CVE-2026-0264
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N/E:U/AU:Y/R:U/V:C/RE:H/U:Red
Summary
A buffer overflow vulnerability in the DNS proxy and DNS Server features of Palo Alto Networks PAN-OS® Software allows an unauthenticated attacker with network access to cause a denial of service (DoS) condition (all PAN-OS platforms except Cloud NGFW and Prisma Access) or potentially execute arbitrary code by sending specially crafted network traffic (PA-Series hardware only).
Panorama, Cloud NGFW, and Prisma® Access are not impacted by this vulnerability.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Palo Alto Networks | Cloud NGFW | All | unaffected |
| Palo Alto Networks | PAN-OS | 12.1.0 < 12.1.7, 12.1.4-h5 | affected |
| Palo Alto Networks | PAN-OS | 11.2.0 < 11.2.12, 11.2.10-h6, 11.2.7-h13, 11.2.4-h17 | affected |
| Palo Alto Networks | PAN-OS | 11.1.0 < 11.1.15, 11.1.13-h5, 11.1.10-h25, 11.1.7-h6, 11.1.6-h32, 11.1.4-h33 | affected |
| Palo Alto Networks | PAN-OS | 10.2.0 < 10.2.18-h6, 10.2.16-h7, 10.2.13-h21, 10.2.10-h36, 10.2.7-h34 | affected |
| Palo Alto Networks | Prisma Access | All | unaffected |
Weaknesses
- CWE-122: CWE-122 Heap-based Buffer Overflow
Workarounds
Customers can mitigate the risk of this issue by taking either of the following actions:
Action 1:
- Disassociate DNS Proxy from externally accessible interfaces in order to reduce your attack surface; AND
- Configure DNS server with a RFC1918 or a public trusted IP address.
OR Action 2:
- Disable the DNS Proxy feature (Network > DNS Proxy) if it is not being used; AND
- Configure DNS server with a RFC1918 or a public trusted IP address.
Customers with a Threat Prevention subscription can block attacks for this vulnerability by enabling Threat ID 510027 from Applications and Threats content version 9100-10044 and later.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.