EPSS.
PAN-OS: Privilege Escalation (PE) Vulnerability in the Command Line Interface (CLI) (CVE-2026-0272)
A privilege escalation vulnerability in Palo Alto Networks PAN-OS® software allows an authenticated administrator with access to the Command Line Interface (CLI) to perform actions on the device with root privileges.
The security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators and by restricting access to the management interface to only trusted internal IP addresses according to our recommended best practice deployment guidelines (https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431).
This issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series).
Cloud NGFW, and Prisma® Access are not impacted by this vulnerability.
Cloud NGFW
highCVE-2026-0272
High
Priority score blends severity, KEV, recency, source signal, and EPSS where available. 0.2% EPSS.
A path traversal vulnerability in Palo Alto Networks Cortex XSOAR engine software running on Linux allows an unauthenticated attacker on an adjacent network, with the ability to intercept and manipulate network response traffic via a man-in-the-middle (MITM) attack, to write arbitrary files to the host.
Cortex XSOAR
highCVE-2026-0270
High
Priority score blends severity, KEV, recency, source signal, and EPSS where available. 0.2% EPSS.
PAN-OS: Authenticated Admin Command Injection Vulnerability via CLI or Web UI (CVE-2026-0273)
A command injection vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. To be able to exploit this issue, the user must have access to the PAN-OS CLI or Web UI.
The security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators and by restricting access to the management web interface to only trusted internal IP addresses according to our recommended best practice deployment guidelines (https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431).
This issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series).
Cloud NGFW and Prisma® Access are not affected by this vulnerability.
Cloud NGFW
highCVE-2026-0273
High
Priority score blends severity, KEV, recency, source signal, and EPSS where available. 1.2% EPSS.
PAN-OS: Denial of Service (DoS) in Tunnel Traffic Processing (CVE-2026-0269)
A memory corruption vulnerability in the processing of tunnel traffic in Palo Alto Networks PAN-OS® software allows an authenticated user to initiate system reboots using a maliciously crafted packet. Repeated attempts to initiate a reboot causes the firewall to enter maintenance mode.
Panorama, Cloud NGFW, and Prisma® Access are not impacted by this vulnerability.
Cloud NGFW
mediumCVE-2026-0269
Watch
Priority score blends severity, KEV, recency, source signal, and EPSS where available. 0.2% EPSS.
Prisma Access Agent: Local Authenticated VPN Enforcement Bypass on Linux (CVE-2026-0268)
A security control bypass vulnerability in Prisma Access Agent for Linux allows a local attacker to route network traffic outside the VPN tunnel.
This does not impact Prisma Access Agent on Windows, macOS, iOS, Android, or ChromeOS.
Prisma Access Agent
mediumCVE-2026-0268
Watch
Priority score blends severity, KEV, recency, source signal, and EPSS where available. 0.1% EPSS.
PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the Web Interface (CVE-2026-0266)
A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS® software enables a malicious authenticated administrator to store a JavaScript payload using the web interface.
This issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series).
Cloud NGFW and Prisma® Access are not affected by this vulnerability.
Cloud NGFW
mediumCVE-2026-0266
Watch
Priority score blends severity, KEV, recency, source signal, and EPSS where available. 0.2% EPSS.
GlobalProtect App: Information Exposure Vulnerability on macOS (CVE-2026-0267)
An information exposure vulnerability in the Palo Alto Networks GlobalProtect app on macOS enables a local user to learn the configured passcodes for disabling, disconnecting, or uninstalling the GlobalProtect app. After the passcode is known, the user can perform these actions even if the GlobalProtect app configuration would not normally permit them to do so.
GlobalProtect App
mediumCVE-2026-0267
Watch
Priority score blends severity, KEV, recency, source signal, and EPSS where available. 0.1% EPSS.
Informational Bulletin: Impact assessment of OSS CVEs in Prisma SD-WAN ION (PAN-SA-2026-0009)
The Palo Alto Networks Product Security Assurance team has evaluated the following open source software (OSS) CVEs as they relate to Prisma SD-WAN ION. While Prisma SD-WAN ION may include the affected OSS package, Prisma SD-WAN ION does not offer any scenarios required for an attacker to successfully exploit these vulnerabilities and is not impacted.
Prisma SD-WAN ION
informational
Watch
Priority score blends severity, KEV, recency, source signal, and EPSS where available. No EPSS.
Palo Alto Networks PAN-OS contains an authentication bypass vulnerability that allows attackers to bypass security restrictions and establish an unauthorized VPN connection.
PAN-OS
criticalCVE-2026-0257
Critical
Priority score blends severity, KEV, recency, source signal, and EPSS where available. 86.7% EPSS.
PAN-OS: Heap-Based Buffer Overflow in DNS Proxy and DNS Server Allows Unauthenticated Remote Code Execution (CVE-2026-0264)
A buffer overflow vulnerability in the DNS proxy and DNS Server features of Palo Alto Networks PAN-OS® Software allows an unauthenticated attacker with network access to cause a denial of service (DoS) condition (all PAN-OS platforms except Cloud NGFW and Prisma Access) or potentially execute arbitrary code by sending specially crafted network traffic (PA-Series hardware only).
Panorama, Cloud NGFW, and Prisma® Access are not impacted by this vulnerability.
Cloud NGFW
criticalCVE-2026-0264
High
Priority score blends severity, KEV, recency, source signal, and EPSS where available. 0.4% EPSS.
PAN-OS: Remote Code Execution (RCE) in IKEv2 Processing (CVE-2026-0263)
A buffer overflow vulnerability in the IKEv2 processing of Palo Alto Networks PAN-OS® software allows an unauthenticated network-based attacker to execute arbitrary code with elevated privileges on the firewall, or cause a denial of service (DoS) condition.
Panorama, Cloud NGFW, and Prisma® Access are not impacted by these vulnerabilities.
Cloud NGFW
criticalCVE-2026-0263
High
Priority score blends severity, KEV, recency, source signal, and EPSS where available. 0.3% EPSS.
PAN-OS: Authentication Bypass with Cloud Authentication Service (CAS) enabled (CVE-2026-0265)
An authentication bypass vulnerability in Palo Alto Networks PAN-OS® software enables an unauthenticated attacker with network access to bypass authentication controls when Cloud Authentication Service (CAS) is enabled.
The risk is higher if CAS is enabled on the management interface and lower when any other login interfaces are used.
The risk of this issue is greatly reduced if you secure access to the management web interface by restricting access to only trusted internal IP addresses according to our recommended best practice deployment guidelines (https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431).
This issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series).
Cloud NGFW and Prisma Access® are not impacted by this vulnerability.
Cloud NGFW
criticalCVE-2026-0265
High
Priority score blends severity, KEV, recency, source signal, and EPSS where available. 0.4% EPSS.
GlobalProtect App: Buffer Overflow Vulnerability during connection to Portal or Gateway (CVE-2026-0250)
A buffer overflow vulnerability exists in the Palo Alto Networks GlobalProtect™ app that enables a man in the middle attacker to disrupt system processes and potentially execute arbitrary code with SYSTEM privileges. This vulnerability is triggered during the processing of requests and responses exchanged between Portal and Gateway.
The GlobalProtect app on iOS is not affected.
GlobalProtect App
highCVE-2026-0250
High
Priority score blends severity, KEV, recency, source signal, and EPSS where available. 0.2% EPSS.
A server-side request forgery (SSRF) vulnerability in the IKEv2 implementation of Palo Alto Networks PAN-OS® software allows an unauthenticated attacker to cause the firewall to send network requests to unintended destinations or cause a denial of service (DoS) condition.
Panorama, Cloud NGFW and Prisma® Access are not impacted by these vulnerabilities.
Cloud NGFW
highCVE-2026-0258
High
Priority score blends severity, KEV, recency, source signal, and EPSS where available. 0.3% EPSS.
WildFire WF-500 and WF-500-B: Arbitrary File Read and Delete Vulnerability in WildFire Appliance (WF-500, WF-500-B) (CVE-2026-0259)
An arbitrary File Read and Delete Vulnerability in Palo Alto Networks WildFire® WF-500 and WF-500-B appliances enables users to read sensitive information and delete arbitrary files. This vulnerability affects WF-500 and WF-500-B appliances running in the default non-FIPS configuration mode.
The WildFire Appliance (WF-500, WF-500-B) software update is now available to customers that use the WildFire Appliance (WF-500, WF-500-B) for on-premise sandboxing.
Please note that customers using the WildFire Public cloud service are NOT impacted by this vulnerability.
WildFire WF-500 and WF-500-B
highCVE-2026-0259
High
Priority score blends severity, KEV, recency, source signal, and EPSS where available. 0.3% EPSS.
Multiple improper certificate validation vulnerabilities in the Palo Alto Networks GlobalProtect™ app enables an attacker to intercept encrypted communications and potentially compromise the endpoint. This can enable a local non-administrative operating system user or an attacker on the same subnet to redirect traffic to an unauthorized server and facilitate the installation of malicious software.
The GlobalProtect app on Linux, Windows, iOS and GlobalProtect UWP app are not affected.
GlobalProtect App
highCVE-2026-0249
High
Priority score blends severity, KEV, recency, source signal, and EPSS where available. 0.1% EPSS.
The Palo Alto Networkswatch hub is a vendor-specific view inside ITECS MSP Threat Radar. We pull the latest security advisories, incidents, and known-exploited CVEs directly from the official feeds below, score each one for MSP relevance, and surface what's most likely to need attention this week.
Confirm whether recent Palo Alto Networks activity overlaps with your environment.
Prioritize advisories by MSP-relevance score, severity, and status.
Turn the signal into an assessment, briefing, or managed-service engagement with ITECS.
At a glance
Tracked
96
Active
57
Featured
65
Unique CVEs
18
Most recent entry
Jun 11, 2026, 2:16 PM
Feed refreshes daily · 5:15 a.m. Central
Sources·Palo Alto Networks security advisories JSON, CISA KEV, and NVD
"Most recent entry" is the newest item the upstream feed has published — not our sync time.
It is the Palo Alto Networks-specific view inside ITECS Threat Radar, built to track recent advisories, incidents, and watch items that may affect Dallas-area business operations.
How should teams use the Palo Alto Networks watch page?
Use it to confirm whether current Palo Alto Networks issues overlap with your environment, prioritize remediation, and decide whether you need an assessment, managed security follow-through, or vendor-specific hardening work.
Can ITECS help respond to Palo Alto Networks security issues?
Yes. ITECS can help map Palo Alto Networks advisories against your systems, validate affected services, prioritize remediation, and connect the issue to broader managed cybersecurity or managed IT workflows.