CVE-2026-0265 PUBLISHED

PAN-OS: Authentication Bypass with Cloud Authentication Service (CAS) enabled

Assigner: palo_alto
Reserved: 03.11.2025 Published: 13.05.2026 Updated: 14.05.2026

An authentication bypass vulnerability in Palo Alto Networks PAN-OS® software enables an unauthenticated attacker with network access to bypass authentication controls when Cloud Authentication Service (CAS) is enabled.

The risk is higher if CAS is enabled on the management interface and lower when any other login interfaces are used.

The risk of this issue is greatly reduced if you secure access to the management web interface by restricting access to only trusted internal IP addresses according to our recommended best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .

This issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series).

Cloud NGFW and Prisma Access® are not impacted by this vulnerability.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Red
CVSS Score: 7.2

The risk is highest when you allow access to the management interface from external IP addresses on the internet.

CVSS Vector: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber
CVSS Score: 4.8

If you configure restricted access to a jump box that is the only system allowed to access the management interface, you greatly reduce the risk of exploitation because attacks would require privileged access using only those IP addresses.

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber
CVSS Score: 2.7

If authentication profile with CAS is enabled on any other login based interface, the risk is lower.

Product Status

Vendor Palo Alto Networks
Product Cloud NGFW
Versions Default: unaffected
  • Version All is unaffected
Vendor Palo Alto Networks
Product PAN-OS
Versions Default: unaffected
  • affected from 12.1.0 to 12.1.7, 12.1.4-h5 (excl.)
  • affected from 11.2.0 to 11.2.12, 11.2.10-h6, 11.2.7-h13, 11.2.4-h17 (excl.)
  • affected from 11.1.0 to 11.1.15, 11.1.13-h5, 11.1.10-h25, 11.1.7-h6, 11.1.6-h32, 11.1.4-h33 (excl.)
  • affected from 10.2.0 to 10.2.18-h6, 10.2.16-h7, 10.2.13-h21, 10.2.10-h36, 10.2.7-h34 (excl.)
Vendor Palo Alto Networks
Product Prisma Access
Versions Default: unaffected
  • Version All is unaffected

Exploits

Palo Alto Networks is not aware of any malicious exploitation of this issue.

Credits

  • Palo Alto Networks thanks Harsh Jaiswal from Hacktron AI and our internal security research teams for discovering and reporting this issue. other

References

Problem Types

  • CWE-347 Improper Verification of Cryptographic Signature CWE

Impacts

  • CAPEC-115 Authentication Bypass