CVE-2026-0283
Awaiting Analysis Awaiting Analysis - Queue

Authentication Bypass in Palo Alto PAN-OS LSVPN

Vulnerability report for CVE-2026-0283, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-09

Last updated on: 2026-07-09

Assigner: Palo Alto Networks, Inc.

Description

An authentication bypass vulnerability in Large Scale VPN ( LSVPN) functionality of Palo Alto Networks PAN-OS software allows an attacker with network access to bypass security restrictions and establish an unauthorized site-to-site VPN connection. Panorama, Cloud NGFW, and Prismaยฎ Access are not impacted by this vulnerability.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-09
Last Modified
2026-07-09
Generated
2026-07-10
AI Q&A
2026-07-09
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 5 associated CPEs
Vendor Product Version / Range
palo_alto_networks pan_os *
palo_alto_networks pan-os 10.2
palo_alto_networks pan-os 11.1
palo_alto_networks pan-os 11.2
palo_alto_networks pan-os 12.1

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-306 The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Detection Guidance

Detection of this vulnerability involves monitoring for unauthorized site-to-site VPN connections that bypass authentication in the Large Scale VPN (LSVPN) functionality of Palo Alto Networks PAN-OS software.

A temporary mitigation includes enabling Threat ID 510032 in the Threat Prevention subscription, which may help detect some exploitation attempts, although coverage is limited.

Specific commands to detect this vulnerability are not provided in the available resources.

Mitigation Strategies

Immediate mitigation steps include upgrading affected PAN-OS versions (10.2, 11.1, 11.2, and 12.1) to the patched releases provided by Palo Alto Networks.

As a temporary measure, enable Threat ID 510032 in the Threat Prevention subscription to provide limited detection and mitigation coverage against exploitation attempts.

Additionally, restrict access to the management interface from external IP addresses to reduce the risk of exploitation.

Executive Summary

CVE-2026-0283 is an authentication bypass vulnerability in the Large Scale VPN (LSVPN) functionality of Palo Alto Networks PAN-OS software.

This flaw allows an attacker who has network access to bypass security restrictions and establish an unauthorized site-to-site VPN connection.

The vulnerability affects specific versions of PAN-OS 10.2, 11.1, 11.2, and 12.1, but does not impact Panorama, Cloud NGFW, or Prisma Access.

Impact Analysis

This vulnerability can allow an attacker to bypass authentication and security restrictions to establish an unauthorized site-to-site VPN connection.

Such unauthorized VPN connections could potentially expose internal network resources to attackers, increasing the risk of data breaches or unauthorized access.

The risk is higher if the management interface of the affected PAN-OS device is accessible from external IP addresses.

Users are advised to upgrade to patched versions to mitigate this risk, or apply a temporary mitigation by enabling Threat ID 510032 in the Threat Prevention subscription, although this offers limited coverage.

Compliance Impact

The provided information does not specify how this authentication bypass vulnerability in Palo Alto Networks PAN-OS Large Scale VPN (LSVPN) functionality affects compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant

Ask questions about this CVE
Hi! Iโ€™m here to help you understand CVE-2026-0283. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart