Buffer Overflow Vulnerability in PAN-OS Software by Palo Alto Networks
CVE-2026-0263

7.2HIGH

Key Information:

Vendor: Palo Alto Networks
Status: Cloud Ngfw; Pan-os; Prisma Access
Vendor: CVE Published:; 13 May 2026

🔔 Create Palo Alto Networks Vulnerability Alert

Badges

👾 Exploit Exists

What is CVE-2026-0263?

A significant buffer overflow vulnerability has been identified in the IKEv2 processing of Palo Alto Networks PAN-OS software. This security flaw allows unauthenticated network-based attackers to execute arbitrary code with elevated privileges, posing serious risks to firewall security. Additionally, the vulnerability could lead to a denial of service (DoS) condition, disrupting critical network operations. It is important to note that affected users should apply the necessary patches to safeguard their systems, as Panorama, Cloud NGFW, and Prisma® Access remain unaffected.

Affected Version(s)

PAN-OS 12.1.0 < 12.1.7, 12.1.4-h5

PAN-OS 11.2.0 < 11.2.12, 11.2.10-h6, 11.2.7-h13, 11.2.4-h17

PAN-OS 11.1.0 < 11.1.15, 11.1.13-h5, 11.1.10-h25, 11.1.7-h6, 11.1.6-h32, 11.1.4-h33

References

https://security.paloaltonetworks.com/CVE-2026-0263

vendor-advisory

CVSS V4

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
May 13, 2026
Vulnerability published
May 13, 2026
Vulnerability Reserved
Nov 3, 2025

Credit

our internal security research teams

CVE-2026-0263 Data

JSON