PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-0243 Palo Alto Networks CVE debrief

CVE-2026-0243 is a denial of service (DoS) vulnerability in Palo Alto Networks Prisma SD-WAN ION devices. An unauthenticated attacker in a network adjacent to a Prisma SD-WAN ION device can cause a system disruption by sending a specially crafted IPv6 packet. This vulnerability has a CVSS score of 4.9, indicating a medium severity level. The vulnerability exists due to improper handling of specially crafted IPv6 packets. Organizations should be aware of this vulnerability and take necessary precautions.

Vendor
Palo Alto Networks
Product
Prisma SD-WAN ION
CVSS
MEDIUM 4.9
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-13
Original CVE updated
2026-07-14
Advisory published
2026-05-13
Advisory updated
2026-07-14

Who should care

Organizations using Palo Alto Networks Prisma SD-WAN ION devices, particularly those with versions 6.3.1 to 6.3.6, 6.4.1 to 6.4.3, and 6.5.1 to 6.5.3, should be aware of this vulnerability and take necessary precautions. Operators, platform administrators, vulnerability management teams, and security teams may be impacted by this vulnerability.

Technical summary

The vulnerability exists in the Prisma SD-WAN ION devices due to improper handling of specially crafted IPv6 packets. An unauthenticated attacker with network access can exploit this vulnerability to cause a system disruption, resulting in a denial of service (DoS) condition. The CVSS score for this vulnerability is 4.9, indicating a medium severity level. Affected product deployments should be identified and assessed for vulnerability.

Defensive priority

Medium

Recommended defensive actions

  • Inventory and assess Prisma SD-WAN ION devices for vulnerability
  • Apply vendor-provided patches or updates
  • Implement compensating controls, such as network segmentation and access controls
  • Monitor for suspicious network activity
  • Verify and test remediation

Evidence notes

The CVE record was published on 2026-05-13T20:16:18.043Z and was last modified on 2026-07-14T16:39:30.347Z. The NVD entry is currently Analyzed. This information is based on the NVD entry and the CVE record. The vulnerability affects Palo Alto Networks Prisma SD-WAN ION devices. The evidence is limited to the information provided in the CVE record and NVD entry.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-05-13T20:16:18.043Z and has not been modified since then. The NVD entry is currently Analyzed.