Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-0272

Summary
Assigner-palo_alto
Assigner Org ID-d6c1279f-00f6-4ef7-9217-f89ffe703ec0
Published At-10 Jun, 2026 | 21:01
Updated At-11 Jun, 2026 | 10:17
Rejected At-
Credits

PAN-OS: Privilege Escalation (PE) Vulnerability in the Command Line Interface (CLI)

A privilege escalation vulnerability in Palo Alto Networks PAN-OS® software allows an authenticated administrator with access to the Command Line Interface (CLI) to perform actions on the device with root privileges. The security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators and by restricting access to the management interface to only trusted internal IP addresses according to our recommended best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . This issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series). Cloud NGFW, and Prisma® Access are not impacted by this vulnerability.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:palo_alto
Assigner Org ID:d6c1279f-00f6-4ef7-9217-f89ffe703ec0
Published At:10 Jun, 2026 | 21:01
Updated At:11 Jun, 2026 | 10:17
Rejected At:
▼CVE Numbering Authority (CNA)
PAN-OS: Privilege Escalation (PE) Vulnerability in the Command Line Interface (CLI)

A privilege escalation vulnerability in Palo Alto Networks PAN-OS® software allows an authenticated administrator with access to the Command Line Interface (CLI) to perform actions on the device with root privileges. The security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators and by restricting access to the management interface to only trusted internal IP addresses according to our recommended best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . This issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series). Cloud NGFW, and Prisma® Access are not impacted by this vulnerability.

Affected Products
Vendor
Palo Alto Networks, Inc.Palo Alto Networks
Product
Cloud NGFW
Default Status
unaffected
Versions
Unaffected
  • All (custom)
Vendor
Palo Alto Networks, Inc.Palo Alto Networks
Product
PAN-OS
CPEs
  • cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h6:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h5:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h3:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h2:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:-:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h8:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h7:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h6:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h5:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h4:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h3:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h2:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h1:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:-:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h15:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h14:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h13:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h12:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h11:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h10:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h8:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h7:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h4:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h3:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h2:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h1:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:-:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h17:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h15:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h14:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h12:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h11:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h10:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h9:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h8:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h7:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h6:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h5:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h4:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h3:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h2:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h1:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:-:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h6:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h5:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h3:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h2:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h1:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:-:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h26:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h25:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h21:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h12:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h10:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h9:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h7:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h5:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h4:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h1:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:-:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h32:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h29:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h25:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h23:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h22:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h21:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h20:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h19:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h18:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h17:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h14:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h10:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h7:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h6:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h4:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h3:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h2:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h1:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:-:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h33:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h32:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h27:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h25:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h18:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h17:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h15:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h13:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h12:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h11:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h10:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h9:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h8:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h7:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h6:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h5:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h4:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h3:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h2:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h1:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:-:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h1:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:-:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h7:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h6:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h4:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h1:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:-:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h21:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h18:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h16:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h15:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h10:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h7:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h5:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h4:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h3:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h2:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h1:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:-:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h36:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h31:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h30:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h27:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h26:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h23:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h21:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h18:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h17:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h14:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h13:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h12:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h11:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h10:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h9:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h8:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h7:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h6:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h5:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h4:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h3:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h2:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h1:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:-:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h34:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h32:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h24:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h23:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h22:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h21:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h20:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h19:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h18:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h17:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h16:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h15:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h14:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h13:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h12:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h11:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h10:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h9:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h8:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h7:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h6:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h5:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h4:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h3:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h2:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h1:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:-:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*
Default Status
unaffected
Versions
Affected
  • From 12.1.0 before 12.1.4-h7 (custom)
    • -> unaffectedfrom12.1.4-h7
    • -> unaffectedfrom12.1.5
  • From 11.2.0 before 11.2.4-h18 (custom)
    • -> unaffectedfrom11.2.4-h18
    • -> unaffectedfrom11.2.7-h16
    • -> unaffectedfrom11.2.10-h9
    • -> unaffectedfrom11.2.11
  • From 11.1.0 before 11.1.4-h34 (custom)
    • -> unaffectedfrom11.1.4-h34
    • -> unaffectedfrom11.1.6-h33
    • -> unaffectedfrom11.1.7-h7
    • -> unaffectedfrom11.1.10-h27
    • -> unaffectedfrom11.1.13-h7
    • -> unaffectedfrom11.1.14
  • From 10.2.0 before 10.2.7-h35 (custom)
    • -> unaffectedfrom10.2.7-h35
    • -> unaffectedfrom10.2.10-h37
    • -> unaffectedfrom10.2.13-h22
    • -> unaffectedfrom10.2.16-h8
    • -> unaffectedfrom10.2.18-h5
Vendor
Palo Alto Networks, Inc.Palo Alto Networks
Product
Prisma Access
Default Status
unaffected
Versions
Unaffected
  • All (custom)
Problem Types
TypeCWE IDDescription
CWECWE-862CWE-862 Missing Authorization
Type: CWE
CWE ID: CWE-862
Description: CWE-862 Missing Authorization
Metrics
VersionBase scoreBase severityVector
4.06.0MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:C/RE:M/U:Amber
4.05.6MEDIUM
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:C/RE:M/U:Amber
Version: 4.0
Base score: 6.0
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:C/RE:M/U:Amber
Version: 4.0
Base score: 5.6
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:C/RE:M/U:Amber
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-233CAPEC-233 Privilege Escalation
CAPEC ID: CAPEC-233
Description: CAPEC-233 Privilege Escalation
Solutions

VERSION MINOR VERSION RANGE SUGGESTED SOLUTION Cloud NGFW No action needed. PAN-OS 12.1 12.1.2 through 12.1.4-h* Upgrade to 12.1.4-h7 or 12.1.5 or later. PAN-OS 11.2 11.2.8 through 11.2.10-h* Upgrade to 11.2.10-h9 or 11.2.11 or later. 11.2.5 through 11.2.7-h* Upgrade to 11.2.7-h16 or 11.2.11 or later. 11.2.0 through 11.2.4-h* Upgrade to 11.2.4-h18 or 11.2.11 or later. PAN-OS 11.1 11.1.11 through 11.1.13-h* Upgrade to 11.1.13-h7 or 11.1.14 or later. 11.1.7 through 11.1.10-h* Upgrade to 11.1.10-h27 or 11.1.14 or later. 11.1.5 through 11.1.6-h* Upgrade to 11.1.6-h33 or 11.1.14 or later. 11.1.0 through 11.1.4-h* Upgrade to 11.1.4-h34 or 11.1.14 or later. PAN-OS 10.2 10.2.17 through 10.2.18-h* Upgrade to 10.2.18-h5 or later. 10.2.14 through 10.2.16-h* Upgrade to 10.2.16-h8 or 10.2.18-h5 or later. 10.2.11 through 10.2.13-h* Upgrade to 10.2.13-h22 or 10.2.18-h5 or later. 10.2.8 through 10.2.10-h* Upgrade to 10.2.10-h37 or 10.2.18-h5 or later. 10.2.0 through 10.2.7-h* Upgrade to 10.2.7-h35 or 10.2.18-h5 or later. All other older Upgrade to a supported fixed version. unsupported PAN-OS versions Prisma Access No action needed.

Configurations

No special configuration is required to be affected by this issue.

Workarounds

The vast majority of firewalls already follow Palo Alto Networks' and industry best practices. However, if you have not already, we strongly recommend that you secure access to your management interface according to our best practice deployment guidelines (https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431). Specifically, you should restrict management interface access to only trusted internal IP addresses. Review information about how to secure management access to your Palo Alto Networks firewalls: * Palo Alto Networks LIVEcommunity article (https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431) * Palo Alto Networks official and detailed technical documentation (https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices)

Exploits

Palo Alto Networks is not aware of any malicious exploitation of this issue.

Credits
other
Palo Alto Networks thanks an external reporter, Frigo, for discovering and reporting this issue.
Timeline
EventDate
Initial publication.2026-06-10 16:00:00
Event: Initial publication.
Date: 2026-06-10 16:00:00
Replaced By
Rejected Reason
References
HyperlinkResource
https://security.paloaltonetworks.com/CVE-2026-0272
vendor-advisory
Hyperlink: https://security.paloaltonetworks.com/CVE-2026-0272
Resource:
vendor-advisory
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@paloaltonetworks.com
Published At:10 Jun, 2026 | 22:16
Updated At:11 Jun, 2026 | 15:21

A privilege escalation vulnerability in Palo Alto Networks PAN-OS® software allows an authenticated administrator with access to the Command Line Interface (CLI) to perform actions on the device with root privileges. The security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators and by restricting access to the management interface to only trusted internal IP addresses according to our recommended best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . This issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series). Cloud NGFW, and Prisma® Access are not impacted by this vulnerability.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.06.0MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:M/U:Amber
Type: Secondary
Version: 4.0
Base score: 6.0
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:M/U:Amber
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-862Secondarypsirt@paloaltonetworks.com
CWE ID: CWE-862
Type: Secondary
Source: psirt@paloaltonetworks.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://security.paloaltonetworks.com/CVE-2026-0272psirt@paloaltonetworks.com
N/A
Hyperlink: https://security.paloaltonetworks.com/CVE-2026-0272
Source: psirt@paloaltonetworks.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

2Records found
CVE-2026-0246
Matching Score-6
Assigner-Palo Alto Networks, Inc.
ShareView Details
Matching Score-6
Assigner-Palo Alto Networks, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.14% / 4.02%
||
7 Day CHG~0.00%
Published-13 May, 2026 | 18:51
Updated-13 May, 2026 | 19:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Prisma Access Agent: Local Privilege Escalation Vulnerability

A vulnerability with a privilege management mechanism in the Palo Alto Networks Prisma Access Agent® enables a locally authenticated non-administrative user to escalate their privileges to root on macOS and Linux or NT AUTHORITY\SYSTEM on Windows. This allows the user to execute arbitrary code and read sensitive information otherwise accessible only to privileged accounts. The Prisma Access Agent on iOS, Android and Chrome OS are not affected.

Action-Not Available
Vendor-Palo Alto Networks, Inc.
Product-Prisma Access Agent
CWE ID-CWE-862
Missing Authorization
CVE-2020-1996
Matching Score-6
Assigner-Palo Alto Networks, Inc.
ShareView Details
Matching Score-6
Assigner-Palo Alto Networks, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.91% / 55.26%
||
7 Day CHG~0.00%
Published-13 May, 2020 | 19:07
Updated-17 Sep, 2024 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PAN-OS: Panorama management server log injection

A missing authorization vulnerability in the management server component of PAN-OS Panorama allows a remote unauthenticated user to inject messages into the management server ms.log file. This vulnerability can be leveraged to obfuscate an ongoing attack or fabricate log entries in the ms.log file This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions earlier than 8.1.14; PAN-OS 9.0 versions earlier than 9.0.9.

Action-Not Available
Vendor-Palo Alto Networks, Inc.
Product-pan-osPAN-OS
CWE ID-CWE-862
Missing Authorization
Details not found