PatchSiren cyber security CVE debrief

CVE-2026-0266 Palo Alto Networks CVE debrief

CVE-2026-0266 is a cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software. This vulnerability allows a malicious authenticated administrator to store a JavaScript payload using the web interface. The affected products include PA-Series and VM-Series firewalls and Panorama (virtual and M-Series). However, Cloud NGFW and Prisma Access are not affected by this vulnerability. The Common Vulnerability Scoring System (CVSS) score for this vulnerability is 1.1, indicating a low severity.

Vendor: Palo Alto Networks
Product: Cloud NGFW
CVSS: LOW 1.1
CISA KEV: Not listed in stored evidence
Original CVE published: 2026-06-10
Original CVE updated: 2026-06-11
Advisory published: 2026-06-10
Advisory updated: 2026-06-11

Who should care

Administrators and security teams using Palo Alto Networks PAN-OS software on PA-Series and VM-Series firewalls and Panorama (virtual and M-Series) should be aware of this vulnerability and take necessary actions to mitigate it.

Technical summary

The vulnerability is caused by improper input validation in the web interface of Palo Alto Networks PAN-OS software, allowing an authenticated administrator to inject a JavaScript payload. The CVSS vector for this vulnerability is CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber.

Defensive priority

Low

Recommended defensive actions

Apply the patch or update provided by Palo Alto Networks to fix the vulnerability.
Restrict access to the web interface to only trusted administrators.
Monitor the system for any suspicious activity.

Evidence notes

The CVE record was obtained from the official CVE website and the NVD detail page.

Official resources

CVE-2026-0266 was published on 2026-06-10T22:16:52.787Z and modified on 2026-06-11T15:21:30.653Z.