IPv6 Packet Processing Vulnerability in Palo Alto Networks PAN-OS
CVE-2026-0280

1.7LOW

Key Information:

Vendor
CVE Published:
9 July 2026

Badges

👾 Exploit Exists

What is CVE-2026-0280?

An IPv6 packet processing vulnerability exists in the dataplane of Palo Alto Networks PAN-OS software. This flaw could allow an unauthenticated attacker to circumvent firewall security policies, leading to unauthorized network traffic being permitted access to protected services. Notably, this vulnerability does not affect Cloud NGFW and Panorama solutions.

Affected Version(s)

PAN-OS 12.1.0 < 12.1.8

PAN-OS 11.2.0 < 11.2.13

PAN-OS 11.1.0 < 11.1.16

References

CVSS V4

Score:
1.7
Severity:
LOW
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Curious of TRAPA Security
.