Palo-Alto-Networks

A buffer overflow vulnerability in Palo Alto Networks PAN-OS IKEv2 processing (CVE-2026-0263) allows unauthenticated network-based attackers to execute arbitrary code with elevated privileges or cause a denial of service, affecting versions 12.1, 11.2, and 11.1 when configured with Post Quantum Cryptography (PQC).

CVE-2026-0261 describes multiple command injection vulnerabilities in Palo Alto Networks PAN-OS software that allow an authenticated administrator to bypass system restrictions and execute arbitrary commands as root.

A SQL injection vulnerability in Trust Protection Foundation allows an authenticated attacker to execute arbitrary SQL commands against the product database, potentially leading to sensitive data exposure, data modification, and privilege escalation.

CVE-2026-0241 describes multiple incorrect authorization vulnerabilities in Palo Alto Networks Trust Protection Foundation that allow attackers to bypass access controls and perform unauthorized actions on restricted resources.

CVE-2026-0258 is a medium severity server-side request forgery (SSRF) vulnerability in Palo Alto Networks PAN-OS that allows an unauthenticated attacker to cause the firewall to send network requests to unintended destinations, potentially leading to a denial of service (DoS).

CVE-2026-0240 is a medium severity information disclosure vulnerability in Palo Alto Networks Trust Protection Foundation, allowing an authenticated attacker to obtain sensitive information from the server's vault, potentially leading to user impersonation and arbitrary modification of configuration settings.

Multiple local privilege escalation vulnerabilities exist in Palo Alto Networks GlobalProtect App, allowing a local user to escalate privileges to NT AUTHORITY\SYSTEM on Windows and root on macOS and Linux, enabling arbitrary command execution with administrative privileges.