{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/ikev2/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["PAN-OS 12.1","PAN-OS 11.2","PAN-OS 11.1"],"_cs_severities":["high"],"_cs_tags":["rce","dos","ikev2","palo-alto-networks","firewall"],"_cs_type":"advisory","_cs_vendors":["Palo Alto Networks"],"content_html":"\u003cp\u003eCVE-2026-0263 is a buffer overflow vulnerability affecting Palo Alto Networks PAN-OS software. This vulnerability resides in the processing of IKEv2 when Post Quantum Cryptography (PQC) is enabled. An unauthenticated, network-based attacker can exploit this flaw to achieve remote code execution (RCE) with elevated privileges on the firewall or trigger a denial-of-service (DoS) condition. The vulnerability impacts PAN-OS versions 12.1 prior to 12.1.4-h5 and 12.1.7, 11.2 prior to 11.2.4-h17, 11.2.7-h13, 11.2.10-h6 and 11.2.12, and 11.1 prior to 11.1.4-h33, 11.1.6-h32, 11.1.7-h6, 11.1.10-h25, 11.1.13-h5 and 11.1.15. Exploitation requires the use of IKEv2 VPN tunnels configured with PQC. Panorama, Cloud NGFW, and Prisma Access are not affected by this vulnerability.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker sends a crafted IKEv2 packet to a vulnerable PAN-OS firewall.\u003c/li\u003e\n\u003cli\u003eThe firewall processes the malicious IKEv2 packet using the vulnerable IKEv2 processing module.\u003c/li\u003e\n\u003cli\u003eDue to the buffer overflow in the IKEv2 processing logic when PQC is enabled, the attacker\u0026rsquo;s payload overwrites adjacent memory regions.\u003c/li\u003e\n\u003cli\u003eThe overwritten memory contains critical system code or data.\u003c/li\u003e\n\u003cli\u003eThe attacker gains control of the execution flow by overwriting a function pointer or return address.\u003c/li\u003e\n\u003cli\u003eThe attacker injects and executes arbitrary code with elevated privileges on the firewall.\u003c/li\u003e\n\u003cli\u003eAlternatively, the attacker causes a denial-of-service (DoS) condition by corrupting system data, leading to a crash.\u003c/li\u003e\n\u003cli\u003eThe attacker achieves remote code execution or causes a denial of service on the affected firewall.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-0263 allows an unauthenticated attacker to execute arbitrary code with elevated privileges on the firewall. This can lead to complete system compromise, including data exfiltration, modification of firewall policies, and disruption of network services. Alternatively, the attacker can cause a denial-of-service (DoS) condition, impacting network availability and business operations.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade PAN-OS to the fixed versions: 12.1.4-h5 or later, 12.1.7 or later, 11.2.4-h17 or later, 11.2.7-h13 or later, 11.2.10-h6 or later, 11.2.12 or later, 11.1.4-h33 or later, 11.1.6-h32 or later, 11.1.7-h6 or later, 11.1.10-h25 or later, 11.1.13-h5 or later, 11.1.15 or later, as detailed in the Palo Alto Networks advisory for CVE-2026-0263.\u003c/li\u003e\n\u003cli\u003eIf upgrading is not immediately possible, mitigate the vulnerability by configuring IKEv2 VPN tunnels only with NIST-approved Post Quantum Cryptography (PQC) ciphers, as mentioned in the advisory for CVE-2026-0263.\u003c/li\u003e\n\u003cli\u003eMonitor network traffic for anomalous IKEv2 packets, especially those with unusual sizes or structures, using network intrusion detection systems (NIDS).\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-13T16:07:03Z","date_published":"2026-05-13T16:07:03Z","id":"https://feed.craftedsignal.io/briefs/2026-05-cve-2026-0263-panos-rce/","summary":"A buffer overflow vulnerability in Palo Alto Networks PAN-OS IKEv2 processing (CVE-2026-0263) allows unauthenticated network-based attackers to execute arbitrary code with elevated privileges or cause a denial of service, affecting versions 12.1, 11.2, and 11.1 when configured with Post Quantum Cryptography (PQC).","title":"CVE-2026-0263 PAN-OS: Remote Code Execution (RCE) in IKEv2 Processing","url":"https://feed.craftedsignal.io/briefs/2026-05-cve-2026-0263-panos-rce/"}],"language":"en","title":"CraftedSignal Threat Feed — Ikev2","version":"https://jsonfeed.org/version/1.1"}