CVE-2026-0284
Awaiting Analysis Awaiting Analysis - Queue

XML Injection in Palo Alto PAN-OS LSVPN

Vulnerability report for CVE-2026-0284, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-09

Last updated on: 2026-07-09

Assigner: Palo Alto Networks, Inc.

Description

An XML injection vulnerability in the Large Scale VPN (LSVPN) functionality of Palo Alto Networks PAN-OSยฎ software enables an unauthenticated attacker with network access to inject malicious XML content, potentially leading to information disclosure or corruption of internal LSVPN satellite data. Panorama, Cloud NGFW, and Prismaยฎ Access are not impacted by this vulnerability.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-09
Last Modified
2026-07-09
Generated
2026-07-10
AI Q&A
2026-07-09
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 4 associated CPEs
Vendor Product Version / Range
palo_alto_networks pan-os 10.2.18-h8
palo_alto_networks pan-os 11.1.16
palo_alto_networks pan-os 11.2.13
palo_alto_networks pan-os 12.1.7-h2

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-74 The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-0284 is an XML injection vulnerability in the Large Scale VPN (LSVPN) functionality of Palo Alto Networks PAN-OS software.

This vulnerability allows an unauthenticated attacker with network access to inject malicious XML content.

Such injection can potentially lead to information disclosure or corruption of internal LSVPN satellite data.

The issue affects PAN-OS versions 10.2, 11.1, 11.2, and 12.1, but not Panorama, Cloud NGFW, or Prisma Access.

Impact Analysis

This vulnerability can impact you by allowing an unauthenticated attacker to inject malicious XML content into the LSVPN functionality.

The consequences of such an attack include potential information disclosure, which means sensitive data could be exposed.

Additionally, it could lead to corruption of internal LSVPN satellite data, potentially disrupting VPN operations or causing data integrity issues.

Detection Guidance

Detection of this vulnerability can be aided by enabling Threat ID 510031 if you have a Threat Prevention subscription. This provides limited protection when the vulnerability protection security profile is applied to the GlobalProtect interface.

No specific detection commands or detailed detection methods are provided in the available information.

Mitigation Strategies

The recommended immediate mitigation step is to upgrade affected PAN-OS versions to fixed releases: PAN-OS 10.2.18-h8 or later, 11.1.16 or later, 11.2.13 or later, or 12.1.7-h2/8 or later.

Additionally, if you have a Threat Prevention subscription, enable Threat ID 510031 and apply the vulnerability protection security profile to the GlobalProtect interface for limited protection.

No workarounds are available, so upgrading is the primary mitigation strategy.

Compliance Impact

The provided information does not specify how the XML injection vulnerability in Palo Alto Networks PAN-OS affects compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant

Ask questions about this CVE
Hi! Iโ€™m here to help you understand CVE-2026-0284. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart