Denial of Service Vulnerability in Palo Alto Networks Prisma SD-WAN ION Devices
CVE-2026-0243

4.9MEDIUM

Key Information:

Vendor: Palo Alto Networks
Status: Prisma Sd-wan Ion
Vendor: CVE Published:; 13 May 2026

🔔 Create Palo Alto Networks Vulnerability Alert

Badges

👾 Exploit Exists

What is CVE-2026-0243?

A vulnerability in Palo Alto Networks Prisma SD-WAN ION devices allows unauthenticated adversaries within the same network segment to disrupt service. By sending specially crafted IPv6 packets, attackers can exploit this flaw, leading to potential system unavailability. Organizations utilizing these devices should assess their network configurations to implement security measures that mitigate this risk.

Affected Version(s)

Prisma SD-WAN ION 6.5.0 < 25.3.3

Prisma SD-WAN ION 6.4.0 < 25.1.8

Prisma SD-WAN ION 6.3.0 < 24.3.6

References

https://security.paloaltonetworks.com/CVE-2026-0243

vendor-advisory

CVSS V4

Score:

4.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
May 13, 2026
Vulnerability published
May 13, 2026
Vulnerability Reserved
Nov 3, 2025

Credit

Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue.

CVE-2026-0243 Data

JSON