
[CIVN-2026-0360] Multiple Vulnerabilities in PAN-OS
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256
Multiple Vulnerabilities in PAN-OS
Indian – Computer Emergency Response Team (https://www.cert-in.org.in)
Severity Rating: HIGH
Software Affected
PAN-OS 12.1 versions prior to 12.1.8
PAN-OS 11.2 versions prior to 11.2.13
PAN-OS 11.1 versions prior to 11.1.16
PAN-OS 10.2 all versions
Prisma Access Agent versions 24.0 through 26.2.0 on Windows
Prisma Access Agent versions prior to the applicable fixed release on iOS
Cortex XDR Broker VM versions prior to the applicable fixed releases
Prisma Browser versions prior to the applicable fixed releases
User-ID Terminal Server Agent versions prior to the applicable fixed releases
Overview
Multiple vulnerabilities exist in PAN-OS that could allow an attacker to bypass authentication and security controls, execute arbitrary commands, access sensitive information, perform cross-site scripting (XSS) attacks, manipulate protected resources, disrupt system availability or compromise affected systems.
Target Audience:
All organizations and administrators using affected PAN-OS deployments and associated Palo Alto Networks products.
Risk Assessment:
High risk of unauthorized access, arbitrary command execution, security control bypass, and compromise of affected PAN-OS deployments.
Impact Assessment:
Potential for arbitrary command execution, unauthorized access to sensitive information, security control bypass, privilege escalation, and compromise of affected systems.
Description
PAN-OS is the operating system that powers Palo Alto Networks next-generation firewalls and provides advanced network security and threat prevention capabilities.
These vulnerabilities exist in PAN-OS due to improper input validation, missing authentication, command injection, XML injection, server-side request forgery (SSRF), improper access control, information disclosure, and improper neutralization of user-supplied input.
Successful exploitation could allow a remote attacker to execute arbitrary commands, bypass authentication or security controls, obtain sensitive information, perform cross-site scripting (XSS), delete files, cause denial of service, or otherwise compromise the confidentiality, integrity and availability of the affected systems.
Solution
Apply appropriate security updates and mitigations as mentioned in
https://security.paloaltonetworks.com/CVE-2026-0276
https://security.paloaltonetworks.com/CVE-2026-0277
https://security.paloaltonetworks.com/CVE-2026-0278
https://security.paloaltonetworks.com/CVE-2026-0279
https://security.paloaltonetworks.com/CVE-2026-0280
https://security.paloaltonetworks.com/CVE-2026-0281
https://security.paloaltonetworks.com/CVE-2026-0282
https://security.paloaltonetworks.com/CVE-2026-0283
https://security.paloaltonetworks.com/CVE-2026-0284
https://security.paloaltonetworks.com/CVE-2026-0285
https://security.paloaltonetworks.com/CVE-2026-0286
https://security.paloaltonetworks.com/CVE-2026-0287
https://security.paloaltonetworks.com/CVE-2026-0288
Vendor Information
Palo Alto Networks
https://www.paloaltonetworks.com/
References
https://security.paloaltonetworks.com/CVE-2026-0276
https://security.paloaltonetworks.com/CVE-2026-0277
https://security.paloaltonetworks.com/CVE-2026-0278
https://security.paloaltonetworks.com/CVE-2026-0279
https://security.paloaltonetworks.com/CVE-2026-0280
https://security.paloaltonetworks.com/CVE-2026-0281
https://security.paloaltonetworks.com/CVE-2026-0282
https://security.paloaltonetworks.com/CVE-2026-0283
https://security.paloaltonetworks.com/CVE-2026-0284
https://security.paloaltonetworks.com/CVE-2026-0285
https://security.paloaltonetworks.com/CVE-2026-0286
https://security.paloaltonetworks.com/CVE-2026-0287
https://security.paloaltonetworks.com/CVE-2026-0288
CVE Name
CVE-2026-0276
CVE-2026-0277
CVE-2026-0278
CVE-2026-0279
CVE-2026-0280
CVE-2026-0281
CVE-2026-0282
CVE-2026-0283
CVE-2026-0284
CVE-2026-0285
CVE-2026-0286
CVE-2026-0287
CVE-2026-0288
– —
Thanks and Regards,
CERT-In
Incident Response Help Desk
e-mail: incident@cert-in.org.in
Phone: +91-11-22902657
Toll Free Number: 1800-11-4949
Toll Free Fax : 1800-11-6969
Web: http://www.cert-in.org.in
PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4
PGP Key information:
https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS
Postal address:
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
—–BEGIN PGP SIGNATURE—–
iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmpRAJEACgkQ3jCgcSdc
ys+o9g/5Ae8ZVPh5EVBn9bkmdmCPJjFwnWajQp7lnmvqyGd3Lud+iXqr51jjtUM3
zHfChbX9mUdqnRVi3cUQAa9AuEZm2NvCXhXjoQVur1v8MIy/j3yyVlYBeDtpjXgq
iy7CKUtNwcMa6MBdb68Kev20heWe5/wP79Sdq2pM6C3g99f1HIG97W4oL8D7HWHB
Z51EJNzEad97YMbo11wqRiXkbHDakNd3OPT5uDXJvtgbUlO2RsHoIZFWhGvX1emk
MEfg2XR69voB0DLpj7XlC8uRsdgF2JzXeT9XfGldQTxJ3k5gwLBUGi9yQrbQAmMq
G3SU8gQhO3mw/gdCtxG2z3tzUAbdlNAFLc1VyJBZwz+FlHjAs0li4KXmPbYBlPdl
PVYzAlwiMmWVDg7eh9Jd+zbBB4AzTATiOURBjV+6G9n9hjFAC/KJQJAayHfVwOMk
jjDMhnlqPLhsbxH4ryXS0FeB7CQ1T8w+g99zz1nol5aeSXSgfSLTj8T4REOS2T1a
Oa2mFHJHHZJSGDZy2zv96yXI+egjjNV9ZOXizIypb/Q5FwuJqgu3HM884KI/NUWs
3YU5p+Ce6eMmmYC3eZrZu0sXgP+Rx5MBcV064/bwBYK/TCsMwe6C7aRF/ndQY2I7
8xTNQQ5VwSs/j42VYu7TyS3I1J8YU3NaJrk2v4UnIYX83YdlDzQ=
=j/bo
—–END PGP SIGNATURE—–


