Server-Side Request Forgery Vulnerability in Palo Alto Networks PAN-OS
CVE-2026-0285
4.4MEDIUM
What is CVE-2026-0285?
An SSRF vulnerability in Palo Alto Networks PAN-OS software permits an authenticated administrator with access to the management web interface to initiate unauthorized requests from the firewall to internal services. This flaw can pose significant security challenges, especially when management interfaces are not adequately protected. Adhering to best practices for restricting access to trusted internal IP addresses can help mitigate risks associated with this vulnerability. Notably, Panorama, Cloud NGFW, and Prisma® Access are unaffected by this issue.
Affected Version(s)
PAN-OS 12.1.0 < 12.1.8
PAN-OS 11.2.0 < 11.2.13
PAN-OS 11.1.0 < 11.1.16
References
CVSS V4
Score:
4.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
High
Availability:
None
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None
Timeline
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved
Credit
our internal security research teams