- 133/2026
- High
Palo Alto has released security updates to address several vulnerabilities affecting multiple Palo Alto products.
The addressed vulnerabilities could allow the attacker to conduct denial-of-service and man-in-the middle attacks, bypass security restrictions, obtain sensitive information, manipulate data, gain elevated privileges, perform stored cross-site scripting, execute arbitrary code/commands, and gain access to the affected systems.
Sample of the addressed vulnerabilities:
1. PAN-OS: Remote Code Execution in IKEv2 Processing Vulnerability (CVE-2026- 0263):
- CVSS: 7.2
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Consequences: Remote Code Execution
2. PAN-OS: Authentication Bypass with Cloud Authentication Service (CAS) Enabled Vulnerability (CVE-2026-0265):
- CVSS: 7.2
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Security Bypass
Sample of the affected products:
- PAN-OS.
- Prisma Access & Prisma Access Agent (Endpoint DLP).
- WildFire WF-500 and WF-500-B.
- GlobalProtect App.
Vulnerabilities
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.