Arbitrary File Read and Delete Vulnerability in Palo Alto Networks WildFire Appliances
CVE-2026-0259

5MEDIUM

Key Information:

Vendor: Palo Alto Networks
Status: Wildfire Wf-500 And Wf-500-b
Vendor: CVE Published:; 13 May 2026

🔔 Create Palo Alto Networks Vulnerability Alert

Badges

👾 Exploit Exists

What is CVE-2026-0259?

An arbitrary file read and delete vulnerability exists in Palo Alto Networks WildFire WF-500 and WF-500-B appliances, allowing unauthorized users to access sensitive information and remove files from the system. This issue arises when the appliances operate in their default non-FIPS configuration mode. Customers utilizing WildFire Public cloud services are not affected by this vulnerability. A software update is available to address this issue for on-premise users.

Affected Version(s)

WildFire WF-500 and WF-500-B 12.1.0 < 12.1.7, 12.1.4-h5

WildFire WF-500 and WF-500-B 11.2.0 < 11.2.11,11.2.7-h7

WildFire WF-500 and WF-500-B 11.1.0 < 11.1.13,11.1.10-h8

References

https://security.paloaltonetworks.com/CVE-2026-0259

vendor-advisory

CVSS V4

Score:

Severity:

MEDIUM

Confidentiality:

High

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
May 13, 2026
Vulnerability published
May 13, 2026
Vulnerability Reserved
Nov 3, 2025

Credit

Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue.

CVE-2026-0259 Data

JSON