CVE-2026-0258
published 2026-05-13CVE-2026-0258: A server-side request forgery (SSRF) vulnerability in the IKEv2 implementation of Palo Alto Networks PAN-OS® software allows an unauthenticated attacker to…
PriorityP429medium4.8CVSS 4.0
AVNACLATPPRNUINVCLVINVAHSCNSINSANEUCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUYRUVCREHUAmber
EPSS
0.32%
23.4th percentile
A server-side request forgery (SSRF) vulnerability in the IKEv2 implementation of Palo Alto Networks PAN-OS® software allows an unauthenticated attacker to cause the firewall to send network requests to unintended destinations or cause a denial of service (DoS) condition.
Panorama, Cloud NGFW and Prisma® Access are not impacted by these vulnerabilities.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| palo_alto_networks | pan-os | >= 10.2.0 < 10.2.18-h6, 10.2.16-h7, 10.2.13-h21, 10.2.10-h36, 10.2.7-h34 | 10.2.18-h6, 10.2.16-h7, 10.2.13-h21, 10.2.10-h36, 10.2.7-h34 |
| palo_alto_networks | pan-os | >= 11.1.0 < 11.1.15, 11.1.13-h5, 11.1.10-h25, 11.1.7-h6, 11.1.6-h32, 11.1.4-h33 | 11.1.15, 11.1.13-h5, 11.1.10-h25, 11.1.7-h6, 11.1.6-h32, 11.1.4-h33 |
| palo_alto_networks | pan-os | >= 11.2.0 < 11.2.12, 11.2.10-h6, 11.2.7-h13, 11.2.4-h17 | 11.2.12, 11.2.10-h6, 11.2.7-h13, 11.2.4-h17 |
| palo_alto_networks | pan-os | >= 12.1.0 < 12.1.7, 12.1.4-h5 | 12.1.7, 12.1.4-h5 |
| paloalto | cloud_ngfw | — | — |
| paloalto | pan-os | — | — |
| paloalto | prisma_access | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-xpv6-xwmp-4m43: A server-side request forgery (SSRF) vulnerability in the IKEv2 implementation of Palo Alto Networks PAN-OS® software allows an unauthenticated attack
ghsa_unreviewed·2026-05-13
CVE-2026-0258 [MEDIUM] CWE-918 GHSA-xpv6-xwmp-4m43: A server-side request forgery (SSRF) vulnerability in the IKEv2 implementation of Palo Alto Networks PAN-OS® software allows an unauthenticated attack
A server-side request forgery (SSRF) vulnerability in the IKEv2 implementation of Palo Alto Networks PAN-OS® software allows an unauthenticated attacker to cause the firewall to send network requests to unintended destinations or cause a denial of service (DoS) condition.
Panorama, Cloud NGFW and Prisma® Access are not impacted by these vulnerabilities.
VulDB
Palo Alto Cloud NGFW/PAN-OS/Prisma Access IKEv2 server-side request forgery (EUVD-2026-30105)
vuldb·2026-05-13·CVSS 4.8
CVE-2026-0258 [MEDIUM] Palo Alto Cloud NGFW/PAN-OS/Prisma Access IKEv2 server-side request forgery (EUVD-2026-30105)
A vulnerability, which was classified as critical, has been found in Palo Alto Cloud NGFW, PAN-OS and Prisma Access. Impacted is an unknown function of the component IKEv2 Handler. The manipulation leads to server-side request forgery.
This vulnerability is referenced as CVE-2026-0258. Remote exploitation of the attack is possible. No exploit is available.
Palo Alto
PAN-OS: Server-Side Request Forgery (SSRF) in IKEv2 Certificate URL Fetching
vendor_paloalto·CVSS 4.8
CVE-2026-0258 [MEDIUM] CWE-918 PAN-OS: Server-Side Request Forgery (SSRF) in IKEv2 Certificate URL Fetching
PAN-OS: Server-Side Request Forgery (SSRF) in IKEv2 Certificate URL Fetching
A server-side request forgery (SSRF) vulnerability in the IKEv2 implementation of Palo Alto Networks PAN-OS® software allows an unauthenticated attacker to cause the firewall to send network requests to unintended destinations or cause a denial of service (DoS) condition.
Panorama, Cloud NGFW and Prisma® Access are not impacted by these vulnerabilities.
Affected products: Cloud NGFW, PAN-OS, Prisma Access
Solution: VERSION MINOR VERSION SUGGESTED SOLUTION
Cloud NGFW No action needed
PAN-OS 12.1 12.1.5 through 12.1.6 Upgrade to 12.1.7 or later.
12.1.2 through 12.1.4-h* Upgrade to 12.1.4-h5 or 12.1.7 or later.
PAN-OS 11.2 11.2.11 or later Upgrade to 11.2.12 or later.
11.2.8 through 11.2.10-h* Upgrade to 11.2.10-
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-05-13
Published