Back to overview

CVE-2026-0288

HIGH
7.2
CVSS 4.0
Description
Multiple buffer overflow vulnerabilities in the User-ID Terminal Server Agent (TSA) component of Palo Alto Networks PAN-OS software allow an unauthenticated attacker with network access to cause a denial of service (DoS) condition or potentially execute arbitrary code by sending specially crafted network traffic. The security risk posed by this issue is minimized when the User-ID Terminal Server Agent connectivity is restricted to only trusted internal IP addresses according to our recommended best practice deployment guidelines https://docs.paloaltonetworks.com/ngfw/help/10-2/user-identification/device-user-identification-terminal-services-agents#:~:text=To%20minimize%20security%20risk%2C%20restrict%20TS%20Agent%20connectivity%20to%20trusted%20internal%20IP%20addresses%20only. . Panorama is not impacted by this vulnerability.

Metadata

CVE ID
CVE-2026-0288
State
PUBLISHED
Assigner
palo_alto
Reserved
2025-11-03 20:44 UTC
Published
2026-07-08 20:14 UTC
Last updated
2026-07-08 20:21 UTC
Primary CWE
CWE-787
CWE-787 Out-of-bounds Write
Vendor / Product
Palo Alto Networks / Cloud NGFW
Sources
cve.org  ·  NVD

Severity & Metrics

7.2 HIGH CVSS 4.0
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:U/AU:N/R:U/V:D/RE:M/U:Red
Affected products (3)
VendorProductPlatformVersions
Palo Alto Networks Cloud NGFW AWS,Azure All
Palo Alto Networks PAN-OS 12.1.0 < 12.1.8, 11.2.0 < 11.2.13, 11.1.0 < 11.1.16, 10.2.0 < 10.2.7-h36
Palo Alto Networks Prisma Access 11.2.0 < 11.2.7-h18, 10.2.0 < 10.2.10-h39
Weakness (CWE)
CWESourceDescription
CWE-787 cna CWE-787 Out-of-bounds Write
CVSS scores (3)
ScoreSeverityVersionSourceVector
7.2 HIGH 4.0 cna CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:U/AU:N/R:U/V:D/RE:M/U:Red
5.2 MEDIUM 4.0 cna CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:U/AU:N/R:U/V:D/RE:M/U:Amber
4.8 MEDIUM 4.0 cna CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:U/AU:N/R:U/V:D/RE:M/U:Amber
References (1)
Back to overview