Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Palo Alto Networks — Vulnerabilities & Security Advisories 307

Browse all 307 CVE security advisories affecting Palo Alto Networks. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Palo Alto Networks operates as a prominent cybersecurity vendor, primarily providing next-generation firewalls, cloud security solutions, and endpoint protection platforms to enterprise clients. The company’s software ecosystem, particularly its PAN-OS operating system, has historically been associated with a significant volume of Common Vulnerabilities and Exposures, currently totaling 280 recorded instances. These vulnerabilities frequently involve remote code execution, cross-site scripting, and privilege escalation flaws, often stemming from input validation errors or improper access controls within management interfaces. While the firm maintains a robust security posture through regular patching cycles and proactive threat intelligence integration, the high CVE count reflects the complexity of its extensive feature set and the broad attack surface inherent in critical infrastructure components. Major incidents have been limited, with most issues resolved via timely updates, though the sheer number of disclosed flaws underscores the challenges of securing large-scale, continuously updated network security appliances.

Found 31 results / 307Clear Filters
Top products by Palo Alto Networks: PAN-OS Cloud NGFW GlobalProtect App Cortex XDR Agent Cortex XSOAR Cortex XDR Broker VM Expedition Prisma Browser Prisma Access Agent Prisma Cloud Compute Trust Protection Foundation Global Protect Agent Prisma Access Browser Autonomous Digital Experience Manager Checkov by Prisma Cloud Bridgecrew Checkov Traps Prisma SD-WAN ION Palo Alto Networks PAN-OS Palo Alto Networks Expedition Cortex XDR Microsoft 365 Defender Pack Cortex XSOAR Microsoft Teams Marketplace Chronosphere Chronocollector User-ID Credential Agent Broker VM Prisma Cloud Compute Edition WildFire WF-500 and WF-500-B Prisma SD-WAN PAN-OS OpenConfig Plugin ActiveMQ Content Pack
CVE IDTitleCVSSSeverityPublished
CVE-2026-0249 GlobalProtect App: Certificate Validation Bypass Vulnerabilities — GlobalProtect AppCWE-295--2026-05-13
CVE-2026-0250 GlobalProtect App: Buffer Overflow Vulnerability during connection to Portal or Gateway — GlobalProtect AppCWE-787--2026-05-13
CVE-2026-0251 GlobalProtect App: Local Privilege Escalation Vulnerabilities — GlobalProtect AppCWE-426--2026-05-13
CVE-2025-2183 GlobalProtect App: Improper Certificate Validation Leads to Privilege Escalation — GlobalProtect AppCWE-295 8.0AIHighAI2025-08-13
CVE-2025-2179 GlobalProtect App: Non Admin User Can Disable the GlobalProtect App — GlobalProtect AppCWE-266 6.1AIMediumAI2025-07-29
CVE-2025-0141 GlobalProtect App: Privilege Escalation (PE) Vulnerability — GlobalProtect AppCWE-426 7.8AIHighAI2025-07-09
CVE-2025-0140 GlobalProtect App: Non Admin User Can Disable the GlobalProtect App — GlobalProtect AppCWE-266 7.1AIHighAI2025-07-09
CVE-2025-4227 GlobalProtect App: Interception in Endpoint Traffic Policy Enforcement — GlobalProtect AppCWE-319 4.6AIMediumAI2025-06-13
CVE-2025-4232 GlobalProtect: Authenticated Code Injection Through Wildcard on macOS — GlobalProtect AppCWE-155 7.8AIHighAI2025-06-12
CVE-2025-0135 GlobalProtect App on macOS: Non Admin User Can Disable the GlobalProtect App — GlobalProtect AppCWE-266 7.1AIHighAI2025-05-14
CVE-2025-0120 GlobalProtect App: Local Privilege Escalation (PE) Vulnerability — GlobalProtect AppCWE-250 7.0AIHighAI2025-04-11
CVE-2025-0118 GlobalProtect App: Execution of Unsafe ActiveX Control Vulnerability — GlobalProtect AppCWE-618 8.8 -2025-03-12
CVE-2025-0117 GlobalProtect App: Local Privilege Escalation (PE) Vulnerability — GlobalProtect AppCWE-807 7.8 -2025-03-12
CVE-2024-5921 GlobalProtect App: Insufficient Certificate Validation Leads to Privilege Escalation — GlobalProtect AppCWE-295 8.0AIHighAI2024-11-27
CVE-2024-9473 GlobalProtect App: Local Privilege Escalation (PE) Vulnerability — GlobalProtect AppCWE-250 7.8AIHighAI2024-10-09
CVE-2024-5915 GlobalProtect App: Local Privilege Escalation (PE) Vulnerability — GlobalProtect AppCWE-732 7.8AIHighAI2024-08-14
CVE-2024-5908 GlobalProtect App: Encrypted Credential Exposure via Log Files — GlobalProtect AppCWE-532 5.5AIMediumAI2024-06-12
CVE-2024-2432 GlobalProtect App: Local Privilege Escalation (PE) Vulnerability — GlobalProtect AppCWE-269 4.5 Medium2024-03-13
CVE-2024-2431 GlobalProtect App: Local User Can Disable GlobalProtect — GlobalProtect AppCWE-269 5.5 Medium2024-03-13
CVE-2023-0009 GlobalProtect App: Local Privilege Escalation (PE) Vulnerability — GlobalProtect AppCWE-807 7.8 High2023-06-14
CVE-2023-0006 GlobalProtect App: Local File Deletion Vulnerability — GlobalProtect appCWE-367 6.3 Medium2023-04-12
CVE-2022-0021 GlobalProtect App: Information Exposure Vulnerability When Using Connect Before Logon — GlobalProtect AppCWE-532 3.3 Low2022-02-10
CVE-2022-0019 GlobalProtect App: Insufficiently Protected Credentials Vulnerability on Linux — GlobalProtect AppCWE-522 4.7 Medium2022-02-10
CVE-2022-0018 GlobalProtect App: Information Exposure Vulnerability When Connecting to GlobalProtect Portal With Single Sign-On Enabled — GlobalProtect AppCWE-201 6.1 Medium2022-02-10
CVE-2022-0017 GlobalProtect App: Improper Link Resolution Vulnerability Leads to Local Privilege Escalation — GlobalProtect AppCWE-59 7.0 High2022-02-10
CVE-2022-0016 GlobalProtect App: Privilege Escalation Vulnerability When Using Connect Before Logon — GlobalProtect AppCWE-703 7.4 High2022-02-10
CVE-2021-3057 GlobalProtect App: Buffer Overflow Vulnerability When Connecting to Portal or Gateway — GlobalProtect AppCWE-121 8.1 High2021-10-13
CVE-2021-3038 GlobalProtect App: Windows VPN kernel driver denial of service (DoS) — GlobalProtect AppCWE-20 5.5 Medium2021-04-20
CVE-2020-2033 GlobalProtect App: Missing certificate validation vulnerability can disclose pre-logon authentication cookie — GlobalProtect AppCWE-290 5.3 Medium2020-06-10
CVE-2020-2032 GlobalProtect App: File race condition vulnerability leads to local privilege escalation during upgrade — GlobalProtect AppCWE-367 7.0 High2020-06-10

This page lists every published CVE security advisory associated with Palo Alto Networks. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.