CVE-2026-0256
published 2026-05-13CVE-2026-0256: A stored cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS® software enables a malicious authenticated administrator to store a JavaScript…
PriorityP422medium4.4CVSS 4.0
AVNACLATNPRHUIPVCLVIHVANSCNSINSANEUCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUNRUVDREMUAmber
EPSS
0.28%
19.8th percentile
A stored cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS® software enables a malicious authenticated administrator to store a JavaScript payload using the web interface.
This issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series).
Cloud NGFW and Prisma® Access are not impacted by this vulnerability.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| palo_alto_networks | pan-os | >= 10.2.0 < 10.2.18-h6 | 10.2.18-h6 |
| palo_alto_networks | pan-os | >= 11.1.0 < 11.1.15 | 11.1.15 |
| palo_alto_networks | pan-os | >= 11.2.0 < 11.2.12 | 11.2.12 |
| palo_alto_networks | pan-os | >= 12.1.0 < 12.1.7 | 12.1.7 |
| paloalto | cloud_ngfw | — | — |
| paloalto | pan-os | — | — |
| paloalto | prisma_access | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-q845-rv2h-x553: A stored cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS® software enables a malicious authenticated administrator to store a Ja
ghsa_unreviewed·2026-05-13
CVE-2026-0256 [MEDIUM] CWE-79 GHSA-q845-rv2h-x553: A stored cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS® software enables a malicious authenticated administrator to store a Ja
A stored cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS® software enables a malicious authenticated administrator to store a JavaScript payload using the web interface.
This issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series).
Cloud NGFW and Prisma® Access are not impacted by this vulnerability.
VulDB
Palo Alto Cloud NGFW/PAN-OS/Prisma Access Web Interface cross site scripting (EUVD-2026-30103)
vuldb·2026-05-13·CVSS 4.4
CVE-2026-0256 [MEDIUM] Palo Alto Cloud NGFW/PAN-OS/Prisma Access Web Interface cross site scripting (EUVD-2026-30103)
A vulnerability described as problematic has been identified in Palo Alto Cloud NGFW, PAN-OS and Prisma Access. Impacted is an unknown function of the component Web Interface. Executing a manipulation can lead to cross site scripting.
This vulnerability is handled as CVE-2026-0256. The attack can be executed remotely. There is not any exploit available.
Palo Alto
PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the Web Interface
vendor_paloalto·CVSS 4.4
CVE-2026-0256 [MEDIUM] CWE-79 PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the Web Interface
PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the Web Interface
A stored cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS® software enables a malicious authenticated administrator to store a JavaScript payload using the web interface.
This issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series).
Cloud NGFW and Prisma Access® are not impacted by this vulnerability.
Affected products: Cloud NGFW, PAN-OS, Prisma Access
Solution: VERSION MINOR VERSION RANGE SUGGESTED SOLUTION
Cloud NGFW No action needed.
PAN-OS 12.1 12.1.5 through 12.1.6 Upgrade to 12.1.7 or later.
12.1.2 through 12.1.4-h* Upgrade to 12.1.4-h5 or 12.1.7 or later.
PAN-OS 11.2 11.2.11 or later Upgrade to 11.2.12 or later.
11.2.8 th
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-05-13
Published