PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-0244 Palo Alto Networks CVE debrief

CVE-2026-0244 is an improper certificate validation vulnerability in Palo Alto Networks Prisma SD-WAN ION. This vulnerability enables a man-in-the-middle (MitM) attacker to impersonate the controller. The CVSS score is 5.2, and the severity is MEDIUM. The affected versions include 6.3.1 to 6.3.6, 6.4.1 to 6.4.3, and 6.5.1 to 6.5.3. Specific builds like 6.3.6:b6, 6.3.6:b9, 6.4.3:b6, 6.4.3:b8, 6.5.3:b11, 6.5.3:b9, and 6.5.3:i-b10 are also vulnerable. Organizations should prioritize patching this vulnerability to prevent potential man-in-the-middle attacks. The vulnerability allows an attacker to impersonate the controller, potentially leading to unauthorized access or data breaches.

Vendor
Palo Alto Networks
Product
Prisma SD-WAN ION
CVSS
MEDIUM 5.2
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-13
Original CVE updated
2026-07-14
Advisory published
2026-05-13
Advisory updated
2026-07-14

Who should care

Organizations using Palo Alto Networks Prisma SD-WAN ION should prioritize patching this vulnerability to prevent potential man-in-the-middle attacks.

Technical summary

The vulnerability exists in the Palo Alto Networks Prisma SD-WAN ION due to improper certificate validation. This allows an attacker to impersonate the controller, potentially leading to unauthorized access or data breaches. The affected versions include 6.3.1 to 6.3.6, 6.4.1 to 6.4.3, and 6.5.1 to 6.5.3. Specific builds like 6.3.6:b6, 6.3.6:b9, 6.4.3:b6, 6.4.3:b8, 6.5.3:b11, 6.5.3:b9, and 6.5.3:i-b10 are also vulnerable.

Defensive priority

Medium priority should be given to patching this vulnerability, as it could allow for eavesdropping or impersonation of the controller in a man-in-the-middle attack.

Recommended defensive actions

  • Inventory and assess Palo Alto Networks Prisma SD-WAN ION instances for vulnerability
  • Apply patches or updates provided by Palo Alto Networks
  • Implement compensating controls such as additional monitoring or network segmentation if patching is not immediately feasible
  • Verify the integrity of certificates used in the environment
  • Consider enhancing network security posture to detect and prevent man-in-the-middle attacks

Evidence notes

The CVE record was published on 2026-05-13T19:16:58.297Z and was last modified on 2026-07-14T14:16:14.433Z. The NVD entry is currently Analyzed. The source detail is limited, and evidence limits suggest that defenders should verify the integrity of certificates used in the environment and consider enhancing network security posture to detect and prevent man-in-the-middle attacks. Additional verification tasks are recommended to ensure the accuracy of the information.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-05-13T19:16:58.297Z and has not been modified since then. The NVD entry is currently Analyzed.