Palo Alto Networks PAN-OS vulnerabilities

CVE-2026-0229 [MEDIUM] CWE-754 CVE-2026-0229: A denial-of-service (DoS) vulnerability in the Advanced DNS Security (ADNS) feature of Palo Alto Net A denial-of-service (DoS) vulnerability in the Advanced DNS Security (ADNS) feature of Palo Alto Networks PAN-OS® software enables an unauthenticated attacker to initiate system reboots using a maliciously crafted packet. Repeated attempts to initiate a reboot causes the firewall to enter maintenance mode. Cloud NGFW and Prisma Access® are not impact

CVE-2026-0228 [LOW] CWE-295 CVE-2026-0228: An improper certificate validation vulnerability in PAN-OS allows users to connect Terminal Server A An improper certificate validation vulnerability in PAN-OS allows users to connect Terminal Server Agents on Windows to PAN-OS using expired certificates even if the PAN-OS configuration would not normally permit them to do so.

CVE-2026-0227 [MEDIUM] CWE-754 CVE-2026-0227: A vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to cause a A vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to cause a denial of service (DoS) to the firewall. Repeated attempts to trigger this issue results in the firewall entering into maintenance mode.

CVE-2025-4619 [MEDIUM] CWE-754 CVE-2025-4619: A denial-of-service (DoS) vulnerability in Palo Alto Networks PAN-OS software enables an unauthentic A denial-of-service (DoS) vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to reboot a firewall by sending a specially crafted packet through the dataplane. Repeated attempts to initiate a reboot causes the firewall to enter maintenance mode. This issue is applicable to the PAN-OS software versions listed below

CVE-2025-4615 [MEDIUM] CWE-83 CVE-2025-4615: An improper input neutralization vulnerability in the management web interface of the Palo Alto Netw An improper input neutralization vulnerability in the management web interface of the Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and execute arbitrary commands. The security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrator

CVE-2025-4614 [MEDIUM] CWE-497 CVE-2025-4614: An information disclosure vulnerability in Palo Alto Networks PAN-OS® software enables an authentica An information disclosure vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to view session tokens of users authenticated to the firewall web UI. This may allow impersonation of users whose session tokens are leaked. The security risk posed by this issue is significantly minimized when CLI access is restricte

CVE-2025-2182 [MEDIUM] CWE-312 CVE-2025-2182: A problem with the implementation of the MACsec protocol in Palo Alto Networks PAN-OS® results in th A problem with the implementation of the MACsec protocol in Palo Alto Networks PAN-OS® results in the cleartext exposure of the connectivity association key (CAK). This issue is only applicable to PA-7500 Series devices which are in an NGFW cluster. A user who possesses this key can read messages being sent between devices in a NGFW Cluster. There is

CVE-2025-4231 [HIGH] CWE-77 CVE-2025-4231: A command injection vulnerability in Palo Alto Networks PAN-OS® enables an authenticated administrat A command injection vulnerability in Palo Alto Networks PAN-OS® enables an authenticated administrative user to perform actions as the root user. The attacker must have network access to the management web interface and successfully authenticate to exploit this issue. Cloud NGFW and Prisma Access are not impacted by this vulnerability.

CVE-2025-4230 [HIGH] CWE-78 CVE-2025-4230: A command injection vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated ad A command injection vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. To be able to exploit this issue, the user must have access to the PAN-OS CLI. The security risk posed by this issue is significantly minimized when CLI access is restric

CVE-2025-4229 [MEDIUM] CWE-497 CVE-2025-4229: An information disclosure vulnerability in the SD-WAN feature of Palo Alto Networks PAN-OS® software An information disclosure vulnerability in the SD-WAN feature of Palo Alto Networks PAN-OS® software enables an unauthorized user to view unencrypted data sent from the firewall through the SD-WAN interface. This requires the user to be able to intercept packets sent from the firewall. Cloud NGFW and Prisma® Access are not affected by this vulnerabil

CVE-2025-0130 [HIGH] CWE-754 CVE-2025-0130: A missing exception check in Palo Alto Networks PAN-OS® software with the web proxy feature enabled A missing exception check in Palo Alto Networks PAN-OS® software with the web proxy feature enabled allows an unauthenticated attacker to send a burst of maliciously crafted packets that causes the firewall to become unresponsive and eventually reboot. Repeated successful attempts to trigger this condition will cause the firewall to enter maintenance mod

CVE-2025-0136 [MEDIUM] CWE-319 CVE-2025-0136: Using the AES-128-CCM algorithm for IPSec on certain Palo Alto Networks PAN-OS® firewalls (PA-7500, Using the AES-128-CCM algorithm for IPSec on certain Palo Alto Networks PAN-OS® firewalls (PA-7500, PA-5400, PA-5400f, PA-3400, PA-1600, PA-1400, and PA-400 Series) leads to unencrypted data transfer to devices that are connected to the PAN-OS firewall through IPSec. This issue does not affect Cloud NGFWs, Prisma® Access instances, or PAN-OS VM-Series

CVE-2025-0137 [MEDIUM] CWE-83 CVE-2025-0137: An improper input neutralization vulnerability in the management web interface of the Palo Alto Netw An improper input neutralization vulnerability in the management web interface of the Palo Alto Networks PAN-OS® software enables a malicious authenticated read-write administrator to impersonate another legitimate authenticated PAN-OS administrator. The attacker must have network access to the management web interface to exploit this issue. You grea

CVE-2025-0133 [LOW] CWE-79 CVE-2025-0133: A reflected cross-site scripting (XSS) vulnerability in the GlobalProtect™ gateway and portal featur A reflected cross-site scripting (XSS) vulnerability in the GlobalProtect™ gateway and portal features of Palo Alto Networks PAN-OS® software enables execution of malicious JavaScript in the context of an authenticated Captive Portal user's browser when they click on a specially crafted link. The primary risk is phishing attacks that can lead to credentia

CVE-2025-0126 [HIGH] CWE-384 CVE-2025-0126: When configured using SAML, a session fixation vulnerability in the GlobalProtect™ login enables an When configured using SAML, a session fixation vulnerability in the GlobalProtect™ login enables an attacker to impersonate a legitimate authorized user and perform actions as that GlobalProtect user. This requires the legitimate user to first click on a malicious link provided by the attacker. The SAML login for the PAN-OS® management interface is not

CVE-2025-0128 [HIGH] CWE-754 CVE-2025-0128: A denial-of-service (DoS) vulnerability in the Simple Certificate Enrollment Protocol (SCEP) authent A denial-of-service (DoS) vulnerability in the Simple Certificate Enrollment Protocol (SCEP) authentication feature of Palo Alto Networks PAN-OS® software enables an unauthenticated attacker to initiate system reboots using a maliciously crafted packet. Repeated attempts to initiate a reboot causes the firewall to enter maintenance mode. Cloud NGFW is

CVE-2025-0127 [HIGH] CWE-78 CVE-2025-0127: A command injection vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated ad A command injection vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. This issue is only applicable to PAN-OS VM-Series. This issue does not affect firewalls that are already deployed. Cloud NGFW and Prisma® Access are not affected by this

CVE-2025-0124 [MEDIUM] CWE-73 CVE-2025-0124: An authenticated file deletion vulnerability in the Palo Alto Networks PAN-OS® software enables an a An authenticated file deletion vulnerability in the Palo Alto Networks PAN-OS® software enables an authenticated attacker with network access to the management web interface to delete certain files as the “nobody” user; this includes limited logs and configuration files but does not include system files. The attacker must have network access to the ma

CVE-2025-0125 [MEDIUM] CWE-83 CVE-2025-0125: An improper input neutralization vulnerability in the management web interface of the Palo Alto Netw An improper input neutralization vulnerability in the management web interface of the Palo Alto Networks PAN-OS® software enables a malicious authenticated read-write administrator to impersonate another legitimate authenticated PAN-OS administrator. The attacker must have network access to the management web interface to exploit this issue. You grea

CVE-2025-0123 [MEDIUM] CWE-312 CVE-2025-0123: A vulnerability in the Palo Alto Networks PAN-OS® software enables unlicensed administrators to view A vulnerability in the Palo Alto Networks PAN-OS® software enables unlicensed administrators to view clear-text data captured using the packet capture feature https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-admin/monitoring/take-packet-captures/take-a-custom-packet-capture in decrypted HTTP/2 data streams traversing network interfaces on the fire