Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1110 CNY

100%
Buy Us a Coffee

Palo Alto Networks — Vulnerabilities & Security Advisories 307

Browse all 307 CVE security advisories affecting Palo Alto Networks. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Palo Alto Networks operates as a prominent cybersecurity vendor, primarily providing next-generation firewalls, cloud security solutions, and endpoint protection platforms to enterprise clients. The company’s software ecosystem, particularly its PAN-OS operating system, has historically been associated with a significant volume of Common Vulnerabilities and Exposures, currently totaling 280 recorded instances. These vulnerabilities frequently involve remote code execution, cross-site scripting, and privilege escalation flaws, often stemming from input validation errors or improper access controls within management interfaces. While the firm maintains a robust security posture through regular patching cycles and proactive threat intelligence integration, the high CVE count reflects the complexity of its extensive feature set and the broad attack surface inherent in critical infrastructure components. Major incidents have been limited, with most issues resolved via timely updates, though the sheer number of disclosed flaws underscores the challenges of securing large-scale, continuously updated network security appliances.

Top products by Palo Alto Networks: PAN-OS Cloud NGFW GlobalProtect App Cortex XDR Agent Cortex XSOAR Cortex XDR Broker VM Expedition Prisma Browser Prisma Access Agent Prisma Cloud Compute Trust Protection Foundation Global Protect Agent Prisma Access Browser Autonomous Digital Experience Manager Checkov by Prisma Cloud Bridgecrew Checkov Traps Prisma SD-WAN ION Palo Alto Networks PAN-OS Palo Alto Networks Expedition Cortex XDR Microsoft 365 Defender Pack Cortex XSOAR Microsoft Teams Marketplace Chronosphere Chronocollector User-ID Credential Agent Broker VM Prisma Cloud Compute Edition WildFire WF-500 and WF-500-B Prisma SD-WAN PAN-OS OpenConfig Plugin ActiveMQ Content Pack
CVE IDTitleCVSSSeverityPublished
CVE-2026-0243 Prisma SD-WAN: Denial of Service (DoS) Vulnerability Through IPv6 Crafted Packet — Prisma SD-WAN IONCWE-606--2026-05-13
CVE-2026-0248 Prisma Access Agent: Improper Certificate Validation Vulnerability — Prisma Access AgentCWE-295--2026-05-13
CVE-2026-0242 Trust Protection Foundation: SQL Injection Vulnerability — Trust Protection FoundationCWE-89--2026-05-13
CVE-2026-0244 Prisma SD-WAN: Improper Certificate Validation Vulnerability — Prisma SD-WAN IONCWE-295--2026-05-13
CVE-2026-0241 Trust Protection Foundation: Multiple Authorization Bypass Vulnerabilities — Trust Protection FoundationCWE-754--2026-05-13
CVE-2026-0245 Prisma Access Agent: Information Disclosure Vulnerabilities — Prisma Access AgentCWE-200--2026-05-13
CVE-2026-0240 Trust Protection Foundation: Sensitive Information Disclosure Vulnerability — Trust Protection FoundationCWE-497--2026-05-13
CVE-2026-0246 Prisma Access Agent: Local Privilege Escalation Vulnerability — Prisma Access AgentCWE-862--2026-05-13
CVE-2026-0247 Prisma Access Agent Endpoint DLP: Authorization Bypass Vulnerabilities — Prisma Access AgentCWE-306--2026-05-13
CVE-2026-0249 GlobalProtect App: Certificate Validation Bypass Vulnerabilities — GlobalProtect AppCWE-295--2026-05-13
CVE-2026-0239 Chronosphere Chronocollector Information Disclosure Vulnerability — Chronosphere ChronocollectorCWE-497--2026-05-13
CVE-2026-0250 GlobalProtect App: Buffer Overflow Vulnerability during connection to Portal or Gateway — GlobalProtect AppCWE-787--2026-05-13
CVE-2026-0238 Broker VM: Improper Input Validation in Broker VM Certificate and Key Fields — Broker VMCWE-20--2026-05-13
CVE-2026-0251 GlobalProtect App: Local Privilege Escalation Vulnerabilities — GlobalProtect AppCWE-426--2026-05-13
CVE-2026-0256 PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the Web Interface — Cloud NGFWCWE-79--2026-05-13
CVE-2026-0257 PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities — Cloud NGFWCWE-565--2026-05-13
CVE-2026-0235 Prisma Browser: Access and Data Rule Bypass — Prisma BrowserCWE-754--2026-05-13
CVE-2026-0258 PAN-OS: Server-Side Request Forgery (SSRF) in IKEv2 Certificate URL Fetching — Cloud NGFWCWE-918--2026-05-13
CVE-2026-0259 WildFire WF-500 and WF-500-B: Arbitrary File Read and Delete Vulnerability in WildFire Appliance (WF-500, WF-500-B) — WildFire WF-500 and WF-500-BCWE-73--2026-05-13
CVE-2026-0261 PAN-OS: Authenticated Admin Command Injection Vulnerability — Cloud NGFWCWE-78--2026-05-13
CVE-2026-0236 Prisma Browser: Code Injection Enables Security Controls Bypass — Prisma BrowserCWE-94--2026-05-13
CVE-2026-0262 PAN-OS: Denial of Service Vulnerabilities in Network Traffic Parsing — Cloud NGFWCWE-754--2026-05-13
CVE-2026-0237 Prisma Browser: Improperly Restricted Automation Bridge Allows Security Bypass — Prisma BrowserCWE-424--2026-05-13
CVE-2026-0263 PAN-OS: Remote Code Execution (RCE) in IKEv2 Processing — Cloud NGFWCWE-787--2026-05-13
CVE-2026-0264 PAN-OS: Heap-Based Buffer Overflow in DNS Proxy and DNS Server Allows Unauthenticated Remote Code Execution — Cloud NGFWCWE-122--2026-05-13
CVE-2026-0265 PAN-OS: Authentication Bypass with Cloud Authentication Service (CAS) enabled — Cloud NGFWCWE-347--2026-05-13
CVE-2026-0300 PAN-OS: Unauthenticated user initiated Buffer Overflow Vulnerability in User-ID™ Authentication Portal — Cloud NGFWCWE-787 9.8AICriticalAI2026-05-06
CVE-2026-0232 Cortex XDR Agent: Local Administrator can disable the agent on Windows — Cortex XDR AgentCWE-15 6.0 -2026-04-13
CVE-2026-0233 Autonomous Digital Experience Manager: Improper validation of ADEM certificate — Autonomous Digital Experience ManagerCWE-295 8.8 -2026-04-13
CVE-2026-0234 Cortex XSOAR: Improper Verification of Cryptographic Signature in Microsoft Teams integration — Cortex XSOAR Microsoft Teams MarketplaceCWE-347 9.1 -2026-04-13

This page lists every published CVE security advisory associated with Palo Alto Networks. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.