Back to search
CVE-2026-0258
Published: May 13, 2026
Modified: May 13, 2026
PUBLISHED
Description
A server-side request forgery (SSRF) vulnerability in the IKEv2 implementation of Palo Alto Networks PAN-OS® software allows an unauthenticated attacker to cause the firewall to send network requests to unintended destinations or cause a denial of service (DoS) condition. Panorama, Cloud NGFW and Prisma® Access are not impacted by these vulnerabilities.
| Vendor | Product | Versions |
|---|---|---|
Palo Alto Networks | Cloud NGFW | unaffected All |
Palo Alto Networks | PAN-OS | affected 12.1.0 - < 12.1.7, 12.1.4-h5affected 11.2.0 - < 11.2.12, 11.2.10-h6, 11.2.7-h13, 11.2.4-h17affected 11.1.0 - < 11.1.15, 11.1.13-h5, 11.1.10-h25, 11.1.7-h6, 11.1.6-h32, 11.1.4-h33affected 10.2.0 - < 10.2.18-h6, 10.2.16-h7, 10.2.13-h21, 10.2.10-h36, 10.2.7-h34 |
Palo Alto Networks | Prisma Access | unaffected All |
Weaknesses (CWE)
References
https://security.paloaltonetworks.com/CVE-2026-0258
vendor-advisory
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now