{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/prisma-sd-wan/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Prisma SD-WAN ION"],"_cs_severities":["medium"],"_cs_tags":["denial-of-service","network","Prisma SD-WAN"],"_cs_type":"advisory","_cs_vendors":["Palo Alto Networks"],"content_html":"\u003cp\u003eA denial-of-service (DoS) vulnerability, identified as CVE-2026-0243, affects Palo Alto Networks Prisma SD-WAN ION devices. An unauthenticated attacker, positioned in a network adjacent to a vulnerable device, can exploit this flaw by transmitting a specially crafted IPv6 packet. Successful exploitation results in a system disruption, impacting availability. The vulnerability affects Prisma SD-WAN ION versions prior to 6.5.3-b15, 6.4.3-b8, and 6.3.6-b10. The device must have IPv6 enabled for the vulnerability to be exploitable. Palo Alto Networks internally discovered this issue.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker identifies a target Prisma SD-WAN ION device with IPv6 enabled.\u003c/li\u003e\n\u003cli\u003eAttacker crafts a malicious IPv6 packet specifically designed to trigger the DoS vulnerability.\u003c/li\u003e\n\u003cli\u003eAttacker transmits the crafted IPv6 packet to the target Prisma SD-WAN ION device from an adjacent network.\u003c/li\u003e\n\u003cli\u003eThe device receives and processes the malicious IPv6 packet.\u003c/li\u003e\n\u003cli\u003eThe processing of the crafted packet triggers excessive resource allocation or an unchecked loop condition.\u003c/li\u003e\n\u003cli\u003eThe device\u0026rsquo;s system resources (CPU, memory) become exhausted due to the excessive resource allocation.\u003c/li\u003e\n\u003cli\u003eThe device becomes unresponsive and unable to process legitimate network traffic.\u003c/li\u003e\n\u003cli\u003eThe Prisma SD-WAN ION device experiences a denial-of-service condition, disrupting network operations.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-0243 results in a denial-of-service condition on affected Prisma SD-WAN ION devices. This disruption can lead to network outages, impacting business operations that rely on the SD-WAN infrastructure. Palo Alto Networks is not aware of any malicious exploitation of this issue in the wild.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade Prisma SD-WAN ION to version 6.5.3-b15, 6.4.3-b8, or 6.3.6-b10 or later to remediate CVE-2026-0243.\u003c/li\u003e\n\u003cli\u003eDisable IPv6 on Prisma SD-WAN ION devices if it is not required as a workaround.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect Suspicious IPv6 Traffic to Prisma SD-WAN ION\u0026rdquo; to identify potentially malicious IPv6 packets targeting Prisma SD-WAN devices.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-13T16:08:49Z","date_published":"2026-05-13T16:08:49Z","id":"https://feed.craftedsignal.io/briefs/2026-05-cve-2026-0243-prisma-sdwan-dos/","summary":"An unauthenticated, adjacent attacker can disrupt Palo Alto Networks Prisma SD-WAN ION devices by sending a specially crafted IPv6 packet, leading to a denial-of-service condition.","title":"CVE-2026-0243: Prisma SD-WAN Denial-of-Service via Crafted IPv6 Packet","url":"https://feed.craftedsignal.io/briefs/2026-05-cve-2026-0243-prisma-sdwan-dos/"}],"language":"en","title":"CraftedSignal Threat Feed — Prisma SD-WAN","version":"https://jsonfeed.org/version/1.1"}