CVE-2026-0286 PUBLISHED

PAN-OS: Authenticated Command Injection in CLI

Assigner: palo_alto
Reserved: 03.11.2025 Published: 09.07.2026 Updated: 09.07.2026

A command injection vulnerability in the management plane of Palo Alto Networks PAN-OS® software enables an authenticated administrator to execute arbitrary OS commands as root.

The security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators.

This issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series).

Cloud NGFW and Prisma Access® are not impacted by this vulnerability.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber
CVSS Score: 6

Product Status

Vendor Palo Alto Networks
Product Cloud NGFW
Versions Default: unaffected
  • Version All is unaffected
Vendor Palo Alto Networks
Product PAN-OS
Versions Default: unaffected
  • affected from 12.1.0 to 12.1.8 (excl.)
  • affected from 11.2.0 to 11.2.13 (excl.)
  • affected from 11.1.0 to 11.1.16 (excl.)
  • affected from 10.2.0 to 10.2.18-h8 (excl.)
Vendor Palo Alto Networks
Product Prisma Access
Versions Default: unaffected
  • Version All is unaffected

Exploits

Palo Alto Networks is not aware of any malicious exploitation of this issue.

Credits

  • Curious of TRAPA Security finder
  • our internal security research teams finder

References

Problem Types

  • CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE

Impacts

  • CAPEC-88 OS Command Injection