CVE-2026-0287

Summary

Multiple denial of service vulnerabilities in Palo Alto Networks PAN-OS® software allow an unauthenticated attacker with network access to cause a denial of service (DoS) condition by sending specially crafted network traffic to or through a dataplane interface. Repeated attempts to trigger this condition result in the firewall entering maintenance mode.

Panorama is not impacted by these vulnerabilities.

Affected Software

VendorProductVersion RangeStatus
Palo Alto NetworksCloud NGFWAllaffected
Palo Alto NetworksPAN-OS12.1.0 < 12.1.4-h8affected
Palo Alto NetworksPAN-OS11.2.0 < 11.2.4-h20affected
Palo Alto NetworksPAN-OS11.1.0 < 11.1.4-h35affected
Palo Alto NetworksPAN-OS10.2.0 < 10.2.7-h36affected
Palo Alto NetworksPrisma Access11.2.0 < 11.2.7-h18affected
Palo Alto NetworksPrisma Access10.2.0 < 10.2.10-h39affected

Weaknesses

  • CWE-754: CWE-754 Improper Check for Unusual or Exceptional Conditions

Workarounds

No known workarounds exist for this issue.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References