CVE-2026-0286
Awaiting Analysis Awaiting Analysis - Queue

Command Injection in Palo Alto PAN-OS

Vulnerability report for CVE-2026-0286, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-09

Last updated on: 2026-07-09

Assigner: Palo Alto Networks, Inc.

Description

A command injection vulnerability in the management plane of Palo Alto Networks PAN-OSยฎ software enables an authenticated administrator to execute arbitrary OS commands as root. The security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators. This issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series). Cloud NGFW and Prisma Accessยฎ are not impacted by this vulnerability.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-09
Last Modified
2026-07-09
Generated
2026-07-10
AI Q&A
2026-07-09
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 4 associated CPEs
Vendor Product Version / Range
palo_alto_networks pan_os 10.2
palo_alto_networks pan_os 11.1
palo_alto_networks pan_os From 11.2.13 (inc)
palo_alto_networks pan_os From 12.1.7-h2 (inc) to 12.1.8 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Compliance Impact

The provided information does not specify how this vulnerability directly affects compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

CVE-2026-0286 is a command injection vulnerability in the management plane of Palo Alto Networks PAN-OS software.

This flaw allows an authenticated administrator with high privileges to execute arbitrary operating system commands as root through the CLI.

The vulnerability affects PAN-OS software on PA-Series and VM-Series firewalls, as well as Panorama (both virtual and M-Series models), but does not impact Cloud NGFW or Prisma Access.

The risk is reduced if CLI access is limited to a small group of trusted administrators.

Impact Analysis

This vulnerability allows an authenticated administrator to execute arbitrary OS commands as root, which can lead to full control over the affected device.

Such control could enable unauthorized changes to firewall configurations, disruption of network security policies, or potential compromise of the network environment.

The security risk is significantly minimized if CLI access is restricted to a limited group of trusted administrators.

Detection Guidance

This vulnerability can be detected by monitoring for unauthorized or unusual command executions on the PAN-OS management plane, especially commands executed with root privileges via the CLI by authenticated administrators.

While specific detection commands are not provided, customers with Threat Prevention subscriptions can use Threat ID 510036 to help identify attempts to exploit this vulnerability, provided SSL decryption is enabled and management traffic inspection is configured.

Mitigation Strategies

Immediate mitigation steps include restricting CLI access to a limited group of trusted administrators to reduce the risk of exploitation.

Applying the appropriate PAN-OS software patches is critical. For example, upgrading to PAN-OS 12.1.7-h2, 12.1.8, or later for version 12.1, or to 11.2.13 or later for version 11.2, will address the vulnerability.

Additionally, enabling Threat Prevention with Threat ID 510036, along with SSL decryption and management traffic inspection, can help mitigate the risk.

Chat Assistant

Ask questions about this CVE
Hi! Iโ€™m here to help you understand CVE-2026-0286. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart