Command Injection Vulnerability in Palo Alto Networks PAN-OS Software
CVE-2026-0286

6MEDIUM

Key Information:

Vendor
CVE Published:
9 July 2026

Badges

👾 Exploit Exists

What is CVE-2026-0286?

A command injection vulnerability exists in the management plane of Palo Alto Networks PAN-OS software, allowing an authenticated administrator to execute arbitrary operating system commands with root privileges. This poses a significant security risk, particularly if command-line interface (CLI) access is not properly restricted. Administrators are advised to limit CLI access to a select group to mitigate potential exploits. This vulnerability is specific to PAN-OS on PA-Series and VM-Series firewalls as well as Panorama, while Cloud NGFW and Prisma Access services remain unaffected.

Affected Version(s)

PAN-OS 12.1.0 < 12.1.8

PAN-OS 11.2.0 < 11.2.13

PAN-OS 11.1.0 < 11.1.16

References

CVSS V4

Score:
6
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Curious of TRAPA Security
our internal security research teams
.