CVE-2026-0279
Awaiting Analysis
Awaiting Analysis - Queue
Stored XSS in Palo Alto PAN-OS Authentication Portal
Vulnerability report for CVE-2026-0279, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-07-09
Last updated on: 2026-07-09
Assigner: Palo Alto Networks, Inc.
Description
Description
Multiple cross site scripting vulnerabilities in the User-ID™ Authentication Portal (aka Captive Portal) service, GlobalProtect™ gateway/portal features and Clientless VPN of Palo Alto Networks PAN-OS® software enables a malicious unauthenticated user to store or execute malicious JavaScript payload.
The security risk posed by this issue is minimized when the management interface and access to the User-ID™ Authentication Portal is restricted to only trusted internal IP addresses according to our recommended best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .
This issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series).
Cloud NGFW is not affected by this vulnerability.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| palo_alto_networks | pan-os | to 12.1.8 (exc) |
| palo_alto_networks | pan-os | to 11.2.13 (exc) |
| palo_alto_networks | pan-os | to 11.1.16 (exc) |
| palo_alto_networks | pan-os | 10.2 |
| palo_alto_networks | prisma_access | to 12.1.8 (exc) |
| palo_alto_networks | prisma_access | 11.2 |
| palo_alto_networks | prisma_access | 10.2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |