Improper Certificate Validation in Palo Alto Networks Prisma SD-WAN ION
CVE-2026-0244

5.2MEDIUM

Key Information:

Vendor

Palo Alto Networks
Status
Prisma Sd-wan Ion
Vendor
CVE Published:
13 May 2026

Badges

👾 Exploit Exists

What is CVE-2026-0244?

An improper certificate validation vulnerability exists in the Palo Alto Networks Prisma SD-WAN ION, allowing a man-in-the-middle (MitM) attacker to impersonate the controller. This vulnerability could lead to unauthorized access and manipulation of sensitive data by intercepting communications.

Affected Version(s)

Prisma SD-WAN ION 6.5.0 < 6.5.3-b15

Prisma SD-WAN ION 6.4.0 < 6.4.3-b8

Prisma SD-WAN ION 6.3.0 < 6.3.6-b10

References

https://security.paloaltonetworks.com/CVE-2026-0244
vendor-advisory

CVSS V4

Score:
5.2
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue.
.