Cross-Site Scripting Vulnerability in Palo Alto Networks PAN-OS Software
CVE-2026-0266
What is CVE-2026-0266?
A cross-site scripting (XSS) vulnerability has been identified in the PAN-OS software developed by Palo Alto Networks. This issue allows a malicious authenticated administrator to inject a JavaScript payload via the web interface, potentially compromising the integrity of the affected system. The vulnerability impacts the PA-Series and VM-Series firewalls, as well as the Panorama (virtual and M-Series) management platform. It is important to note that Cloud NGFW and Prisma® Access are not affected by this issue. Organizations utilizing these products should assess their configurations and apply necessary mitigations to protect against potential exploitation.
Affected Version(s)
PAN-OS 12.1.0 < 12.1.5
PAN-OS 11.2.0 < 11.2.11
PAN-OS 11.1.0 < 11.1.14
References
CVSS V4
Timeline
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved