CVE-2026-0280
1.7
Vector
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:D/RE:M/U:AmberShow more
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:D/RE:M/U:AmberShow less
Source: psirt@paloaltonetworks.com (Secondary)
Description
An IPv6 packet processing vulnerability in the dataplane of Palo Alto Networks PAN-OS® software enables an unauthenticated attacker to bypass firewall security policy enforcement, allowing network traffic that should be blocked to reach protected services.
Cloud NGFW and Panorama are not impacted by this vulnerability.
Affected (203)
Products: Paloaltonetworks: Pan Os
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| From 10.2.0 to 10.2.7 |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| From 11.1.0 to 11.1.4 |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| From 11.2.0 to 11.2.4 |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| From 12.1.2 to 12.1.4 |
References (1)
Source: psirt@paloaltonetworks.com
Vendor Advisory
Timeline
No history available yet.