{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-0265/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["PAN-OS","Panorama (virtual and M-Series)","PA-Series","VM-Series firewalls"],"_cs_severities":["high"],"_cs_tags":["authentication-bypass","cve-2026-0265","network"],"_cs_type":"advisory","_cs_vendors":["Palo Alto Networks"],"content_html":"\u003cp\u003eAn authentication bypass vulnerability exists in Palo Alto Networks PAN-OS software when Cloud Authentication Service (CAS) is enabled. An unauthenticated attacker with network access can bypass authentication controls. The risk is higher if CAS is enabled on the management interface and lower when other login interfaces are used. This issue affects PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series). Cloud NGFW and Prisma Access are not impacted. Successful exploitation allows unauthorized access to the affected PAN-OS device, potentially leading to configuration changes, data compromise, or service disruption. Palo Alto Networks is not aware of any malicious exploitation of this issue.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker identifies a vulnerable PAN-OS device with CAS enabled on a login interface.\u003c/li\u003e\n\u003cli\u003eAttacker gains network access to the PAN-OS device.\u003c/li\u003e\n\u003cli\u003eAttacker sends a crafted request to the PAN-OS device, bypassing the CAS authentication check.\u003c/li\u003e\n\u003cli\u003ePAN-OS improperly verifies the cryptographic signature, allowing the bypass.\u003c/li\u003e\n\u003cli\u003eThe device grants the attacker unauthorized access.\u003c/li\u003e\n\u003cli\u003eAttacker accesses sensitive configuration data.\u003c/li\u003e\n\u003cli\u003eAttacker modifies the PAN-OS device configuration.\u003c/li\u003e\n\u003cli\u003eAttacker disrupts services or exfiltrates data.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-0265 can lead to complete compromise of the affected Palo Alto Networks PAN-OS device. An attacker can gain unauthorized access to sensitive configuration data, modify device settings, disrupt network services, or potentially exfiltrate sensitive information. The impact is higher when CAS is enabled on the management interface, potentially affecting critical infrastructure management. Palo Alto Networks is not aware of any malicious exploitation of this issue, but the potential for significant impact remains high for exposed systems.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade PAN-OS to a fixed version according to the table provided in the Palo Alto Networks advisory. Specifically, upgrade to PAN-OS 12.1.7, 11.2.12, 11.1.15, or 10.2.18-h6 or later versions.\u003c/li\u003e\n\u003cli\u003eApply the workaround to secure access to the management interface by restricting access to only trusted internal IP addresses, as described in the Palo Alto Networks LIVEcommunity article and technical documentation.\u003c/li\u003e\n\u003cli\u003eAs an alternative mitigation, disable the Cloud Authentication Service (CAS) by changing the associated authentication profile to SAML, RADIUS, or other supported authentication methods.\u003c/li\u003e\n\u003cli\u003eCustomers with a Threat Prevention subscription should enable Threat ID 510008 from Applications and Threats content version 9100-10044 and later to block attacks for this vulnerability.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-13T16:07:50Z","date_published":"2026-05-13T16:07:50Z","id":"https://feed.craftedsignal.io/briefs/2026-05-cve-2026-0265-panos-auth-bypass/","summary":"CVE-2026-0265 is an authentication bypass vulnerability in Palo Alto Networks PAN-OS when Cloud Authentication Service (CAS) is enabled, allowing an unauthenticated attacker with network access to bypass authentication controls, impacting confidentiality, integrity, and availability.","title":"CVE-2026-0265 PAN-OS Authentication Bypass with Cloud Authentication Service (CAS)","url":"https://feed.craftedsignal.io/briefs/2026-05-cve-2026-0265-panos-auth-bypass/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-0265","version":"https://jsonfeed.org/version/1.1"}