PatchSiren cyber security CVE debrief
CVE-2026-0272 Palo Alto Networks CVE debrief
A privilege escalation vulnerability in Palo Alto Networks PAN-OS software allows an authenticated administrator with access to the Command Line Interface (CLI) to perform actions on the device with root privileges. The security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators and by restricting access to the management interface to only trusted internal IP addresses according to best practice deployment guidelines [ref-4]. This issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series). Cloud NGFW, and Prisma Access are not impacted by this vulnerability.
- Vendor
- Palo Alto Networks
- Product
- Cloud NGFW
- CVSS
- MEDIUM 6
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-10
- Original CVE updated
- 2026-06-11
- Advisory published
- 2026-06-10
- Advisory updated
- 2026-06-11
Who should care
Administrators of Palo Alto Networks PAN-OS software, specifically those with access to the Command Line Interface (CLI).
Technical summary
The vulnerability allows an authenticated administrator with CLI access to perform actions with root privileges. The CVSS score for this vulnerability is 6, with a severity rating of MEDIUM.
Defensive priority
MEDIUM
Recommended defensive actions
- Restrict CLI access to a limited group of administrators.
- Restrict access to the management interface to only trusted internal IP addresses.
Evidence notes
The CVE record [cve-org] and NVD detail [nvd] provide additional information on this vulnerability.
Official resources
-
CVE-2026-0272 CVE record
CVE.org
-
CVE-2026-0272 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2026-0272 was published on 2026-06-10T22:16:54.270Z and modified on 2026-06-11T15:21:30.653Z.