Information Disclosure Vulnerability in Palo Alto Networks PAN-OS Software
CVE-2026-0281

1.7LOW

Key Information:

Vendor
CVE Published:
9 July 2026

Badges

👾 Exploit Exists

What is CVE-2026-0281?

This vulnerability in Palo Alto Networks PAN-OS software allows an unauthenticated attacker with access to the management web interface to potentially obtain web session tokens. Exploitation requires a legitimate user to interact with a malicious link provided by the attacker. It is recommended to restrict access to the management web interface to trusted internal IP addresses as part of best practice deployment guidelines to mitigate the issue.

Affected Version(s)

PAN-OS 12.1.0 < 12.1.8

PAN-OS 11.2.0 < 11.2.13

PAN-OS 11.1.0 < 11.1.16

References

CVSS V4

Score:
1.7
Severity:
LOW
Confidentiality:
High
Integrity:
Low
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

our internal security research teams
.