CVE-2026-0273
Received Received - Intake
Command Injection in Palo Alto PAN-OS

Publication date: 2026-06-10

Last updated on: 2026-06-10

Assigner: Palo Alto Networks, Inc.

Description
A command injection vulnerability in Palo Alto Networks PAN-OSยฎ software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. To be able to exploit this issue, the user must have access to the PAN-OS CLI or Web UI. The security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators and by restricting access to the management web interface to only trusted internal IP addresses according to our recommended best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . This issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series). Cloud NGFW and Prismaยฎ Access are not affected by this vulnerability.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-10
Last Modified
2026-06-10
Generated
2026-06-11
AI Q&A
2026-06-11
EPSS Evaluated
N/A
NVD
CVE-2026-0273
EUVD
EUVD-2026-36149
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
palo_alto_networks pan-os *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

This vulnerability allows an authenticated administrator to execute arbitrary commands as a root user by bypassing system restrictions, which could lead to unauthorized access or control over the system.

Such unauthorized access and potential misuse of administrative privileges may impact compliance with standards and regulations like GDPR and HIPAA, which require strict controls over access to sensitive data and system integrity.

However, the risk is significantly reduced if best practice deployment guidelines are followed, such as restricting CLI access to a limited group of administrators and limiting management web interface access to trusted internal IP addresses.

Executive Summary

This vulnerability is a command injection flaw in Palo Alto Networks PAN-OS software that allows an authenticated administrator to bypass system restrictions and execute arbitrary commands with root privileges.

To exploit this issue, the attacker must have access to the PAN-OS command line interface (CLI) or the web user interface (Web UI).

The risk is reduced if CLI access is limited to a small group of administrators and if access to the management web interface is restricted to trusted internal IP addresses, following Palo Alto Networks' recommended best practices.

Impact Analysis

If exploited, this vulnerability allows an authenticated administrator to run arbitrary commands as the root user, effectively gaining full control over the affected system.

This could lead to unauthorized changes, data compromise, or disruption of firewall and network security functions.

However, the impact is significantly reduced if access to the CLI and management web interface is properly restricted.

Mitigation Strategies

To mitigate this vulnerability, restrict CLI access to a limited group of administrators.

Additionally, restrict access to the management web interface to only trusted internal IP addresses, following Palo Alto Networks' recommended best practice deployment guidelines.

Chat Assistant
Ask questions about this CVE
Hi! Iโ€™m here to help you understand CVE-2026-0273. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart