XML Injection Vulnerability in Palo Alto Networks PAN-OS Large Scale VPN Functionality
CVE-2026-0284

4.7MEDIUM

Key Information:

Vendor
CVE Published:
9 July 2026

Badges

👾 Exploit Exists

What is CVE-2026-0284?

An XML injection vulnerability exists within the Large Scale VPN (LSVPN) functionality of Palo Alto Networks PAN-OS software. This vulnerability allows unauthenticated attackers with access to the network to inject malicious XML content. If exploited, it may lead to unauthorized information disclosure or corruption of critical internal data pertaining to LSVPN satellites. Notably, this issue does not impact Panorama, Cloud NGFW, or Prisma Access.

Affected Version(s)

PAN-OS 12.1.0 < 12.1.4-h8

PAN-OS 11.2.0 < 11.2.4-h20

PAN-OS 11.1.0 < 11.1.4-h35

References

CVSS V4

Score:
4.7
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

our internal security research teams
.