CVE-2026-0256

Summary

A stored cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS® software enables a malicious authenticated administrator to store a JavaScript payload using the web interface.

This issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series).

Cloud NGFW and Prisma® Access are not impacted by this vulnerability.

Affected Software

VendorProductVersion RangeStatus
Palo Alto NetworksCloud NGFWAllunaffected
Palo Alto NetworksPAN-OS12.1.0 < 12.1.7affected
Palo Alto NetworksPAN-OS11.2.0 < 11.2.12affected
Palo Alto NetworksPAN-OS11.1.0 < 11.1.15affected
Palo Alto NetworksPAN-OS10.2.0 < 10.2.18-h6affected
Palo Alto NetworksPrisma AccessAllunaffected

Weaknesses

  • CWE-79: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Workarounds

Customers with a Threat Prevention subscription can block attacks for this vulnerability by enabling Threat ID 510020 (from Applications and Threats content version 9100-10044 and later).

For these Threat IDs to protect against attacks for this vulnerability:

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

Additional References

References