{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/pan-os--12.1.8/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["PAN-OS \u003c 12.1.4-h8","PAN-OS \u003c 12.1.7-h2","PAN-OS \u003c 12.1.8","PAN-OS \u003c 11.2.4-h20","PAN-OS \u003c 11.2.7-h18","PAN-OS \u003c 11.2.10-h11","PAN-OS \u003c 11.2.13","PAN-OS \u003c 11.1.4-h35","PAN-OS \u003c 11.1.6-h35","PAN-OS \u003c 11.1.7-h8","PAN-OS \u003c 11.1.10-h30","PAN-OS \u003c 11.1.13-h9","PAN-OS \u003c 11.1.16","PAN-OS \u003c 10.2.7-h36","PAN-OS \u003c 10.2.10-h39","PAN-OS \u003c 10.2.13-h23","PAN-OS \u003c 10.2.16-h9","PAN-OS \u003c 10.2.18-h8"],"_cs_severities":["medium"],"_cs_tags":["server-side-request-forgery","ssrf","vulnerability","pan-os","palo-alto-networks","network-device"],"_cs_type":"advisory","_cs_vendors":["Palo Alto Networks"],"content_html":"\u003cp\u003ePalo Alto Networks has disclosed CVE-2026-0285, a Server-Side Request Forgery (SSRF) vulnerability affecting their PAN-OS software's management web interface. This issue, internally discovered, enables an authenticated administrator with network access to the management interface to force the firewall to make unauthorized requests to internal services. While currently unreported as being maliciously exploited, the vulnerability carries a medium severity rating. Its risk is elevated if the management interface is directly exposed to the internet or untrusted networks, contrary to best practices. Versions of PAN-OS 10.2, 11.1, 11.2, and 12.1 are affected by this flaw, which could facilitate network reconnaissance or bypass internal network segmentation. Panorama, Cloud NGFW, and Prisma® Access products are not impacted.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003e\u003cstrong\u003eInitial Access\u003c/strong\u003e: An attacker gains authenticated access to the Palo Alto Networks PAN-OS management web interface, likely through stolen credentials (T1078) or a prior compromise.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eVulnerability Exploitation\u003c/strong\u003e: The authenticated administrator crafts a malicious request leveraging the SSRF vulnerability (CVE-2026-0285, CWE-918) within the PAN-OS management web interface.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eFirewall-Initiated Request\u003c/strong\u003e: The vulnerable PAN-OS firewall is tricked into initiating an arbitrary HTTP/S request from its own network context to a target specified by the attacker.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eInternal Network Access\u003c/strong\u003e: The firewall, acting as an unwitting proxy, makes the unauthorized request to an internal service or host that is typically not directly reachable by the attacker's client.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eInformation Disclosure/Service Interaction\u003c/strong\u003e: The firewall processes the response from the internal service and potentially relays sensitive information or the results of service interaction back to the authenticated administrator via the management interface.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eLateral Movement/Reconnaissance\u003c/strong\u003e: The attacker uses the disclosed information or the ability to interact with internal services to conduct further reconnaissance, identify vulnerable internal systems, or bypass network segmentation, leading to deeper network compromise.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-0285 could enable an authenticated administrator to bypass network segmentation controls, conduct internal network reconnaissance, or interact with sensitive internal services that would otherwise be inaccessible. While no malicious exploitation has been reported, this could lead to unauthorized information disclosure from internal systems, expose vulnerable internal services, or facilitate lateral movement within an organization's network. The risk of impact is significantly higher for organizations that do not adhere to best practices by exposing their PAN-OS management interfaces to untrusted networks or the internet.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImmediately patch CVE-2026-0285 by upgrading all affected PAN-OS instances to the recommended fixed versions listed in the advisory, such as PAN-OS 12.1.8+, 11.2.13+, 11.1.16+, or 10.2.18-h8+.\u003c/li\u003e\n\u003cli\u003eRestrict management interface access to only trusted internal IP addresses, ensuring that external or untrusted networks cannot reach the PAN-OS management interface, as noted in the \u003ccode\u003eRecommendation\u003c/code\u003e section.\u003c/li\u003e\n\u003cli\u003eFor customers with a Threat Prevention subscription, enable Threat ID 510030 by updating to Applications and Threats content version 9122-10145 or later and ensure SSL Decryption is enabled for inbound traffic to management services.\u003c/li\u003e\n\u003cli\u003eReview network configurations to confirm management interfaces are isolated and follow Palo Alto Networks' best practice deployment guidelines for securing administrative access.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-08T16:14:04Z","date_published":"2026-07-08T16:14:04Z","id":"https://feed.craftedsignal.io/briefs/2026-07-panos-ssrf/","summary":"A server-side request forgery (SSRF) vulnerability, tracked as CVE-2026-0285, exists in the management web interface of Palo Alto Networks PAN-OS software, allowing an authenticated administrator with network access to make unauthorized requests from the firewall to internal services, potentially leading to information disclosure or further network compromise.","title":"CVE-2026-0285 PAN-OS: Server-Side Request Forgery Vulnerability in Management Web Interface","url":"https://feed.craftedsignal.io/briefs/2026-07-panos-ssrf/"}],"language":"en","title":"CraftedSignal Threat Feed - PAN-OS \u003c 12.1.8","version":"https://jsonfeed.org/version/1.1"}