CVE-2026-0279
Awaiting Analysis Awaiting Analysis - Queue

Stored XSS in Palo Alto PAN-OS Authentication Portal

Vulnerability report for CVE-2026-0279, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-09

Last updated on: 2026-07-09

Assigner: Palo Alto Networks, Inc.

Description

Multiple cross site scripting vulnerabilities in the User-ID™ Authentication Portal (aka Captive Portal) service, GlobalProtect™ gateway/portal features and Clientless VPN of Palo Alto Networks PAN-OS® software enables a malicious unauthenticated user to store or execute malicious JavaScript payload. The security risk posed by this issue is minimized when the management interface and access to the User-ID™ Authentication Portal is restricted to only trusted internal IP addresses according to our recommended best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . This issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series). Cloud NGFW is not affected by this vulnerability.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-09
Last Modified
2026-07-09
Generated
2026-07-10
AI Q&A
2026-07-09
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 7 associated CPEs
Vendor Product Version / Range
palo_alto_networks pan-os to 12.1.8 (exc)
palo_alto_networks pan-os to 11.2.13 (exc)
palo_alto_networks pan-os to 11.1.16 (exc)
palo_alto_networks pan-os 10.2
palo_alto_networks prisma_access to 12.1.8 (exc)
palo_alto_networks prisma_access 11.2
palo_alto_networks prisma_access 10.2

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-0279 involves multiple cross-site scripting (XSS) vulnerabilities in Palo Alto Networks PAN-OS software, specifically in the User-ID Authentication Portal, GlobalProtect gateway/portal features, and Clientless VPN.

These vulnerabilities allow a malicious unauthenticated user to store or execute malicious JavaScript payloads, potentially compromising the affected systems.

The risk is reduced when management interfaces and access to the User-ID Authentication Portal are restricted to trusted internal IP addresses, following Palo Alto Networks' best practice deployment guidelines.

Impact Analysis

This vulnerability can allow an unauthenticated attacker to execute malicious JavaScript code within the affected PAN-OS components, potentially leading to unauthorized actions or data exposure.

However, the security risk is minimized if access to the management interface and User-ID Authentication Portal is restricted to trusted internal IP addresses.

Palo Alto Networks has not observed any malicious exploitation of these vulnerabilities so far.

Upgrading to fixed versions of PAN-OS or Prisma Access software is recommended to fully mitigate the risk.

Detection Guidance

There are no specific detection commands or methods provided in the available information to identify this vulnerability on your network or system.

Mitigation Strategies

To mitigate this vulnerability, you should upgrade affected PAN-OS software to fixed versions: PAN-OS 12.1.8 or later, PAN-OS 11.2.13 or later, PAN-OS 11.1.16 or later, or any supported version for older PAN-OS releases.

For Prisma Access users, upgrade to version 12.1.8 or later.

Additionally, restrict management interface and User-ID Authentication Portal access to trusted internal IP addresses according to Palo Alto Networks' best practice deployment guidelines to minimize risk.

Compliance Impact

The provided information does not specify how the multiple cross site scripting vulnerabilities in Palo Alto Networks PAN-OS software impact compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-0279. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart