Information Disclosure Vulnerability in Palo Alto Networks PAN-OS Software
CVE-2026-0281
1.7LOW
What is CVE-2026-0281?
This vulnerability in Palo Alto Networks PAN-OS software allows an unauthenticated attacker with access to the management web interface to potentially obtain web session tokens. Exploitation requires a legitimate user to interact with a malicious link provided by the attacker. It is recommended to restrict access to the management web interface to trusted internal IP addresses as part of best practice deployment guidelines to mitigate the issue.
Affected Version(s)
PAN-OS 12.1.0 < 12.1.8
PAN-OS 11.2.0 < 11.2.13
PAN-OS 11.1.0 < 11.1.16
References
CVSS V4
Score:
1.7
Severity:
LOW
Confidentiality:
High
Integrity:
Low
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
Unknown
Timeline
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved
Credit
our internal security research teams