Buffer Overflow Vulnerabilities in PAN-OS by Palo Alto Networks
CVE-2026-0288
4.8MEDIUM
What is CVE-2026-0288?
Multiple buffer overflow vulnerabilities exist within the User-ID Terminal Server Agent (TSA) component of PAN-OS. These vulnerabilities can be exploited by an unauthenticated attacker with network access, potentially leading to denial of service (DoS) or even arbitrary code execution through specially crafted network traffic. To mitigate risks, Palo Alto Networks recommends restricting TSA connectivity to trusted internal IP addresses, ensuring that deployment guidelines are followed to enhance security.
Affected Version(s)
Cloud NGFW AWS All
PAN-OS 12.1.0 < 12.1.8
PAN-OS 11.2.0 < 11.2.13
References
CVSS V4
Score:
4.8
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None
Timeline
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved
Credit
Liang Zhu