CVE-2026-0280
LOW
1.7
CVSS 4.0
Description
An IPv6 packet processing vulnerability in the dataplane of Palo Alto Networks PAN-OS® software enables an unauthenticated attacker to bypass firewall security policy enforcement, allowing network traffic that should be blocked to reach protected services.
Cloud NGFW and Panorama are not impacted by this vulnerability.
Metadata
Severity & Metrics
1.7
LOW CVSS 4.0
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/AU:Y/V:D/RE:M/U:Amber
SSVC — CISA Coordinator
Affected products (4)
| Vendor | Product | Platform | Versions |
|---|---|---|---|
| Palo Alto Networks | Cloud NGFW | — | All |
| Palo Alto Networks | PAN-OS | — | 12.1.0 < 12.1.8, 11.2.0 < 11.2.13, 11.1.0 < 11.1.16, 10.2.0 < 10.2.18-h8 |
| Palo Alto Networks | Panorama | — | All |
| Palo Alto Networks | Prisma Access | — | 11.2.0 < 11.2.7-h18, 10.2.0 < 10.2.10-h39 |
Weakness (CWE)
| CWE | Source | Description |
|---|---|---|
| CWE-131 | cna | CWE-131 Incorrect Calculation of Buffer Size |
CVSS scores (1)
| Score | Severity | Version | Source | Vector |
|---|---|---|---|---|
| 1.7 | LOW | 4.0 | cna | CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/AU:Y/V:D/RE:M/U:Amber |
References (1)