Palo Alto Security Updates – 11 June 2026

Palo Alto has released security updates to address several vulnerabilities affecting multiple Palo Alto products.

The addressed vulnerabilities could allow the attacker to conduct cross-site scripting and man-in-the-middle attacks, manipulate data, bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, and gain access to affected systems.

Sample of the addressed vulnerabilities:

1. Cortex XSOAR: Improper Validation of Credentials in CommvaultSecurityIQ Integration Vulnerability (CVE-2026-0274):

  • CVSS: 8.1
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Consequences: Gain Access

2. PAN-OS: Authenticated Admin Command Injection via CLI or Web UI Vulnerability (CVE-2026-0273):

  • CVSS: 6.1
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Consequences: Security Bypass

Sample of the affected products:

  • Cortex XSIAM CommvaultSecurityIQ Marketplace.
  • Prisma Access and Prisma Access Agent.
  • Cortex XSOAR.
  • PAN-OS.
Vulnerabilities
  • CVE-2026-0274
  • CVE-2026-0273
  • CVE-2026-0272
  • CVE-2026-0271
  • CVE-2026-0270
  • CVE-2026-0269
  • CVE-2026-0268
  • CVE-2026-0267
  • CVE-2026-0266
Mitigations

The enterprise should deploy this patch as soon as the testing phase is completed.

Palo Alto Security Advisory

References