CVE-2026-0280
Awaiting Analysis
Awaiting Analysis - Queue
IPv6 Packet Processing Bypass in Palo Alto PAN-OS
Vulnerability report for CVE-2026-0280, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-07-09
Last updated on: 2026-07-09
Assigner: Palo Alto Networks, Inc.
Description
Description
An IPv6 packet processing vulnerability in the dataplane of Palo Alto Networks PAN-OSยฎ software enables an unauthenticated attacker to bypass firewall security policy enforcement, allowing network traffic that should be blocked to reach protected services.
Cloud NGFW and Panorama are not impacted by this vulnerability.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| palo_alto_networks | pan-os | 10.2 |
| palo_alto_networks | pan-os | 11.1 |
| palo_alto_networks | pan-os | 11.2 |
| palo_alto_networks | pan-os | 12.1 |
| palo_alto_networks | prisma_access | 10.2 |
| palo_alto_networks | prisma_access | 11.2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-131 | The product does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow. |