Overview

Palo Alto Networks has issued security updates that address vulnerabilities in several products it has shipped. affected products include Cloud NGFW, PAN-OS, Prisma Access, WildFire WF-500 and WF-500-B, GlobalProtect App, Prisma Access Agent, Prisma SD-WAN ION, Trust Protection Foundation, Chronosphere Chronocollector, and Prisma Browser.

of vulnerabilities resolved

the main vulnerabilities are as follows.

• An authentication bypass vulnerability (CVE-2026-0265, CVSS 9.2) was identified in Cloud NGFW, PAN-OS, and Prisma Access that could allow access without authentication when CAS is enabled.
• An arbitrary code execution vulnerability (CVE-2026-0264, CVSS 9.2) and another arbitrary code execution vulnerability (CVE-2026-0263, CVSS 9.2) were identified in Cloud NGFW, PAN-OS, and Prisma Access.
• In Cloud NGFW, PAN-OS, and Prisma Access, a Data plane interface vulnerability (CVE-2026-0262, CVSS 8.7), a root user exposure vulnerability (CVE-2026-0261, CVSS 8.6), a denial of service (DoS) vulnerability (CVE-2026-0258, CVSS 8.3), an authentication bypass vulnerability that could allow VPN access without authentication (CVE-2026-0257, CVSS 7.8), and a JavaScript payload vulnerability in the web interface (CVE-2026-0256, CVSS 6.9).
• A vulnerability (CVE-2026-0259, CVSS 7.1) was identified in WildFire WF-500 and WF-500-B that could allow arbitrary file reading and deletion.
• A vulnerability was identified in the GlobalProtect App that could allow a local user to access the system with elevated privileges (CVE-2026-0251, CVSS 8.5), a vulnerability that could allow malware execution (CVE-2026-0250, CVSS 7.7), and a vulnerability that could allow encrypted communications to be intercepted (CVE-2026-0249, CVSS 7.6).
• A vulnerability in Prisma Access Agent that could allow communication content to be intercepted (CVE-2026-0248, CVSS 8.6), a vulnerability in Prisma Access Agent (Endpoint DLP) that could allow access restrictions to be bypassed (CVE-2026-0247, CVSS 8.5), a vulnerability in Prisma Access Agent (Endpoint DLP) that could allow a regular user to access the most privileged privileges (CVE-2026-0246, CVSS 8.5), and a vulnerability that could expose sensitive configuration information and account information (CVE-2026-0245, CVSS 6.8).
• Device vulnerabilities in Prisma SD-WAN ION that could allow forged device-to-device communication (CVE-2026-0244, CVSS 7.7) and a vulnerability that could cause issues with crafted network packets (CVE-2026-0243, CVSS 7.1).
• Trust Protection Foundation identified a database command execution arbitrary vulnerability (CVE-2026-0242, CVSS 8.6), an access privilege bypass vulnerability (CVE-2026-0241, CVSS 7.2), and an internal sensitive information disclosure vulnerability (CVE-2026-0240, CVSS 7.4).
• A vulnerability (CVE-2026-0239, CVSS 7.1) was identified in Chronosphere Chronocollector that could allow sensitive information to be viewed without authentication.
• Prisma Browser is prone to an issue with an external browser security vulnerability (PAN-SA-2026-0007, CVSS 8.6).

Vulnerability Patch

patch information was also released. Product-specific fixes were provided for Cloud NGFW, PAN-OS, Prisma Access, WildFire WF-500 and WF-500-B, GlobalProtect App, Prisma Access Agent, Prisma SD-WAN ION, Trust Protection Foundation, Chronosphere Chronocollector, and Prisma Browser, with ETAs of 05/28, 06/04, and 05/20 for some versions. users of these products should update to the latest version as announced.