CVE-2026-0262
published 2026-05-13CVE-2026-0262: Multiple denial of service vulnerabilities in Palo Alto Networks PAN-OS® software allow an unauthenticated attacker with network access to cause a denial of…
PriorityP342medium6.6CVSS 4.0
AVNACLATNPRNUINVCNVINVAHSCNSINSANEUCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUNRUVCREMUAmber
EPSS
0.34%
25.6th percentile
Multiple denial of service vulnerabilities in Palo Alto Networks PAN-OS® software allow an unauthenticated attacker with network access to cause a denial of service (DoS) condition by sending specially crafted network traffic.
Panorama and Cloud NGFW are not impacted by these vulnerabilities.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| palo_alto_networks | pan-os | >= 10.2.0 < 10.2.18-h6, 10.2.16-h7, 10.2.13-h21, 10.2.10-h36, 10.2.7-h34 | 10.2.18-h6, 10.2.16-h7, 10.2.13-h21, 10.2.10-h36, 10.2.7-h34 |
| palo_alto_networks | pan-os | >= 11.1.0 < 11.1.15, 11.1.13-h5, 11.1.10-h25, 11.1.7-h6, 11.1.6-h32, 11.1.4-h33 | 11.1.15, 11.1.13-h5, 11.1.10-h25, 11.1.7-h6, 11.1.6-h32, 11.1.4-h33 |
| palo_alto_networks | pan-os | >= 11.2.0 < 11.2.12, 11.2.10-h6, 11.2.7-h13, 11.2.4-h17 | 11.2.12, 11.2.10-h6, 11.2.7-h13, 11.2.4-h17 |
| palo_alto_networks | pan-os | >= 12.1.0 < 12.1.7, 12.1.4-h5 | 12.1.7, 12.1.4-h5 |
| palo_alto_networks | prisma_access | >= 10.2.0 < 10.2.10-h36 | 10.2.10-h36 |
| palo_alto_networks | prisma_access | >= 11.2.0 < 11.2.7-h13 | 11.2.7-h13 |
| paloalto | cloud_ngfw | — | — |
| paloalto | pan-os | — | — |
| paloalto | prisma_access | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Palo Alto
PAN-OS: Denial of Service Vulnerabilities in Network Traffic Parsing
vendor_paloalto·CVSS 6.6
CVE-2026-0262 [MEDIUM] CWE-754 PAN-OS: Denial of Service Vulnerabilities in Network Traffic Parsing
PAN-OS: Denial of Service Vulnerabilities in Network Traffic Parsing
Multiple denial of service vulnerabilities in Palo Alto Networks PAN-OS® software allow an unauthenticated attacker with network access to cause a denial of service (DoS) condition by sending specially crafted network traffic to a dataplane interface.
Panorama and Cloud NGFW are not impacted by these vulnerabilities.
Affected products: Cloud NGFW, PAN-OS, Prisma Access
Solution: VERSION MINOR VERSION SUGGESTED SOLUTION
Cloud NGFW No action needed
PAN-OS 12.1 12.1.5 through 12.1.6 Upgrade to 12.1.7 or later.
12.1.2 through 12.1.4-h* Upgrade to 12.1.4-h5 or 12.1.7 or later.
PAN-OS 11.2 11.2.11 or later Upgrade to 11.2.12 or later.
11.2.8 through 11.2.10-h* Upgrade to 11.2.10-h6 or 11.2.12 or later.
11.2.5 through 11.2.7
GHSA
GHSA-3mc4-hxgv-pc7g: Multiple denial of service vulnerabilities in Palo Alto Networks PAN-OS® software allow an unauthenticated attacker with network access to cause a den
ghsa_unreviewed·2026-05-13
CVE-2026-0262 [MEDIUM] CWE-754 GHSA-3mc4-hxgv-pc7g: Multiple denial of service vulnerabilities in Palo Alto Networks PAN-OS® software allow an unauthenticated attacker with network access to cause a den
Multiple denial of service vulnerabilities in Palo Alto Networks PAN-OS® software allow an unauthenticated attacker with network access to cause a denial of service (DoS) condition by sending specially crafted network traffic.
Panorama and Cloud NGFW are not impacted by these vulnerabilities.
VulDB
Palo Alto Cloud NGFW/PAN-OS/Prisma Access unusual condition (EUVD-2026-30108)
vuldb·2026-05-13·CVSS 6.6
CVE-2026-0262 [MEDIUM] Palo Alto Cloud NGFW/PAN-OS/Prisma Access unusual condition (EUVD-2026-30108)
A vulnerability identified as critical has been detected in Palo Alto Cloud NGFW, PAN-OS and Prisma Access. Impacted is an unknown function. Performing a manipulation results in improper check for unusual conditions.
This vulnerability is reported as CVE-2026-0262. The attack is possible to be carried out remotely. No exploit exists.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-05-13
Published