—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Multiple vulnerabilities in Palo Alto Networks

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: HIGH

Systems Affected

Cortex XSIAM and XSOAR CommvaultSecurityIQ Marketplace versions 1.1.0 through 1.1.9

PAN-OS 12.1, 11.2, 11.1 and 10.2 versions prior to the applicable fixed releases

GlobalProtect App 6.3 versions prior to 6.3.3-h1 on macOS

GlobalProtect App 6.2 versions prior to 6.2.8-h2 on macOS

Prisma Access Agent versions 25.7 through 26.2.0 on Linux

Cortex XSOAR 8.13 versions prior to 8.13.0.11 on Linux

Cortex XSOAR 8.12, 8.11 and 8.10 all versions

Overview

Multiple vulnerabilities exist in Palo Alto Networks products that could allow an attacker to bypass security controls, gain elevated privileges, execute arbitrary commands or code, access sensitive information, manipulate protected resources or files, perform cross-site scripting (XSS) attacks, disrupt system availability through reboot conditions, or route network traffic outside the intended VPN tunnel.

Target Audience:

All organizations and administrators using affected Palo Alto Networks products.

Risk Assessment:

High risk of unauthorized access, privilege escalation, arbitrary command or code execution, information disclosure, security control bypass, unauthorized file manipulation, cross-site scripting (XSS), VPN traffic bypass, and service disruption.

Impact Assessment:

Unauthorized access to sensitive information, arbitrary code execution, manipulation of protected resources and files, disruption of service, bypass of VPN security controls, exposure of confidential data, and full system compromise.

Description

These vulnerabilities exist in Palo Alto Networks products due to improper input validation, insufficient credential validation, inadequate access controls, memory corruption, path traversal, command injection, privilege management flaws, information exposure, and security control bypass issues.

Successful exploitation of these vulnerabilities could allow the attacker to bypass security controls, gain elevated privileges, execute arbitrary commands or code, access sensitive information, manipulate protected resources or files, perform cross-site scripting (XSS) attacks, disrupt system availability through reboot conditions, or route network traffic outside the intended VPN tunnel.

Solution

Apply appropriate security updates as mentioned in:

https://security.paloaltonetworks.com/CVE-2026-0274

https://security.paloaltonetworks.com/CVE-2026-0273

https://security.paloaltonetworks.com/CVE-2026-0272

https://security.paloaltonetworks.com/CVE-2026-0271

https://security.paloaltonetworks.com/CVE-2026-0270

https://security.paloaltonetworks.com/CVE-2026-0269

https://security.paloaltonetworks.com/CVE-2026-0268

https://security.paloaltonetworks.com/CVE-2026-0267

https://security.paloaltonetworks.com/CVE-2026-0266

Vendor Information

Palo Alto Networks

https://www.paloaltonetworks.com/

References

Palo Alto Networks

https://security.paloaltonetworks.com/CVE-2026-0274

https://security.paloaltonetworks.com/CVE-2026-0273

https://security.paloaltonetworks.com/CVE-2026-0272

https://security.paloaltonetworks.com/CVE-2026-0271

https://security.paloaltonetworks.com/CVE-2026-0270

https://security.paloaltonetworks.com/CVE-2026-0269

https://security.paloaltonetworks.com/CVE-2026-0268

https://security.paloaltonetworks.com/CVE-2026-0267

https://security.paloaltonetworks.com/CVE-2026-0266

CVE Name

CVE-2026-0266

CVE-2026-0267

CVE-2026-0268

CVE-2026-0269

CVE-2026-0270

CVE-2026-0271

CVE-2026-0272

CVE-2026-0273

CVE-2026-0274

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmoruaoACgkQ3jCgcSdc

ys/D+Q/+M+9TkpKOPDXC2aXsgphA4Z3CR8ziv3QU/tKbkazgSPqnjm4uKJIqyYKg

n2IwMDW4Q2YO4gGi9IrmAd48qJw9fzEtpSTH972NYnq3Gi43rJ6F4DMmw7Vxc9kF

0J2nAHwkBf4XiFSymkqPkX1wFFWXGtZQy9V2OabDS9iXA7NgmnEv3+4f50A4Exg1

3RGhIZW4Z2wDWzQ51BaQjZMBnrrrGYZmQ5IuLw8e8wokErEHCCLcob4og4P4FbdA

9imCT1GPajIpDWz5qJ9Yj6MBYZ9L2QN6csSwOimY2rfyzHmCv01VwhY26BnFwnDj

FRsCABbzTt3TAO/W78QS8RKnWjFUVoGqIHyHYNmamPUi/78h4qY+AjEfQwz1LntT

zTxruRvU4bTdpwIo2hgIpp8fXGq4VUsB38uIbzjhRaaNvrD4HoiUTXX0a6U5MNB0

lx+AUYsuz50r0UR922B9h0HdbBxg8Bp0RFhmH8DXVJT/T6mBiPKhHSIDo05Rolsp

dkJUB6zDK+w4F+lByqqVzlb75LeNW8J+2VfQYC8LoVV0U6PcN79eiZlDphqxy7jB

OcRVmO84OMaN23hHtF0olwj4ZXD1pzQvqP8r8umFgHSqi7dY9jy/JWujAwCq5wyI

EmqGUXjfmR71ezPsgay9e8QdG+Kdi8om0UkIIprAWjeIfWRrw28=

=2EqM

—–END PGP SIGNATURE—–