CVE-2026-0266
Received Received - Intake
Stored XSS in Palo Alto PAN-OS

Publication date: 2026-06-10

Last updated on: 2026-06-10

Assigner: Palo Alto Networks, Inc.

Description
A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OSยฎ software enables a malicious authenticated administrator to store a JavaScript payload using the web interface. This issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series). Cloud NGFW and Prismaยฎ Access are not affected by this vulnerability.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-10
Last Modified
2026-06-10
Generated
2026-06-11
AI Q&A
2026-06-11
EPSS Evaluated
N/A
NVD
CVE-2026-0266
EUVD
EUVD-2026-36134
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
palo_alto_networks pan-os *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a cross-site scripting (XSS) issue in Palo Alto Networks PAN-OSยฎ software. It allows a malicious authenticated administrator to store a JavaScript payload via the web interface.

The vulnerability affects PAN-OS software running on PA-Series and VM-Series firewalls, as well as Panorama (virtual and M-Series). Cloud NGFW and Prismaยฎ Access are not affected.

Impact Analysis

An attacker who is an authenticated administrator could exploit this vulnerability to inject and store malicious JavaScript code in the web interface. This could potentially lead to unauthorized actions or compromise of the management interface.

Chat Assistant
Ask questions about this CVE
Hi! Iโ€™m here to help you understand CVE-2026-0266. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart