IPv6 Packet Processing Vulnerability in Palo Alto Networks PAN-OS
CVE-2026-0280
1.7LOW
What is CVE-2026-0280?
An IPv6 packet processing vulnerability exists in the dataplane of Palo Alto Networks PAN-OS software. This flaw could allow an unauthenticated attacker to circumvent firewall security policies, leading to unauthorized network traffic being permitted access to protected services. Notably, this vulnerability does not affect Cloud NGFW and Panorama solutions.
Affected Version(s)
PAN-OS 12.1.0 < 12.1.8
PAN-OS 11.2.0 < 11.2.13
PAN-OS 11.1.0 < 11.1.16
References
CVSS V4
Score:
1.7
Severity:
LOW
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None
Timeline
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved
Credit
Curious of TRAPA Security