These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2026-0274 is a HIGH severity vulnerability in the CommvaultSecurityIQ integration for Cortex XSOAR and Cortex XSIAM. An unauthenticated attacker can access and modify protected resources due to improper validation of credentials. The vulnerability has a CVSS score of 8.1.
A privilege escalation vulnerability in Palo Alto Networks PAN-OS software allows an authenticated administrator with access to the Command Line Interface (CLI) to perform actions on the device with root privileges. The security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators and by restricting access to the management interface to onl [truncated]
CVE-2026-0271 is a medium-severity privilege escalation (PE) vulnerability in the Palo Alto Networks Prisma Access Agent app on Linux devices. This vulnerability enables a local user to execute code with elevated privileges. The vulnerability does not impact Prisma Access Agent on Windows, macOS, iOS, Android, or ChromeOS. The CVSS score for this vulnerability is 5.9.
A path traversal vulnerability in Palo Alto Networks Cortex XSOAR engine software running on Linux allows an unauthenticated attacker on an adjacent network, with the ability to intercept and manipulate network response traffic via a man-in-the-middle (MITM) attack, to write arbitrary files to the host.
CVE-2026-0269 is a memory corruption vulnerability in Palo Alto Networks PAN-OS software. An authenticated user can initiate system reboots using a maliciously crafted packet. Repeated attempts to initiate a reboot causes the firewall to enter maintenance mode. This vulnerability has a CVSS score of 4.6 and is classified as MEDIUM severity. Panorama, Cloud NGFW, and Prisma Access are not impacted by this [truncated]
A security control bypass vulnerability in Prisma Access Agent for Linux allows a local attacker to route network traffic outside the VPN tunnel. This vulnerability does not impact Prisma Access Agent on Windows, macOS, iOS, Android, or ChromeOS.
CVE-2026-0267 is a MEDIUM-severity vulnerability in the Palo Alto Networks GlobalProtect app on macOS. The vulnerability enables a local user to learn the configured passcodes for disabling, disconnecting, or uninstalling the GlobalProtect app. After obtaining the passcode, the user can perform these actions even if the GlobalProtect app configuration would not normally permit them to do so. The vulnerabi [truncated]
CVE-2026-0266 is a cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software. This vulnerability allows a malicious authenticated administrator to store a JavaScript payload using the web interface. The affected products include PA-Series and VM-Series firewalls and Panorama (virtual and M-Series). However, Cloud NGFW and Prisma Access are not affected by this vulnerability. The Commo [truncated]
Palo Alto Networks PAN-OS contains an authentication bypass vulnerability. CISA added this issue to the Known Exploited Vulnerabilities catalog on 2026-05-29 with a remediation due date of 2026-06-01, indicating active exploitation in the wild. Federal agencies and organizations following CISA guidance must apply mitigations by the due date. The exact affected versions, root cause, and complete attack vec [truncated]
CVE-2026-0262 is a medium severity vulnerability in Palo Alto Networks PAN-OS software that allows an unauthenticated attacker to cause a denial of service (DoS) condition by sending specially crafted network traffic. The vulnerability has a CVSS score of 6.6 and was published on [cvePublishedAt](https://www.cve.org/CVERecord?id=CVE-2026-0262).
CVE-2026-0261 is a medium-severity vulnerability (CVSS Score: 6.1) that affects Palo Alto Networks PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series). The vulnerability allows an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user via the PAN-OS CLI or Web UI. The security risk is minimized when CLI access is restrict [truncated]
A server-side request forgery (SSRF) vulnerability in the IKEv2 implementation of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to cause the firewall to send network requests to unintended destinations or cause a denial of service (DoS) condition. Panorama, Cloud NGFW and Prisma Access are not impacted by these vulnerabilities.
A stored cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a malicious authenticated administrator to store a JavaScript payload using the web interface. This issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series). Cloud NGFW and Prisma Access are not impacted by this vulnerability.
CVE-2026-0265 is an authentication bypass vulnerability in Palo Alto Networks PAN-OS software. This issue enables an unauthenticated attacker with network access to bypass authentication controls when Cloud Authentication Service (CAS) is enabled. The risk is higher if CAS is enabled on the management interface and lower when any other login interfaces are used. The risk of this issue is greatly reduced i [truncated]
CVE-2026-0264 is a buffer overflow vulnerability in the DNS proxy and DNS Server features of Palo Alto Networks PAN-OS Software. An unauthenticated attacker with network access can cause a denial of service (DoS) condition on all PAN-OS platforms except Cloud NGFW and Prisma Access. On PA-Series hardware only, the attacker may potentially execute arbitrary code by sending specially crafted network traffic [truncated]
CVE-2026-0300 is an out-of-bounds write vulnerability in Palo Alto Networks PAN-OS that CISA added to the Known Exploited Vulnerabilities catalog on 2026-05-06. The supplied CISA entry includes urgent mitigation guidance: apply vendor mitigations when available, restrict User-ID Authentication Portal access to trusted zones, and disable the portal if it is not required.
CVE-2025-0133 was published on 2025-06-10 and updated on 2026-03-12. The supplied source corpus describes a reflected cross-site scripting (XSS) issue in GlobalProtect gateway and portal features that can execute malicious JavaScript in an authenticated Captive Portal user's browser after they click a specially crafted link. The main impact described is phishing and credential theft, especially where Clie [truncated]
A missing exception check in Palo Alto Networks PAN-OS® software with the web proxy feature enabled allows an unauthenticated attacker to send a burst of maliciously crafted packets that causes the firewall to become unresponsive and eventually reboot. Repeated successful attempts to trigger this condition will cause the firewall to enter maintenance mode. This vulnerability affects Siemens RUGGEDCOM APE1 [truncated]
CVE-2025-0111 is a Palo Alto Networks PAN-OS file read vulnerability that CISA added to its Known Exploited Vulnerabilities catalog on 2025-02-20. KEV inclusion means the issue is considered actively exploited or of confirmed exploitation concern, so defenders should treat it as a high-priority remediation item even though the provided source corpus does not include a CVSS score or deeper technical detail.
CVE-2025-0108 is a Palo Alto Networks PAN-OS authentication bypass vulnerability that CISA added to the Known Exploited Vulnerabilities catalog on 2025-02-18. Because it is a KEV-listed issue, defenders should treat it as a high-priority exposure and follow vendor remediation guidance immediately. The supplied corpus does not include affected version ranges or patch details, so those should be verified in [truncated]
CVE-2024-3393 is a Palo Alto Networks PAN-OS issue described in the supplied record as a malicious DNS packet vulnerability. CISA lists it in the Known Exploited Vulnerabilities catalog, which means defenders should treat it as an active risk and prioritize mitigation. The supplied corpus does not include affected versions, impact details, or vendor remediation steps, so the safest approach is to use the [truncated]
An improper input neutralization vulnerability in the management web interface of Palo Alto Networks PAN-OS® software enables a malicious authenticated read-write administrator to impersonate another legitimate authenticated PAN-OS administrator. This vulnerability affects Siemens RUGGEDCOM APE1808 devices that incorporate Palo Alto Networks Virtual NGFW. The issue was first published on November 22, 2024 [truncated]
A denial-of-service vulnerability in the Simple Certificate Enrollment Protocol (SCEP) authentication feature of Palo Alto Networks PAN-OS software allows unauthenticated attackers to trigger system reboots via maliciously crafted packets. Repeated exploitation can force affected firewalls into maintenance mode, causing sustained service disruption. The vulnerability affects Siemens RUGGEDCOM APE1808 devi [truncated]
A session fixation vulnerability in GlobalProtect™ SAML authentication allows attackers to impersonate legitimate users after tricking them into clicking a malicious link. This affects Siemens RUGGEDCOM APE1808 devices running Palo Alto Networks Virtual NGFW. The vulnerability was disclosed in November 2024 and carries a CRITICAL CVSS 9.6 score due to network attack vector, low complexity, and high impact [truncated]
An improper input neutralization vulnerability in the management web interface of Palo Alto Networks PAN-OS software enables a malicious authenticated read-write administrator to impersonate another legitimate authenticated PAN-OS administrator. This vulnerability affects Siemens RUGGEDCOM APE1808 devices that incorporate Palo Alto Networks Virtual NGFW. The issue was first published on 2024-11-22 and mos [truncated]
An authenticated file deletion vulnerability in Palo Alto Networks PAN-OS® software affects Siemens RUGGEDCOM APE1808 devices when configured with Palo Alto Networks Virtual NGFW. An attacker with authenticated access to the management web interface can delete certain files as the 'nobody' user, including limited logs and configuration files. System files are not affected. The vulnerability requires netwo [truncated]
A vulnerability in Palo Alto Networks PAN-OS software enables unlicensed administrators to view clear-text data captured using the packet capture feature in decrypted HTTP/2 data streams traversing network interfaces on the firewall. HTTP/1.1 data streams are not impacted. This vulnerability affects Siemens RUGGEDCOM APE1808 devices that incorporate Palo Alto Networks Virtual NGFW. The issue was disclosed [truncated]
A Denial of Service (DoS) vulnerability in Palo Alto Networks PAN-OS software causes the firewall to unexpectedly reboot when processing a specially crafted LLDP frame sent by an unauthenticated adjacent attacker. Repeated attempts to initiate this condition causes the firewall to enter maintenance mode.
CVE-2025-0115 is a medium-severity vulnerability (CVSS 5.5) affecting Palo Alto Networks PAN-OS software as deployed on Siemens RUGGEDCOM APE1808 devices. Published on 2024-11-22 and last modified on 2025-06-10, this vulnerability enables an authenticated administrator with PAN-OS CLI access to read arbitrary files on the system. Exploitation requires network access to the management interface (web, SSH, [truncated]
A command injection vulnerability exists in the Palo Alto Networks PAN-OS OpenConfig plugin, affecting Siemens RUGGEDCOM APE1808 devices that incorporate this component. An authenticated administrator with gNMI request capabilities to the PAN-OS management web interface can bypass system restrictions and execute arbitrary commands as the '__openconfig' user, which holds Device Administrator privileges on [truncated]
CVE-2025-0109 is a medium-severity unauthenticated file deletion vulnerability affecting the Palo Alto Networks PAN-OS management web interface. Published on 2024-11-22 and last modified on 2025-06-10, this vulnerability enables an unauthenticated attacker with network access to the management web interface to delete certain files as the 'nobody' user. The impact is limited to specific logs and configurat [truncated]
A command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to bypass system restrictions in the management plane and delete files on the firewall. This vulnerability affects Siemens RUGGEDCOM APE1808 devices that incorporate Palo Alto Networks Virtual NGFW. The issue requires local access and high privileges, with a CVSS 3.1 score of 6.0 (MEDIUM). The vu [truncated]
A null pointer dereference vulnerability in the GlobalProtect gateway of Palo Alto Networks PAN-OS software allows unauthenticated remote attackers to cause denial of service (DoS) by stopping the GlobalProtect service through a specially crafted packet. Repeated exploitation can force the firewall into maintenance mode. This vulnerability affects Siemens RUGGEDCOM APE1808 devices that incorporate Palo Al [truncated]
CVE-2024-9474 is a Palo Alto Networks PAN-OS management interface OS command injection vulnerability that CISA has placed in the Known Exploited Vulnerabilities catalog. The supplied source metadata marks it as known exploited and notes known ransomware campaign use. Because this affects the management interface, exposure reduction and vendor-directed mitigation should be treated as urgent defensive work, [truncated]
CVE-2024-0012 is a Palo Alto Networks PAN-OS management interface authentication bypass vulnerability that CISA lists in its Known Exploited Vulnerabilities catalog. CISA also marks the vulnerability as having known ransomware campaign use, so organizations should treat exposed or remotely reachable management interfaces as an urgent risk and follow vendor mitigation guidance immediately.
CVE-2024-9465 is a Palo Alto Networks Expedition SQL injection vulnerability that CISA added to the Known Exploited Vulnerabilities catalog on 2024-11-14. Because it is listed in KEV, defenders should treat it as an active exposure rather than a theoretical issue. CISA’s required action is to apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
CVE-2024-9463 is a Palo Alto Networks Expedition OS command injection vulnerability. It was added to CISA’s Known Exploited Vulnerabilities catalog on 2024-11-14, which makes it a high-priority issue for defenders using Expedition. The supplied source corpus does not provide a CVSS score, but the KEV listing indicates known exploitation and sets a remediation due date of 2024-12-05.
CVE-2024-5910 is a missing authentication vulnerability in Palo Alto Networks Expedition. CISA added it to the Known Exploited Vulnerabilities catalog on 2024-11-07, which means it is treated as an exploited issue and should be handled as a high-priority defensive item. The supplied corpus does not include a CVSS score, so remediation urgency should be driven by the KEV listing and vendor guidance.
A privilege escalation vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated administrator with restricted privileges to use a compromised XML API key to perform actions as a higher-privileged administrator. The vulnerability was published on July 9, 2024, and affects Siemens RUGGEDCOM APE1808 devices running Palo Alto Networks Virtual NGFW. An attacker with read-only [truncated]
CVE-2024-3400 affects Palo Alto Networks PAN-OS and is identified by CISA as a known exploited vulnerability. The KEV entry was added on 2024-04-12, the same date as the supplied CVE publication date, and CISA set a remediation due date of 2024-04-19. CISA also marks the vulnerability as having known ransomware campaign use, which raises the defensive urgency. The supplied official guidance points defende [truncated]
CVE-2022-0028 is a Palo Alto Networks PAN-OS reflected amplification denial-of-service vulnerability. CISA listed it in the Known Exploited Vulnerabilities catalog on 2022-08-22, which signals that it was considered actively exploited or otherwise confirmed as a priority risk for defenders. The supplied record does not include a CVSS score or version-specific scope, so the safest response is to treat expo [truncated]
CVE-2017-15944 is a Palo Alto Networks PAN-OS remote code execution vulnerability that CISA lists in its Known Exploited Vulnerabilities catalog. For defenders, the key point is not just the vulnerability type, but the fact that it has been treated as known exploited and assigned a remediation deadline in the CISA KEV program. The provided corpus does not include exploit conditions, affected versions, or [truncated]
CVE-2020-2021 is a Palo Alto Networks PAN-OS authentication bypass vulnerability that CISA added to its Known Exploited Vulnerabilities catalog on 2022-03-25. Because CISA also marked it as having known ransomware campaign use, defenders should treat it as a high-priority remediation item and apply vendor-directed updates as soon as possible.
CVE-2019-1579 is a Palo Alto Networks PAN-OS remote code execution vulnerability that CISA has included in the Known Exploited Vulnerabilities catalog. The supplied CISA metadata also marks it as associated with known ransomware campaign use and directs organizations to apply updates per vendor instructions. For defenders, this is a high-priority patching and exposure-management item for any environment r [truncated]