Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-0264

Summary
Assigner-palo_alto
Assigner Org ID-d6c1279f-00f6-4ef7-9217-f89ffe703ec0
Published At-13 May, 2026 | 17:40
Updated At-14 May, 2026 | 03:56
Rejected At-
Credits

PAN-OS: Heap-Based Buffer Overflow in DNS Proxy and DNS Server Allows Unauthenticated Remote Code Execution

A buffer overflow vulnerability in the DNS proxy and DNS Server features of Palo Alto Networks PAN-OS® Software allows an unauthenticated attacker with network access to cause a denial of service (DoS) condition (all PAN-OS platforms except Cloud NGFW and Prisma Access) or potentially execute arbitrary code by sending specially crafted network traffic (PA-Series hardware only). Panorama, Cloud NGFW, and Prisma® Access are not impacted by this vulnerability.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:palo_alto
Assigner Org ID:d6c1279f-00f6-4ef7-9217-f89ffe703ec0
Published At:13 May, 2026 | 17:40
Updated At:14 May, 2026 | 03:56
Rejected At:
▼CVE Numbering Authority (CNA)
PAN-OS: Heap-Based Buffer Overflow in DNS Proxy and DNS Server Allows Unauthenticated Remote Code Execution

A buffer overflow vulnerability in the DNS proxy and DNS Server features of Palo Alto Networks PAN-OS® Software allows an unauthenticated attacker with network access to cause a denial of service (DoS) condition (all PAN-OS platforms except Cloud NGFW and Prisma Access) or potentially execute arbitrary code by sending specially crafted network traffic (PA-Series hardware only). Panorama, Cloud NGFW, and Prisma® Access are not impacted by this vulnerability.

Affected Products
Vendor
Palo Alto Networks, Inc.Palo Alto Networks
Product
Cloud NGFW
Platforms
  • AWS
  • Azure
Default Status
unaffected
Versions
Unaffected
  • All (custom)
Vendor
Palo Alto Networks, Inc.Palo Alto Networks
Product
PAN-OS
CPEs
  • cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h3:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h2:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:-:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h4:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h3:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h2:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h1:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:-:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h11:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h10:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h8:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h7:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h4:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h3:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h2:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h1:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:-:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h15:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h14:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h12:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h11:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h10:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h9:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h8:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h7:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h6:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h5:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h4:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h3:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h2:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h1:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:-:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h3:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h2:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h1:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:-:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h21:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h12:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h10:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h9:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h7:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h5:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h4:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h1:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:-:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h29:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h25:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h23:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h22:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h21:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h20:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h19:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h18:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h17:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h14:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h10:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h7:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h6:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h4:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h3:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h2:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h1:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:-:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h27:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h25:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h18:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h17:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h15:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h13:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h12:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h11:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h10:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h9:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h8:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h7:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h6:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h5:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h4:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h3:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h2:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h1:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:-:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h1:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:-:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h6:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h4:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h1:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:-:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h18:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h16:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h15:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h10:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h7:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h5:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h4:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h3:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h2:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h1:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:-:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h31:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h30:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h27:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h26:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h23:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h21:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h18:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h17:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h14:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h13:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h12:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h11:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h10:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h9:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h8:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h7:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h6:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h5:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h4:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h3:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h2:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h1:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:-:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h32:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h24:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h23:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h22:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h21:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h20:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h19:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h18:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h17:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h16:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h15:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h14:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h13:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h12:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h11:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h10:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h9:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h8:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h7:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h6:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h5:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h4:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h3:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h2:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h1:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:-:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*
Default Status
unaffected
Versions
Affected
  • From 12.1.0 before 12.1.7, 12.1.4-h5 (custom)
    • -> unaffectedfrom12.1.4-h5
    • -> unaffectedfrom12.1.7
  • From 11.2.0 before 11.2.12, 11.2.10-h6, 11.2.7-h13, 11.2.4-h17 (custom)
    • -> unaffectedfrom11.2.4-h17
    • -> unaffectedfrom11.2.7-h13
    • -> unaffectedfrom11.2.10-h6
    • -> unaffectedfrom11.2.12
  • From 11.1.0 before 11.1.15, 11.1.13-h5, 11.1.10-h25, 11.1.7-h6, 11.1.6-h32, 11.1.4-h33 (custom)
    • -> unaffectedfrom11.1.4-h33
    • -> unaffectedfrom11.1.6-h32
    • -> unaffectedfrom11.1.7-h6
    • -> unaffectedfrom11.1.10-h25
    • -> unaffectedfrom11.1.13-h5
    • -> unaffectedfrom11.1.15
  • From 10.2.0 before 10.2.18-h6, 10.2.16-h7, 10.2.13-h21, 10.2.10-h36, 10.2.7-h34 (custom)
    • -> unaffectedfrom10.2.7-h34
    • -> unaffectedfrom10.2.10-h36
    • -> unaffectedfrom10.2.13-h21
    • -> unaffectedfrom10.2.16-h7
    • -> unaffectedfrom10.2.18-h6
Vendor
Palo Alto Networks, Inc.Palo Alto Networks
Product
Prisma Access
Default Status
unaffected
Versions
Unaffected
  • All (custom)
Problem Types
TypeCWE IDDescription
CWECWE-122CWE-122 Heap-based Buffer Overflow
Type: CWE
CWE ID: CWE-122
Description: CWE-122 Heap-based Buffer Overflow
Metrics
VersionBase scoreBase severityVector
4.07.2HIGH
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N/E:U/AU:Y/R:U/V:C/RE:H/U:Red
4.06.6MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/AU:Y/R:A/V:D/RE:M/U:Amber
Version: 4.0
Base score: 7.2
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N/E:U/AU:Y/R:U/V:C/RE:H/U:Red
Version: 4.0
Base score: 6.6
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/AU:Y/R:A/V:D/RE:M/U:Amber
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-100CAPEC-100 Overflow Buffers
CAPEC ID: CAPEC-100
Description: CAPEC-100 Overflow Buffers
Solutions

VERSION MINOR VERSION SUGGESTED SOLUTION Cloud NGFW No action needed PAN-OS 12.1 12.1.5 through 12.1.6 Upgrade to 12.1.7 or later. 12.1.2 through 12.1.4-h* Upgrade to 12.1.4-h5 or 12.1.7 or later. PAN-OS 11.2 11.2.11 or later Upgrade to 11.2.12 or later. 11.2.8 through 11.2.10-h* Upgrade to 11.2.10-h6 or 11.2.12 or later. 11.2.5 through 11.2.7-h* Upgrade to 11.2.7-h13 or 11.2.10 or later. 11.2.0 through 11.2.4-h* Upgrade to 11.2.4-h17 or 11.2.7 or later. PAN-OS 11.1 11.1.14 or later Upgrade to 11.1.15 or later. 11.1.11 through 11.1.13-h* Upgrade to 11.1.13-h5 or 11.1.15 or later. 11.1.8 through 11.1.10-h* Upgrade to 11.1.10-h25 or 11.1.15 or later. 11.1.7 through 11.1.7-h* Upgrade to 11.1.7-h6 or 11.1.15 or later. 11.1.5 through 11.1.6-h* Upgrade to 11.1.6-h32 or 11.1.15 or later. 11.1.0 through 11.1.4-h* Upgrade to 11.1.4-h33 or 11.1.15 or later. PAN-OS 10.2 10.2.17 through 10.2.18-h* Upgrade to 10.2.18-h6 or later. 10.2.14 through 10.2.16-h* Upgrade to 10.2.16-h7 or 10.2.18-h6 or later. 10.2.11 through 10.2.13-h* Upgrade to 10.2.13-h21 or 10.2.18-h6 or later. 10.2.8 through 10.2.10-h* Upgrade to 10.2.10-h36 or 10.2.18-h6 or later. 10.2.0 through 10.2.7-h* Upgrade to 10.2.7-h34 or 10.2.18-h6 or later. Prisma Access No action needed. All older unsupported PAN-OS versions Upgrade to a supported fixed version.

Configurations

This issue is applicable only to PAN-OS firewalls if either of the following conditions are true: 1. DNS Proxy is enabled (Network > DNS Proxy) AND a network interface is attached to DNS Proxy. OR 2. The DNS server (Device > Setup > Services) configured on NGFW is a compromised public untrusted IP address. The risk is higher if the interface is externally exposed to an untrusted network. Further documentation on configuring DNS Proxy can be found here (https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClFcCAK).

Workarounds

Customers can mitigate the risk of this issue by taking either of the following actions: Action 1: * Disassociate DNS Proxy from externally accessible interfaces in order to reduce your attack surface; AND * Configure DNS server with a RFC1918 or a public trusted IP address. OR Action 2: * Disable the DNS Proxy feature (Network > DNS Proxy) if it is not being used; AND * Configure DNS server with a RFC1918 or a public trusted IP address. Customers with a Threat Prevention subscription can block attacks for this vulnerability by enabling Threat ID 510027 from Applications and Threats content version 9100-10044 and later.

Exploits

Palo Alto Networks is not aware of any malicious exploitation of this issue.

Credits
other
Palo Alto Networks thanks an external reporter and our internal security research teams for discovering and reporting this issue.
Timeline
EventDate
Initial Publication.2026-05-13 16:00:00
Event: Initial Publication.
Date: 2026-05-13 16:00:00
Replaced By
Rejected Reason
References
HyperlinkResource
https://security.paloaltonetworks.com/CVE-2026-0264
vendor-advisory
Hyperlink: https://security.paloaltonetworks.com/CVE-2026-0264
Resource:
vendor-advisory
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@paloaltonetworks.com
Published At:13 May, 2026 | 18:16
Updated At:13 May, 2026 | 18:17

A buffer overflow vulnerability in the DNS proxy and DNS Server features of Palo Alto Networks PAN-OS® Software allows an unauthenticated attacker with network access to cause a denial of service (DoS) condition (all PAN-OS platforms except Cloud NGFW and Prisma Access) or potentially execute arbitrary code by sending specially crafted network traffic (PA-Series hardware only). Panorama, Cloud NGFW, and Prisma® Access are not impacted by this vulnerability.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.07.2HIGH
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:C/RE:H/U:Red
Type: Secondary
Version: 4.0
Base score: 7.2
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:C/RE:H/U:Red
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-122Secondarypsirt@paloaltonetworks.com
CWE ID: CWE-122
Type: Secondary
Source: psirt@paloaltonetworks.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://security.paloaltonetworks.com/CVE-2026-0264psirt@paloaltonetworks.com
N/A
Hyperlink: https://security.paloaltonetworks.com/CVE-2026-0264
Source: psirt@paloaltonetworks.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

1Records found
CVE-2026-0263
Matching Score-8
Assigner-Palo Alto Networks, Inc.
ShareView Details
Matching Score-8
Assigner-Palo Alto Networks, Inc.
CVSS Score-7.2||HIGH
EPSS-0.06% / 18.57%
||
7 Day CHG~0.00%
Published-13 May, 2026 | 17:47
Updated-14 May, 2026 | 03:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PAN-OS: Remote Code Execution (RCE) in IKEv2 Processing

A buffer overflow vulnerability in the IKEv2 processing of Palo Alto Networks PAN-OS® software allows an unauthenticated network-based attacker to execute arbitrary code with elevated privileges on the firewall, or cause a denial of service (DoS) condition. Panorama, Cloud NGFW, and Prisma® Access are not impacted by these vulnerabilities.

Action-Not Available
Vendor-Palo Alto Networks, Inc.
Product-Prisma AccessCloud NGFWPAN-OS
CWE ID-CWE-787
Out-of-bounds Write
Details not found