CVE-2026-0264
published 2026-05-13CVE-2026-0264: A buffer overflow vulnerability in the DNS proxy and DNS Server features of Palo Alto Networks PAN-OS® Software allows an unauthenticated attacker with network…
PriorityP352high7.2CVSS 4.0
AVNACHATNPRNUINVCHVIHVAHSCLSILSANEUCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUYRUVCREHURed
EPSS
0.41%
32.5th percentile
A buffer overflow vulnerability in the DNS proxy and DNS Server features of Palo Alto Networks PAN-OS® Software allows an unauthenticated attacker with network access to cause a denial of service (DoS) condition (all PAN-OS platforms except Cloud NGFW and Prisma Access) or potentially execute arbitrary code by sending specially crafted network traffic (PA-Series hardware only).
Panorama, Cloud NGFW, and Prisma® Access are not impacted by this vulnerability.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| palo_alto_networks | pan-os | >= 10.2.0 < 10.2.18-h6, 10.2.16-h7, 10.2.13-h21, 10.2.10-h36, 10.2.7-h34 | 10.2.18-h6, 10.2.16-h7, 10.2.13-h21, 10.2.10-h36, 10.2.7-h34 |
| palo_alto_networks | pan-os | >= 11.1.0 < 11.1.15, 11.1.13-h5, 11.1.10-h25, 11.1.7-h6, 11.1.6-h32, 11.1.4-h33 | 11.1.15, 11.1.13-h5, 11.1.10-h25, 11.1.7-h6, 11.1.6-h32, 11.1.4-h33 |
| palo_alto_networks | pan-os | >= 11.2.0 < 11.2.12, 11.2.10-h6, 11.2.7-h13, 11.2.4-h17 | 11.2.12, 11.2.10-h6, 11.2.7-h13, 11.2.4-h17 |
| palo_alto_networks | pan-os | >= 12.1.0 < 12.1.7, 12.1.4-h5 | 12.1.7, 12.1.4-h5 |
| paloalto | cloud_ngfw | — | — |
| paloalto | pan-os | — | — |
| paloalto | prisma_access | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-99hw-j87x-3cgm: A buffer overflow vulnerability in the DNS proxy and DNS Server features of Palo Alto Networks PAN-OS® Software allows an unauthenticated attacker wit
ghsa_unreviewed·2026-05-13
CVE-2026-0264 [HIGH] CWE-122 GHSA-99hw-j87x-3cgm: A buffer overflow vulnerability in the DNS proxy and DNS Server features of Palo Alto Networks PAN-OS® Software allows an unauthenticated attacker wit
A buffer overflow vulnerability in the DNS proxy and DNS Server features of Palo Alto Networks PAN-OS® Software allows an unauthenticated attacker with network access to cause a denial of service (DoS) condition (all PAN-OS platforms except Cloud NGFW and Prisma Access) or potentially execute arbitrary code by sending specially crafted network traffic (PA-Series hardware only).
Panorama, Cloud NGFW, and Prisma® Access are not impacted by this vulnerability.
VulDB
Palo Alto Cloud NGFW/PAN-OS/Prisma Access DNS Proxy/DNS Server heap-based overflow (EUVD-2026-30065)
vuldb·2026-05-13·CVSS 7.2
CVE-2026-0264 [HIGH] Palo Alto Cloud NGFW/PAN-OS/Prisma Access DNS Proxy/DNS Server heap-based overflow (EUVD-2026-30065)
A vulnerability labeled as critical has been found in Palo Alto Cloud NGFW, PAN-OS and Prisma Access. Affected by this vulnerability is an unknown functionality of the component DNS Proxy/DNS Server. The manipulation results in heap-based buffer overflow.
This vulnerability is known as CVE-2026-0264. It is possible to launch the attack remotely. No exploit is available.
Palo Alto
PAN-OS: Heap-Based Buffer Overflow in DNS Proxy and DNS Server Allows Unauthenticated Remote Code Execution
vendor_paloalto·CVSS 7.2
CVE-2026-0264 [HIGH] CWE-122 PAN-OS: Heap-Based Buffer Overflow in DNS Proxy and DNS Server Allows Unauthenticated Remote Code Execution
PAN-OS: Heap-Based Buffer Overflow in DNS Proxy and DNS Server Allows Unauthenticated Remote Code Execution
A buffer overflow vulnerability in the DNS proxy and DNS Server features of Palo Alto Networks PAN-OS® Software allows an unauthenticated attacker with network access to cause a denial of service (DoS) condition (all PAN-OS platforms except Cloud NGFW and Prisma Access) or potentially execute arbitrary code by sending specially crafted network traffic (PA-Series hardware only).
Panorama, Cloud NGFW, and Prisma® Access are not impacted by this vulnerability.
Affected products: Cloud NGFW, PAN-OS, Prisma Access
Solution: VERSION MINOR VERSION SUGGESTED SOLUTION
Cloud NGFW No action needed
PAN-OS 12.1 12.1.5 through 12.1.6 Upgrade to 12.1.7 or later.
12.1.2 through 12.1.4-h* Upgrad
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-05-13
Published