Authentication Bypass Vulnerability in Palo Alto Networks PAN-OS Software
CVE-2026-0283

4.5MEDIUM

Key Information:

Vendor
CVE Published:
9 July 2026

Badges

👾 Exploit Exists

What is CVE-2026-0283?

An identified vulnerability in the Large Scale VPN (LSVPN) functionality of Palo Alto Networks PAN-OS software permits an attacker with network access to circumvent established security measures, enabling unauthorized site-to-site VPN connections. Notably, this issue does not affect Panorama, Cloud NGFW, or Prisma® Access services, ensuring segmented safety for those platforms.

Affected Version(s)

PAN-OS 12.1.0 < 12.1.8

PAN-OS 11.2.0 < 11.2.13

PAN-OS 11.1.0 < 11.1.16

References

CVSS V4

Score:
4.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Vaibhav Nagar (internal reporter) and our internal security research teams
.