CVE-2026-0281
Awaiting Analysis Awaiting Analysis - Queue

Information Disclosure in Palo Alto PAN-OS Management Interface

Vulnerability report for CVE-2026-0281, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-09

Last updated on: 2026-07-09

Assigner: Palo Alto Networks, Inc.

Description

An information disclosure vulnerability in Palo Alto Networks PAN-OSยฎ software enables an unauthenticated attacker with network access to the management web interface to obtain web session tokens. This requires a legitimate user to first click on a malicious link provided by the attacker. The security risk posed by this issue is minimized by restricting access to the management web interface to only trusted internal IP addresses according to our recommended best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . This issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series). Cloud NGFW and Prismaยฎ Access are not impacted by this vulnerability.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-09
Last Modified
2026-07-09
Generated
2026-07-10
AI Q&A
2026-07-09
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 4 associated CPEs
Vendor Product Version / Range
palo_alto_networks pan-os From 12.1.8 (inc)
palo_alto_networks pan-os From 11.2.13 (inc)
palo_alto_networks pan-os From 11.1.16 (inc)
palo_alto_networks pan-os to 11.1.16 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-524 The code uses a cache that contains sensitive information, but the cache can be read by an actor outside of the intended control sphere.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-0281 is an information disclosure vulnerability in Palo Alto Networks PAN-OS software. It allows an unauthenticated attacker with network access to the management web interface to obtain web session tokens, but only if a legitimate user first clicks on a malicious link provided by the attacker.

This vulnerability affects PAN-OS software on PA-Series and VM-Series firewalls, as well as Panorama (both virtual and M-Series). Cloud NGFW and Prisma Access are not impacted.

The risk is minimized by restricting management interface access to trusted internal IP addresses, following Palo Alto Networks' recommended best practice deployment guidelines.

Compliance Impact

This vulnerability involves information disclosure through web session tokens, which could potentially expose sensitive session data if exploited.

However, the risk is minimized by restricting access to the management web interface to trusted internal IP addresses, following Palo Alto Networks' best practice deployment guidelines.

There is no direct mention in the provided information about specific impacts on compliance with standards such as GDPR or HIPAA.

Organizations subject to these regulations should consider the potential risk of session token disclosure as it may affect confidentiality requirements, and apply recommended mitigations and patches accordingly.

Impact Analysis

This vulnerability can allow an unauthenticated attacker to obtain web session tokens from the management web interface if a legitimate user clicks on a malicious link. This could potentially lead to unauthorized access to management sessions.

However, the overall security risk is considered low, especially if access to the management interface is properly restricted to trusted internal IP addresses as recommended.

No malicious exploitation of this vulnerability has been observed by Palo Alto Networks.

Detection Guidance

This vulnerability involves an unauthenticated attacker obtaining web session tokens via the management web interface after a legitimate user clicks a malicious link. Detection would focus on monitoring access to the management web interface and unusual session token activity.

No specific detection commands or tools are provided in the available information.

Mitigation Strategies

Immediate mitigation steps include restricting access to the management web interface to only trusted internal IP addresses, following Palo Alto Networks' recommended best practice deployment guidelines.

Upgrading affected PAN-OS software to fixed versions is strongly recommended. The fixed versions are PAN-OS 12.1.8 or later, 11.2.13 or later, or 11.1.16 or later. For unsupported versions, upgrade to a supported fixed version.

Chat Assistant

Ask questions about this CVE
Hi! Iโ€™m here to help you understand CVE-2026-0281. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart