Server-Side Request Forgery Vulnerability in Palo Alto Networks PAN-OS
CVE-2026-0285

4.4MEDIUM

Key Information:

Vendor
CVE Published:
9 July 2026

Badges

👾 Exploit Exists

What is CVE-2026-0285?

An SSRF vulnerability in Palo Alto Networks PAN-OS software permits an authenticated administrator with access to the management web interface to initiate unauthorized requests from the firewall to internal services. This flaw can pose significant security challenges, especially when management interfaces are not adequately protected. Adhering to best practices for restricting access to trusted internal IP addresses can help mitigate risks associated with this vulnerability. Notably, Panorama, Cloud NGFW, and Prisma® Access are unaffected by this issue.

Affected Version(s)

PAN-OS 12.1.0 < 12.1.8

PAN-OS 11.2.0 < 11.2.13

PAN-OS 11.1.0 < 11.1.16

References

CVSS V4

Score:
4.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
High
Availability:
None
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

our internal security research teams
.