Command Injection Vulnerabilities in Palo Alto Networks PAN-OS Software
CVE-2026-0261

5.7MEDIUM

Key Information:

Vendor: Palo Alto Networks
Status: Cloud Ngfw; Pan-os; Prisma Access
Vendor: CVE Published:; 13 May 2026

🔔 Create Palo Alto Networks Vulnerability Alert

Badges

👾 Exploit Exists

What is CVE-2026-0261?

Multiple command injection vulnerabilities exist in Palo Alto Networks PAN-OS software that can be exploited by an authenticated administrator. This can lead to unauthorized command execution as a root user. To mitigate this risk, it is crucial to limit CLI access to a trusted group of administrators and restrict access to the management web interface to secure internal IP addresses. This vulnerability is relevant for PAN-OS on PA-Series and VM-Series firewalls, as well as Panorama models. It's important to note that Cloud NGFW and Prisma Access services are not affected by these vulnerabilities.

Affected Version(s)

PAN-OS 12.1.0 < 12.1.7, 12.1.4-h5

PAN-OS 11.2.0 < 11.2.12, 11.2.10-h6, 11.2.7-h13, 11.2.4-h17

PAN-OS 11.1.0 < 11.1.15, 11.1.13-h5, 11.1.10-h25, 11.1.7-h6, 11.1.6-h32, 11.1.4-h33

References

https://security.paloaltonetworks.com/CVE-2026-0261

vendor-advisory

CVSS V4

Score:

5.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
May 13, 2026
Vulnerability published
May 13, 2026
Vulnerability Reserved
Nov 3, 2025

Credit

Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue.

CVE-2026-0261 Data

JSON