Skip to content
Threat Feed

Product

Prisma Access 10.2.0

3 briefs RSS
high threat

CVE-2026-0288 PAN-OS: Buffer Overflow Vulnerabilities in User-ID Terminal Server Agent

Palo Alto Networks has disclosed multiple buffer overflow vulnerabilities (CVE-2026-0288) in their PAN-OS User-ID Terminal Server Agent (TSA) component, which an unauthenticated attacker with network access can exploit by sending specially crafted network traffic to cause a denial of service (DoS) or potentially achieve arbitrary code execution, affecting various versions of PAN-OS, Cloud NGFW, and Prisma Access if the TSA is exposed to untrusted networks.

exploited Cloud NGFW +6 network vulnerability cve palo-alto-networks denial-of-service remote-code-execution
3t
low threat

CVE-2026-0279 PAN-OS: Multiple Cross-Site Scripting (XSS) Vulnerabilities

Palo Alto Networks has disclosed multiple low-severity cross-site scripting (XSS) vulnerabilities, CVE-2026-0279, in PAN-OS software affecting the User-ID Authentication Portal, GlobalProtect gateway/portal features, and Clientless VPN, which could allow a malicious unauthenticated user to inject and execute JavaScript in a victim's browser.

exploited PAN-OS 12.1 +8 xss vulnerability firewall network-device web-application
2t
medium threat

CVE-2026-0287 PAN-OS: Denial of Service Vulnerabilities in Network Traffic Processing

Multiple denial of service vulnerabilities, tracked as CVE-2026-0287, in Palo Alto Networks PAN-OS software allow an unauthenticated attacker to cause a DoS condition by sending specially crafted network traffic, potentially forcing the firewall into maintenance mode.

exploited PAN-OS 12.1 +6 denial-of-service vulnerability network firewall palo-alto-networks
1t