216.73.216.170

CVE-2026-0265

· Published 13/05/2026 18:16 · Modified 13/05/2026 18:17

Labels: CVE-2026-0265 2026-05-13CVE-2026-0265CWE-347[email protected]

Essential information

Published
13/05/2026 18:16
Modified
13/05/2026 18:17
Author
Creator
CVSS
7.2 HIGH (v3) 7.2 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

An authentication bypass vulnerability in Palo Alto Networks PAN-OS® software enables an unauthenticated attacker with network access to bypass authentication controls when Cloud Authentication Service (CAS) is enabled. The risk is higher if CAS is enabled on the management interface and lower when any other login interfaces are used. The risk of this issue is greatly reduced if you secure access to the management web interface by restricting access to only trusted internal IP addresses according to our recommended best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . This issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series). Cloud NGFW and Prisma Access® are not impacted by this vulnerability.

NVD status

Status
Awaiting Analysis — CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
palo alto networks / pan-os cpe:2.3:a:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*
palo alto networks / pa-series cpe:2.3:a:palo_alto_networks:pa-series:*:*:*:*:*:*:*:*
palo alto networks / vm-series cpe:2.3:a:palo_alto_networks:vm-series:*:*:*:*:*:*:*:*
palo alto networks / panorama cpe:2.3:a:palo_alto_networks:panorama:*:*:*:*:*:*:*:*

References