Authentication Bypass Vulnerability in Palo Alto Networks PAN-OS Software
CVE-2026-0283
4.5MEDIUM
What is CVE-2026-0283?
An identified vulnerability in the Large Scale VPN (LSVPN) functionality of Palo Alto Networks PAN-OS software permits an attacker with network access to circumvent established security measures, enabling unauthorized site-to-site VPN connections. Notably, this issue does not affect Panorama, Cloud NGFW, or Prisma® Access services, ensuring segmented safety for those platforms.
Affected Version(s)
PAN-OS 12.1.0 < 12.1.8
PAN-OS 11.2.0 < 11.2.13
PAN-OS 11.1.0 < 11.1.16
References
CVSS V4
Score:
4.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None
Timeline
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved
Credit
Vaibhav Nagar (internal reporter) and our internal security research teams