Multiple Cross Site Scripting Vulnerabilities in Palo Alto Networks PAN-OS Software
CVE-2026-0279
What is CVE-2026-0279?
Palo Alto Networks PAN-OS software has multiple vulnerabilities in the User-ID Authentication Portal and associated features that allow unauthenticated users to store or execute harmful JavaScript payloads. This poses a risk primarily when the management interface is not adequately secured. To minimize potential threats, it is advised to restrict access to the User-ID Authentication Portal to trusted internal IP addresses, following the deployment best practices recommended by Palo Alto Networks. The vulnerability affects PAN-OS deployed on PA-Series, VM-Series firewalls, and Panorama systems, and is not applicable to Cloud NGFW.
Affected Version(s)
PAN-OS 12.1.0
PAN-OS 12.1.0 < 12.1.8
PAN-OS 11.2.0 < 11.2.13
References
CVSS V4
Timeline
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved