{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-0257", "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "state": "PUBLISHED", "assignerShortName": "palo_alto", "dateReserved": "2025-11-03T20:44:17.691Z", "datePublished": "2026-05-13T18:15:10.172Z", "dateUpdated": "2026-05-29T19:58:23.585Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "shortName": "palo_alto", "dateUpdated": "2026-05-29T17:20:05.451Z"}, "title": "PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities", "datePublic": "2026-05-13T16:00:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-565", "description": "CWE-565 Reliance on Cookies without Validation and Integrity Checking", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-114", "descriptions": [{"lang": "en", "value": "CAPEC-114 Authentication Abuse"}]}], "affected": [{"vendor": "Palo Alto Networks", "product": "Cloud NGFW", "versions": [{"status": "unaffected", "version": "All", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Palo Alto Networks", "product": "PAN-OS", "versions": [{"status": "affected", "version": "12.1.0", "lessThan": "12.1.7, 12.1.4-h6", "changes": [{"at": "12.1.7", "status": "unaffected"}, {"at": "12.1.4-h6", "status": "unaffected"}], "versionType": "custom"}, {"status": "affected", "version": "11.2.0", "lessThan": "11.2.12, 11.2.10-h7, 11.2.7-h14, 11.2.4-h17", "changes": [{"at": "11.2.12", "status": "unaffected"}, {"at": "11.2.10-h7", "status": "unaffected"}, {"at": "11.2.7-h14", "status": "unaffected"}, {"at": "11.2.4-h17", "status": "unaffected"}], "versionType": "custom"}, {"status": "affected", "version": "11.1.0", "lessThan": "11.1.15, 11.1.13-h5, 11.1.10-h25, 11.1.7-h6, 11.1.6-h32, 11.1.4-h33", "changes": [{"at": "11.1.15", "status": "unaffected"}, {"at": "11.1.13-h5", "status": "unaffected"}, {"at": "11.1.10-h25", "status": "unaffected"}, {"at": "11.1.7-h6", "status": "unaffected"}, {"at": "11.1.6-h32", "status": "unaffected"}, {"at": "11.1.4-h33", "status": "unaffected"}], "versionType": "custom"}, {"status": "affected", "version": "10.2.0", "lessThan": "10.2.18-h6, 10.2.16-h7, 10.2.13-h21, 10.2.10-h36, 10.2.7-h34", "changes": [{"at": "10.2.18-h6", "status": "unaffected"}, {"at": "10.2.16-h7", "status": "unaffected"}, {"at": "10.2.13-h21", "status": "unaffected"}, {"at": "10.2.10-h36", "status": "unaffected"}, {"at": "10.2.7-h34", "status": "unaffected"}], "versionType": "custom"}], "defaultStatus": "unaffected", "cpes": ["cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h5:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h3:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h2:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h6:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h5:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h4:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h3:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h2:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h1:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h12:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h11:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h10:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h8:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h7:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h4:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h3:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h2:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h1:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h15:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h14:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h12:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h11:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h10:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h9:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h8:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h7:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h6:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h5:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h4:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h3:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h2:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h1:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.14:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h3:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h2:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h1:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h21:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h12:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h10:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h9:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h7:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h5:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h4:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h1:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h29:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h25:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h23:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h22:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h21:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h20:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h19:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h18:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h17:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h14:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h10:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h7:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h6:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h4:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h3:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h2:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h1:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h32:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h27:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h25:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h18:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h17:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h15:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h13:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h12:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h11:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h10:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h9:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h8:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h7:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h6:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h5:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h4:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h3:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h2:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h1:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h5:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h1:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h6:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h4:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h1:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h18:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h16:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h15:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h10:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h7:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h5:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h4:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h3:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h2:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h1:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h31:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h30:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h27:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h26:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h23:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h21:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h18:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h17:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h14:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h13:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h12:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h11:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h10:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h9:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h8:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h7:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h6:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h5:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h4:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h3:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h2:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h1:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h32:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h24:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h23:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h22:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h21:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h20:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h19:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h18:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h17:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h16:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h15:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h14:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h13:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h12:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h11:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h10:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h9:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h8:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h7:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h6:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h5:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h4:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h3:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h2:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h1:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*"]}, {"vendor": "Palo Alto Networks", "product": "Prisma Access", "versions": [{"status": "affected", "version": "10.2.0", "lessThan": "10.2.10-h36", "changes": [{"at": "10.2.10-h36", "status": "unaffected"}], "versionType": "custom"}, {"status": "affected", "version": "11.2.0", "lessThan": "11.2.7-h13", "changes": [{"at": "11.2.7-h13", "status": "unaffected"}], "versionType": "custom"}], "defaultStatus": "unaffected"}], "cpeApplicability": [{"operator": "OR", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:a:palo_alto_networks:cloud_ngfw:all:*:*:*:*:*:*:*"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.1.0", "versionEndExcluding": "12.1.7_12.1.4-h6"}, {"vulnerable": true, "criteria": "cpe:2.3:a:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*", "versionStartIncluding": "11.2.0", "versionEndExcluding": "11.2.12_11.2.10-h7_11.2.7-h14_11.2.4-h17"}, {"vulnerable": true, "criteria": "cpe:2.3:a:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*", "versionStartIncluding": "11.1.0", "versionEndExcluding": "11.1.15_11.1.13-h5_11.1.10-h25_11.1.7-h6_11.1.6-h32_11.1.4-h33"}, {"vulnerable": true, "criteria": "cpe:2.3:a:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*", "versionStartIncluding": "10.2.0", "versionEndExcluding": "10.2.18-h6_10.2.16-h7_10.2.13-h21_10.2.10-h36_10.2.7-h34"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:palo_alto_networks:prisma_access:*:*:*:*:*:*:*:*", "versionStartIncluding": "10.2.0", "versionEndExcluding": "10.2.10-h36"}, {"vulnerable": true, "criteria": "cpe:2.3:a:palo_alto_networks:prisma_access:*:*:*:*:*:*:*:*", "versionStartIncluding": "11.2.0", "versionEndExcluding": "11.2.7-h13"}]}]}], "descriptions": [{"lang": "en", "value": "Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS\u00ae software allows the attacker to bypass security restrictions and establish an unauthorized VPN connection.\n\nPanorama and Cloud NGFW are not impacted by these issues.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS\u00ae software allows the attacker to bypass security restrictions and establish an unauthorized VPN connection.<br><br>Panorama and Cloud NGFW are not impacted by these issues.</p>"}]}], "references": [{"url": "https://security.paloaltonetworks.com/CVE-2026-0257", "tags": ["vendor-advisory"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "subConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "subIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "ATTACKED", "Safety": "NOT_DEFINED", "Automatable": "NO", "Recovery": "AUTOMATIC", "valueDensity": "DIFFUSE", "vulnerabilityResponseEffort": "MODERATE", "providerUrgency": "RED", "version": "4.0", "baseSeverity": "HIGH", "baseScore": 7.8, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:N/E:A/AU:N/R:A/V:D/RE:M/U:Red"}}], "configurations": [{"lang": "eng", "value": "This issue affects firewalls with GlobalProtect portal or gateway configured when authentication override cookies are enabled and a specific certificate configuration exists. To check if authentication cookies are enabled follow the steps below:\n\n\n\nOn the Portal:\n\n1. Navigate to Network > GlobalProtect > Portals in the management interface.\n2. Click on your Portal Name and go to the Agent tab.\n3. Click on your Agent Configuration profile.\n4. Go to the Authentication tab.\n5. Generate cookie for authentication override or Accept cookie for authentication override options are checked.\n\n\nOn the Gateway:\n\n1. Navigate to Network > GlobalProtect > Gateways in the management interface.\n2. Click on your Gateway Name and go to the Agent tab.\n3. Click on your Client Settings profile.\n4. Go to the Authentication Override tab.\n5. Accept cookie for authentication override option is checked.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>This issue affects firewalls with GlobalProtect portal or gateway configured when authentication override cookies are enabled and a specific certificate configuration exists. To check if authentication cookies are enabled follow the steps below:</p><p>On the Portal:<br><br>1. Navigate to <b>Network</b> &gt; <b>GlobalProtect</b> &gt; <b>Portals</b> in the management interface.<br>2. Click on your <b>Portal Name</b> and go to the <b>Agent</b> tab.<br>3. Click on your <b>Agent Configuration</b> profile.<br>4. Go to the <b>Authentication</b> tab.<br>5. <b>Generate cookie for authentication override</b> or <b>Accept cookie for authentication override</b> options are checked.<br></p>On the Gateway:<br><br>1. Navigate to <b>Network</b> &gt; <b>GlobalProtect</b> &gt; <b>Gateways</b> in the management interface.<br>2. Click on your <b>Gateway Name</b> and go to the <b>Agent</b> tab.<br>3. Click on your <b>Client Settings</b> profile.<br>4. Go to the <b>Authentication Override</b> tab.<br>5. <b>Accept cookie for authentication override</b> option is checked.<p></p>"}]}], "workarounds": [{"lang": "eng", "value": "Customers can mitigate the risk of this issue by taking any of the following actions:\n\n\n\n\n\n * Use a dedicated certificate for Authentication Override cookies:\u00a0Generate a new certificate exclusively for authentication override cookies and store it securely. Do not reuse the portal or gateway certificate, and do not share this certificate with other features or users.\n * Disable Authentication Override: Uncheck the Authentication Override options (for generating and accepting cookies) in the GlobalProtect portal and gateway configuration.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p><span>Customers can mitigate the risk of this issue by taking any of the following actions:</span></p><p></p><ul><li><span><b><span>Use a dedicated certificate for </span>Authentication Override cookies:</b>&nbsp;</span><span>Generate a new certificate exclusively for authentication override cookies and store it securely. Do not reuse the portal or gateway certificate, and do not share this certificate with other features or users.</span></li><li><span><b>Disable Authentication Override:</b></span><span> Uncheck the Authentication Override options (for generating and accepting cookies) in the GlobalProtect portal and gateway configuration.</span></li></ul><p></p>"}]}], "solutions": [{"lang": "eng", "value": "Version\nMinor Version\nSuggested Solution\nCloud NGFW All\nNo action needed.\n PAN-OS 12.1\n\n 12.1.5 through 12.1.6\n Upgrade to 12.1.7 or later.\n \n \n 12.1.2 through 12.1.4-h*\n Upgrade to 12.1.4-h6 or 12.1.7 or later.\n \n PAN-OS 11.2\n\n 11.2.11 or later\n Upgrade to 11.2.12 or later.\n \n \n 11.2.8 through 11.2.10-h*\n Upgrade to 11.2.10-h7 or 11.2.12 or later.\n \n \n 11.2.5 through 11.2.7-h*\n Upgrade to 11.2.7-h14 or 11.2.12 or later.\n \n \n 11.2.0 through 11.2.4-h*\n Upgrade to 11.2.4-h17 or 11.2.12 or later.\n \n PAN-OS 11.1\n\n 11.1.14 or later\n Upgrade to 11.1.15 or later.\n \n \n 11.1.11 through 11.1.13-h*\n Upgrade to 11.1.13-h5 or 11.1.15 or later.\n \n \n 11.1.8 through 11.1.10-h*\n Upgrade to 11.1.10-h25 or 11.1.15 or later.\n \n \n 11.1.7 through 11.1.7-h*\n Upgrade to 11.1.7-h6 or 11.1.15 or later.\n \n \n 11.1.5 through 11.1.6-h*\n Upgrade to 11.1.6-h32 or 11.1.15 or later.\n \n \n 11.1.0 through 11.1.4-h*\n Upgrade to 11.1.4-h33 or 11.1.15 or later.\n \n PAN-OS 10.2\n\n 10.2.17 through 10.2.18-h*\n Upgrade to 10.2.18 or 10.2.18-h6 or later.\n \n \n 10.2.14 through 10.2.16-h*\n Upgrade to 10.2.16-h7 or 10.2.18 or later.\n \n \n 10.2.11 through 10.2.13-h*\n Upgrade to 10.2.13-h21 or 10.2.18 or later.\n \n \n 10.2.8 through 10.2.10-h*\n Upgrade to 10.2.10-h36 or 10.2.18 or later.\n \n \n 10.2.0 through 10.2.7-h*\n Upgrade to 10.2.7-h34 or 10.2.18 or later.\n All older\nunsupported\nPAN-OS versions\u00a0Upgrade to a supported fixed version.\n Prisma Access 10.2\n\n 10.2.0 through 10.2.10-h*\n Upgrade to 10.2.10-h36 or later.\n \n Prisma Access 11.2\n\n 11.2.0 through 11.2.7-h*\n Upgrade to 11.2.7-h13 or later.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<table><thead><tr><th>Version<br></th><th>Minor Version<br></th><th>Suggested Solution<br></th></tr></thead><tbody><tr><td>Cloud NGFW All<br></td><td></td><td>No action needed.</td></tr><tr>\n <td>PAN-OS 12.1<br></td>\n <td>12.1.5 through 12.1.6</td>\n <td>Upgrade to 12.1.7 or later.</td>\n </tr><tr>\n <td></td>\n <td>12.1.2 through 12.1.4-h*</td>\n <td>Upgrade to 12.1.4-h6 or 12.1.7 or later.</td>\n </tr><tr>\n <td>PAN-OS 11.2<br></td>\n <td>11.2.11 or later</td>\n <td>Upgrade to 11.2.12 or later.</td>\n </tr><tr>\n <td></td>\n <td>11.2.8 through 11.2.10-h*</td>\n <td>Upgrade to 11.2.10-h7 or 11.2.12 or later.</td>\n </tr><tr>\n <td></td>\n <td>11.2.5 through 11.2.7-h*</td>\n <td>Upgrade to 11.2.7-h14 or 11.2.12 or later.</td>\n </tr><tr>\n <td></td>\n <td>11.2.0 through 11.2.4-h*</td>\n <td>Upgrade to 11.2.4-h17 or 11.2.12 or later.</td>\n </tr><tr>\n <td>PAN-OS 11.1<br></td>\n <td>11.1.14 or later</td>\n <td>Upgrade to 11.1.15 or later.</td>\n </tr><tr>\n <td></td>\n <td>11.1.11 through 11.1.13-h*</td>\n <td>Upgrade to 11.1.13-h5 or 11.1.15 or later.</td>\n </tr><tr>\n <td></td>\n <td>11.1.8 through 11.1.10-h*</td>\n <td>Upgrade to 11.1.10-h25 or 11.1.15 or later.</td>\n </tr><tr>\n <td></td>\n <td>11.1.7 through 11.1.7-h*</td>\n <td>Upgrade to 11.1.7-h6 or 11.1.15 or later.</td>\n </tr><tr>\n <td></td>\n <td>11.1.5 through 11.1.6-h*</td>\n <td>Upgrade to 11.1.6-h32 or 11.1.15 or later.</td>\n </tr><tr>\n <td></td>\n <td>11.1.0 through 11.1.4-h*</td>\n <td>Upgrade to 11.1.4-h33 or 11.1.15 or later.</td>\n </tr><tr>\n <td>PAN-OS 10.2<br></td>\n <td>10.2.17 through 10.2.18-h*</td>\n <td>Upgrade to 10.2.18 or 10.2.18-h6 or later.</td>\n </tr><tr>\n <td></td>\n <td>10.2.14 through 10.2.16-h*</td>\n <td>Upgrade to 10.2.16-h7 or 10.2.18 or later.</td>\n </tr><tr>\n <td></td>\n <td>10.2.11 through 10.2.13-h*</td>\n <td>Upgrade to 10.2.13-h21 or 10.2.18 or later.</td>\n </tr><tr>\n <td></td>\n <td>10.2.8 through 10.2.10-h*</td>\n <td>Upgrade to 10.2.10-h36 or 10.2.18 or later.</td>\n </tr><tr>\n <td></td>\n <td>10.2.0 through 10.2.7-h*</td>\n <td>Upgrade to 10.2.7-h34 or 10.2.18 or later.</td>\n </tr><tr><td>All older<br>unsupported<br>PAN-OS versions</td><td>&nbsp;</td><td>Upgrade to a supported fixed version.</td></tr><tr>\n <td>Prisma Access 10.2<br></td>\n <td>10.2.0 through 10.2.10-h*</td>\n <td>Upgrade to 10.2.10-h36 or later.</td>\n </tr><tr>\n <td>Prisma Access 11.2<br></td>\n <td>11.2.0 through 11.2.7-h*</td>\n <td>Upgrade to 11.2.7-h13 or later.</td></tr></tbody></table><p><br></p>"}]}, {"lang": "en", "value": "Note:\u00a0With this fix, if the firewall is configured to use an authentication override cookie for the GlobalProtect Portal or Gateway, it will regenerate the cookie using a more secure method. Therefore, GP users will need to re-authenticate after a PAN-OS upgrade, even if a valid cookie is present. This is a one time requirement. Once they re-authenticate after the upgrade, the authentication override cookie and its validity will work as they do today.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<b>Note</b>:&nbsp;With this fix, if the firewall is configured to use an authentication override cookie for the GlobalProtect Portal or Gateway, it will regenerate the cookie using a more secure method. Therefore, GP users will need to re-authenticate after a PAN-OS upgrade, even if a valid cookie is present. This is a one time requirement. Once they re-authenticate after the upgrade, the authentication override cookie and its validity will work as they do today."}]}], "exploits": [{"lang": "en", "value": "Palo Alto Networks has become aware of limited exploit attempts on unpatched PAN-OS devices without mitigations applied.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>Palo Alto Networks has become aware of limited exploit attempts on unpatched PAN-OS devices without mitigations applied.</p>"}]}], "timeline": [{"time": "2026-05-13T16:00:00.000Z", "lang": "en", "value": "Initial publication."}, {"time": "2026-05-29T17:15:00.000Z", "lang": "en", "value": "Updated exploitation status."}], "credits": [{"lang": "en", "value": "Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue.", "type": "other"}], "source": {"discovery": "INTERNAL"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "x_affectedList": ["PAN-OS 12.1.6", "PAN-OS 12.1.5", "PAN-OS 12.1.4-h3", "PAN-OS 12.1.4-h2", "PAN-OS 12.1.4", "PAN-OS 12.1.3-h3", "PAN-OS 12.1.3-h1", "PAN-OS 12.1.3", "PAN-OS 12.1.2", "PAN-OS 11.2.11", "PAN-OS 11.2.10-h4", "PAN-OS 11.2.10-h3", "PAN-OS 11.2.10-h2", "PAN-OS 11.2.10-h1", "PAN-OS 11.2.10", "PAN-OS 11.2.9", "PAN-OS 11.2.8", "PAN-OS 11.2.7-h11", "PAN-OS 11.2.7-h10", "PAN-OS 11.2.7-h8", "PAN-OS 11.2.7-h7", "PAN-OS 11.2.7-h4", "PAN-OS 11.2.7-h3", "PAN-OS 11.2.7-h2", "PAN-OS 11.2.7-h1", "PAN-OS 11.2.7", "PAN-OS 11.2.6", "PAN-OS 11.2.5", "PAN-OS 11.2.4-h15", "PAN-OS 11.2.4-h14", "PAN-OS 11.2.4-h12", "PAN-OS 11.2.4-h11", "PAN-OS 11.2.4-h10", "PAN-OS 11.2.4-h9", "PAN-OS 11.2.4-h8", "PAN-OS 11.2.4-h7", "PAN-OS 11.2.4-h6", "PAN-OS 11.2.4-h5", "PAN-OS 11.2.4-h4", "PAN-OS 11.2.4-h3", "PAN-OS 11.2.4-h2", "PAN-OS 11.2.4-h1", "PAN-OS 11.2.4", "PAN-OS 11.2.3-h5", "PAN-OS 11.2.3-h4", "PAN-OS 11.2.3-h3", "PAN-OS 11.2.3-h2", "PAN-OS 11.2.3-h1", "PAN-OS 11.2.3", "PAN-OS 11.2.2-h2", "PAN-OS 11.2.2-h1", "PAN-OS 11.2.1-h1", "PAN-OS 11.2.1", "PAN-OS 11.2.0-h1", "PAN-OS 11.2.0", "PAN-OS 11.1.13-h3", "PAN-OS 11.1.13-h2", "PAN-OS 11.1.13-h1", "PAN-OS 11.1.13", "PAN-OS 11.1.12", "PAN-OS 11.1.11", "PAN-OS 11.1.10-h21", "PAN-OS 11.1.10-h12", "PAN-OS 11.1.10-h10", "PAN-OS 11.1.10-h9", "PAN-OS 11.1.10-h7", "PAN-OS 11.1.10-h5", "PAN-OS 11.1.10-h4", "PAN-OS 11.1.10-h1", "PAN-OS 11.1.10", "PAN-OS 11.1.9", "PAN-OS 11.1.8", "PAN-OS 11.1.6-h29", "PAN-OS 11.1.6-h25", "PAN-OS 11.1.6-h23", "PAN-OS 11.1.6-h22", "PAN-OS 11.1.6-h21", "PAN-OS 11.1.6-h20", "PAN-OS 11.1.6-h19", "PAN-OS 11.1.6-h18", "PAN-OS 11.1.6-h17", "PAN-OS 11.1.6-h14", "PAN-OS 11.1.6-h10", "PAN-OS 11.1.6-h7", "PAN-OS 11.1.6-h6", "PAN-OS 11.1.6-h4", "PAN-OS 11.1.6-h3", "PAN-OS 11.1.6-h2", "PAN-OS 11.1.6-h1", "PAN-OS 11.1.6", "PAN-OS 11.1.5-h1", "PAN-OS 11.1.5", "PAN-OS 11.1.4-h27", "PAN-OS 11.1.4-h25", "PAN-OS 11.1.4-h18", "PAN-OS 11.1.4-h17", "PAN-OS 11.1.4-h15", "PAN-OS 11.1.4-h13", "PAN-OS 11.1.4-h12", "PAN-OS 11.1.4-h11", "PAN-OS 11.1.4-h10", "PAN-OS 11.1.4-h9", "PAN-OS 11.1.4-h8", "PAN-OS 11.1.4-h7", "PAN-OS 11.1.4-h6", "PAN-OS 11.1.4-h5", "PAN-OS 11.1.4-h4", "PAN-OS 11.1.4-h3", "PAN-OS 11.1.4-h2", "PAN-OS 11.1.4-h1", "PAN-OS 11.1.4", "PAN-OS 11.1.3-h13", "PAN-OS 11.1.3-h12", "PAN-OS 11.1.3-h11", "PAN-OS 11.1.3-h10", "PAN-OS 11.1.3-h9", "PAN-OS 11.1.3-h8", "PAN-OS 11.1.3-h7", "PAN-OS 11.1.3-h6", "PAN-OS 11.1.3-h5", "PAN-OS 11.1.3-h4", "PAN-OS 11.1.3-h3", "PAN-OS 11.1.3-h2", "PAN-OS 11.1.3-h1", "PAN-OS 11.1.3", "PAN-OS 11.1.2-h18", "PAN-OS 11.1.2-h17", "PAN-OS 11.1.2-h16", "PAN-OS 11.1.2-h15", "PAN-OS 11.1.2-h14", "PAN-OS 11.1.2-h13", "PAN-OS 11.1.2-h12", "PAN-OS 11.1.2-h11", "PAN-OS 11.1.2-h10", "PAN-OS 11.1.2-h9", "PAN-OS 11.1.2-h8", "PAN-OS 11.1.2-h7", "PAN-OS 11.1.2-h6", "PAN-OS 11.1.2-h5", "PAN-OS 11.1.2-h4", "PAN-OS 11.1.2-h3", "PAN-OS 11.1.2-h2", "PAN-OS 11.1.2-h1", "PAN-OS 11.1.2", "PAN-OS 11.1.1-h2", "PAN-OS 11.1.1-h1", "PAN-OS 11.1.1", "PAN-OS 11.1.0-h4", "PAN-OS 11.1.0-h3", "PAN-OS 11.1.0-h2", "PAN-OS 11.1.0-h1", "PAN-OS 11.1.0", "PAN-OS 10.2.18-h1", "PAN-OS 10.2.18", "PAN-OS 10.2.17", "PAN-OS 10.2.16-h6", "PAN-OS 10.2.16-h4", "PAN-OS 10.2.16-h1", "PAN-OS 10.2.16", "PAN-OS 10.2.15", "PAN-OS 10.2.14-h1", "PAN-OS 10.2.14", "PAN-OS 10.2.13-h18", "PAN-OS 10.2.13-h16", "PAN-OS 10.2.13-h15", "PAN-OS 10.2.13-h10", "PAN-OS 10.2.13-h7", "PAN-OS 10.2.13-h5", "PAN-OS 10.2.13-h4", "PAN-OS 10.2.13-h3", "PAN-OS 10.2.13-h2", "PAN-OS 10.2.13-h1", "PAN-OS 10.2.13", "PAN-OS 10.2.12-h6", "PAN-OS 10.2.12-h5", "PAN-OS 10.2.12-h4", "PAN-OS 10.2.12-h3", "PAN-OS 10.2.12-h2", "PAN-OS 10.2.12-h1", "PAN-OS 10.2.12", "PAN-OS 10.2.11-h13", "PAN-OS 10.2.11-h12", "PAN-OS 10.2.11-h11", "PAN-OS 10.2.11-h10", "PAN-OS 10.2.11-h9", "PAN-OS 10.2.11-h8", "PAN-OS 10.2.11-h7", "PAN-OS 10.2.11-h6", "PAN-OS 10.2.11-h5", "PAN-OS 10.2.11-h4", "PAN-OS 10.2.11-h3", "PAN-OS 10.2.11-h2", "PAN-OS 10.2.11-h1", "PAN-OS 10.2.11", "PAN-OS 10.2.10-h31", "PAN-OS 10.2.10-h30", "PAN-OS 10.2.10-h27", "PAN-OS 10.2.10-h26", "PAN-OS 10.2.10-h23", "PAN-OS 10.2.10-h21", "PAN-OS 10.2.10-h18", "PAN-OS 10.2.10-h17", "PAN-OS 10.2.10-h14", "PAN-OS 10.2.10-h13", "PAN-OS 10.2.10-h12", "PAN-OS 10.2.10-h11", "PAN-OS 10.2.10-h10", "PAN-OS 10.2.10-h9", "PAN-OS 10.2.10-h8", "PAN-OS 10.2.10-h7", "PAN-OS 10.2.10-h6", "PAN-OS 10.2.10-h5", "PAN-OS 10.2.10-h4", "PAN-OS 10.2.10-h3", "PAN-OS 10.2.10-h2", "PAN-OS 10.2.10-h1", "PAN-OS 10.2.10", "PAN-OS 10.2.9-h21", "PAN-OS 10.2.9-h20", "PAN-OS 10.2.9-h19", "PAN-OS 10.2.9-h18", "PAN-OS 10.2.9-h17", "PAN-OS 10.2.9-h16", "PAN-OS 10.2.9-h15", "PAN-OS 10.2.9-h14", "PAN-OS 10.2.9-h13", "PAN-OS 10.2.9-h12", "PAN-OS 10.2.9-h11", "PAN-OS 10.2.9-h10", "PAN-OS 10.2.9-h9", "PAN-OS 10.2.9-h8", "PAN-OS 10.2.9-h7", "PAN-OS 10.2.9-h6", "PAN-OS 10.2.9-h5", "PAN-OS 10.2.9-h4", "PAN-OS 10.2.9-h3", "PAN-OS 10.2.9-h2", "PAN-OS 10.2.9-h1", "PAN-OS 10.2.9", "PAN-OS 10.2.8-h21", "PAN-OS 10.2.8-h20", "PAN-OS 10.2.8-h19", "PAN-OS 10.2.8-h18", "PAN-OS 10.2.8-h17", "PAN-OS 10.2.8-h16", "PAN-OS 10.2.8-h15", "PAN-OS 10.2.8-h14", "PAN-OS 10.2.8-h13", "PAN-OS 10.2.8-h12", "PAN-OS 10.2.8-h11", "PAN-OS 10.2.8-h10", "PAN-OS 10.2.8-h9", "PAN-OS 10.2.8-h8", "PAN-OS 10.2.8-h7", "PAN-OS 10.2.8-h6", "PAN-OS 10.2.8-h5", "PAN-OS 10.2.8-h4", "PAN-OS 10.2.8-h3", "PAN-OS 10.2.8-h2", "PAN-OS 10.2.8-h1", "PAN-OS 10.2.8", "PAN-OS 10.2.7-h32", "PAN-OS 10.2.7-h24", "PAN-OS 10.2.7-h23", "PAN-OS 10.2.7-h22", "PAN-OS 10.2.7-h21", "PAN-OS 10.2.7-h20", "PAN-OS 10.2.7-h19", "PAN-OS 10.2.7-h18", "PAN-OS 10.2.7-h17", "PAN-OS 10.2.7-h16", "PAN-OS 10.2.7-h15", "PAN-OS 10.2.7-h14", "PAN-OS 10.2.7-h13", "PAN-OS 10.2.7-h12", "PAN-OS 10.2.7-h11", "PAN-OS 10.2.7-h10", "PAN-OS 10.2.7-h9", "PAN-OS 10.2.7-h8", "PAN-OS 10.2.7-h7", "PAN-OS 10.2.7-h6", "PAN-OS 10.2.7-h5", "PAN-OS 10.2.7-h4", "PAN-OS 10.2.7-h3", "PAN-OS 10.2.7-h2", "PAN-OS 10.2.7-h1", "PAN-OS 10.2.7", "PAN-OS 10.2.6-h6", "PAN-OS 10.2.6-h5", "PAN-OS 10.2.6-h4", "PAN-OS 10.2.6-h3", "PAN-OS 10.2.6-h2", "PAN-OS 10.2.6-h1", "PAN-OS 10.2.6", "PAN-OS 10.2.5-h9", "PAN-OS 10.2.5-h8", "PAN-OS 10.2.5-h7", "PAN-OS 10.2.5-h6", "PAN-OS 10.2.5-h5", "PAN-OS 10.2.5-h4", "PAN-OS 10.2.5-h3", "PAN-OS 10.2.5-h2", "PAN-OS 10.2.5-h1", "PAN-OS 10.2.5", "PAN-OS 10.2.4-h32", "PAN-OS 10.2.4-h31", "PAN-OS 10.2.4-h30", "PAN-OS 10.2.4-h29", "PAN-OS 10.2.4-h28", "PAN-OS 10.2.4-h27", "PAN-OS 10.2.4-h26", "PAN-OS 10.2.4-h25", "PAN-OS 10.2.4-h24", "PAN-OS 10.2.4-h23", "PAN-OS 10.2.4-h22", "PAN-OS 10.2.4-h21", "PAN-OS 10.2.4-h20", "PAN-OS 10.2.4-h19", "PAN-OS 10.2.4-h18", "PAN-OS 10.2.4-h17", "PAN-OS 10.2.4-h16", "PAN-OS 10.2.4-h15", "PAN-OS 10.2.4-h14", "PAN-OS 10.2.4-h13", "PAN-OS 10.2.4-h12", "PAN-OS 10.2.4-h11", "PAN-OS 10.2.4-h10", "PAN-OS 10.2.4-h9", "PAN-OS 10.2.4-h8", "PAN-OS 10.2.4-h7", "PAN-OS 10.2.4-h6", "PAN-OS 10.2.4-h5", "PAN-OS 10.2.4-h4", "PAN-OS 10.2.4-h3", "PAN-OS 10.2.4-h2", "PAN-OS 10.2.4-h1", "PAN-OS 10.2.4", "PAN-OS 10.2.3-h14", "PAN-OS 10.2.3-h13", "PAN-OS 10.2.3-h12", "PAN-OS 10.2.3-h11", "PAN-OS 10.2.3-h10", "PAN-OS 10.2.3-h9", "PAN-OS 10.2.3-h8", "PAN-OS 10.2.3-h7", "PAN-OS 10.2.3-h6", "PAN-OS 10.2.3-h5", "PAN-OS 10.2.3-h4", "PAN-OS 10.2.3-h3", "PAN-OS 10.2.3-h2", "PAN-OS 10.2.3-h1", "PAN-OS 10.2.3", "PAN-OS 10.2.2-h6", "PAN-OS 10.2.2-h5", "PAN-OS 10.2.2-h4", "PAN-OS 10.2.2-h3", "PAN-OS 10.2.2-h2", "PAN-OS 10.2.2-h1", "PAN-OS 10.2.2", "PAN-OS 10.2.1-h3", "PAN-OS 10.2.1-h2", "PAN-OS 10.2.1-h1", "PAN-OS 10.2.1", "PAN-OS 10.2.0-h4", "PAN-OS 10.2.0-h3", "PAN-OS 10.2.0-h2", "PAN-OS 10.2.0-h1", "PAN-OS 10.2.0"]}, "adp": [{"references": [{"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-0257", "tags": ["government-resource"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-05-29T19:19:54.313458Z", "id": "CVE-2026-0257", "options": [{"Exploitation": "active"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2026-05-29", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-0257"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-29T19:58:23.585Z"}, "timeline": [{"time": "2026-05-29T00:00:00.000Z", "lang": "en", "value": "CVE-2026-0257 added to CISA KEV"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-0257", "role": "CISA Coordinator", "options": [{"Exploitation": "active"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-05-29T19:19:54.313458Z"}}}], "references": [{"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-0257", "tags": ["government-resource"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-13T18:59:12.375Z"}}], "cna": {"title": "PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities", "source": {"discovery": "INTERNAL"}, "credits": [{"lang": "en", "type": "other", "value": "Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue."}], "impacts": [{"capecId": "CAPEC-114", "descriptions": [{"lang": "en", "value": "CAPEC-114 Authentication Abuse"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "AUTOMATIC", "baseScore": 4.7, "Automatable": "NO", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:N/E:U/AU:N/R:A/V:D/RE:M/U:Amber", "exploitMaturity": "UNREPORTED", "providerUrgency": "AMBER", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "LOW", "vulnerabilityResponseEffort": "MODERATE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Palo Alto Networks", "product": "Cloud NGFW", "versions": [{"status": "unaffected", "version": "All", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"cpes": ["cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h5:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h3:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h2:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h6:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h5:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h4:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h3:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h2:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h1:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h12:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h11:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h10:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h8:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h7:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h4:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h3:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h2:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h1:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h15:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h14:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h12:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h11:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h10:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h9:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h8:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h7:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h6:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h5:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h4:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h3:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h2:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h1:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.14:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h3:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h2:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h1:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h21:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h12:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h10:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h9:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h7:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h5:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h4:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h1:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h29:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h25:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h23:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h22:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h21:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h20:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h19:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h18:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h17:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h14:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h10:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h7:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h6:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h4:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h3:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h2:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h1:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h32:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h27:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h25:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h18:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h17:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h15:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h13:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h12:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h11:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h10:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h9:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h8:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h7:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h6:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h5:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h4:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h3:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h2:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h1:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h5:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h1:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h6:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h4:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h1:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h18:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h16:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h15:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h10:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h7:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h5:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h4:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h3:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h2:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h1:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h31:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h30:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h27:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h26:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h23:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h21:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h18:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h17:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h14:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h13:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h12:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h11:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h10:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h9:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h8:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h7:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h6:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h5:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h4:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h3:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h2:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h1:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h32:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h24:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h23:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h22:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h21:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h20:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h19:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h18:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h17:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h16:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h15:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h14:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h13:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h12:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h11:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h10:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h9:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h8:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h7:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h6:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h5:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h4:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h3:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h2:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h1:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*"], "vendor": "Palo Alto Networks", "product": "PAN-OS", "versions": [{"status": "affected", "changes": [{"at": "12.1.7", "status": "unaffected"}, {"at": "12.1.4-h6", "status": "unaffected"}], "version": "12.1.0", "lessThan": "12.1.7, 12.1.4-h6", "versionType": "custom"}, {"status": "affected", "changes": [{"at": "11.2.12", "status": "unaffected"}, {"at": "11.2.10-h7", "status": "unaffected"}, {"at": "11.2.7-h14", "status": "unaffected"}, {"at": "11.2.4-h17", "status": "unaffected"}], "version": "11.2.0", "lessThan": "11.2.12, 11.2.10-h7, 11.2.7-h14, 11.2.4-h17", "versionType": "custom"}, {"status": "affected", "changes": [{"at": "11.1.15", "status": "unaffected"}, {"at": "11.1.13-h5", "status": "unaffected"}, {"at": "11.1.10-h25", "status": "unaffected"}, {"at": "11.1.7-h6", "status": "unaffected"}, {"at": "11.1.6-h32", "status": "unaffected"}, {"at": "11.1.4-h33", "status": "unaffected"}], "version": "11.1.0", "lessThan": "11.1.15, 11.1.13-h5, 11.1.10-h25, 11.1.7-h6, 11.1.6-h32, 11.1.4-h33", "versionType": "custom"}, {"status": "affected", "changes": [{"at": "10.2.18-h6", "status": "unaffected"}, {"at": "10.2.16-h7", "status": "unaffected"}, {"at": "10.2.13-h21", "status": "unaffected"}, {"at": "10.2.10-h36", "status": "unaffected"}, {"at": "10.2.7-h34", "status": "unaffected"}], "version": "10.2.0", "lessThan": "10.2.18-h6, 10.2.16-h7, 10.2.13-h21, 10.2.10-h36, 10.2.7-h34", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Palo Alto Networks", "product": "Prisma Access", "versions": [{"status": "affected", "changes": [{"at": "10.2.10-h36", "status": "unaffected"}], "version": "10.2.0", "lessThan": "10.2.10-h36", "versionType": "custom"}, {"status": "affected", "changes": [{"at": "11.2.7-h13", "status": "unaffected"}], "version": "11.2.0", "lessThan": "11.2.7-h13", "versionType": "custom"}], "defaultStatus": "unaffected"}], "exploits": [{"lang": "en", "value": "Palo Alto Networks is not aware of any malicious exploitation of these issues.", "supportingMedia": [{"type": "text/html", "value": "<p>Palo Alto Networks is not aware of any malicious exploitation of these issues.</p>", "base64": false}]}], "timeline": [{"lang": "en", "time": "2026-05-13T16:00:00.000Z", "value": "Initial publication."}], "solutions": [{"lang": "eng", "value": "VERSION MINOR VERSION SUGGESTED SOLUTION\nCloud NGFW All No action needed.\nPAN-OS 12.1 12.1.5 through 12.1.6 Upgrade to 12.1.7 or later.\n 12.1.2 through 12.1.4-h* Upgrade to 12.1.4-h6 or 12.1.7 or later.\nPAN-OS 11.2 11.2.11 or later Upgrade to 11.2.12 or later.\n 11.2.8 through 11.2.10-h* Upgrade to 11.2.10-h7 or 11.2.12 or later.\n 11.2.5 through 11.2.7-h* Upgrade to 11.2.7-h14 or 11.2.12 or later.\n 11.2.0 through 11.2.4-h* Upgrade to 11.2.4-h17 or 11.2.12 or later.\nPAN-OS 11.1 11.1.14 or later Upgrade to 11.1.15 or later.\n 11.1.11 through 11.1.13-h* Upgrade to 11.1.13-h5 or 11.1.15 or later.\n 11.1.8 through 11.1.10-h* Upgrade to 11.1.10-h25 or 11.1.15 or later.\n 11.1.7 through 11.1.7-h* Upgrade to 11.1.7-h6 or 11.1.15 or later.\n 11.1.5 through 11.1.6-h* Upgrade to 11.1.6-h32 or 11.1.15 or later.\n 11.1.0 through 11.1.4-h* Upgrade to 11.1.4-h33 or 11.1.15 or later.\nPAN-OS 10.2 10.2.17 through 10.2.18-h* Upgrade to 10.2.18 or 10.2.18-h6 or later.\n 10.2.14 through 10.2.16-h* Upgrade to 10.2.16-h7 or 10.2.18 or later.\n 10.2.11 through 10.2.13-h* Upgrade to 10.2.13-h21 or 10.2.18 or later.\n 10.2.8 through 10.2.10-h* Upgrade to 10.2.10-h36 or 10.2.18 or later.\n 10.2.0 through 10.2.7-h* Upgrade to 10.2.7-h34 or 10.2.18 or later.\nAll older Upgrade to a supported fixed version.\nunsupported\nPAN-OS versions\nPrisma Access 10.2 10.2.0 through 10.2.10-h* Upgrade to 10.2.10-h36 or later.\nPrisma Access 11.2 11.2.0 through 11.2.7-h* Upgrade to 11.2.7-h13 or later.\n\nNote: With this fix, if the firewall is configured to use an authentication override cookie for the GlobalProtect Portal or Gateway, it will regenerate the cookie using a more secure method. Therefore, GP users will need to re-authenticate after a PAN-OS upgrade, even if a valid cookie is present. This is a one time requirement. Once they re-authenticate after the upgrade, the authentication override cookie and its validity will work as they do today.", "supportingMedia": [{"type": "text/html", "value": "<table class=\"tbl\"><thead><tr><th>Version<br></th><th>Minor Version<br></th><th>Suggested Solution<br></th></tr></thead><tbody><tr><td>Cloud NGFW All<br></td><td></td><td>No action needed.</td></tr><tr>\n <td>PAN-OS 12.1<br></td>\n <td>12.1.5 through 12.1.6</td>\n <td>Upgrade to 12.1.7 or later.</td>\n </tr><tr>\n <td></td>\n <td>12.1.2 through 12.1.4-h*</td>\n <td>Upgrade to 12.1.4-h6 or 12.1.7 or later.</td>\n </tr><tr>\n <td>PAN-OS 11.2<br></td>\n <td>11.2.11 or later</td>\n <td>Upgrade to 11.2.12 or later.</td>\n </tr><tr>\n <td></td>\n <td>11.2.8 through 11.2.10-h*</td>\n <td>Upgrade to 11.2.10-h7 or 11.2.12 or later.</td>\n </tr><tr>\n <td></td>\n <td>11.2.5 through 11.2.7-h*</td>\n <td>Upgrade to 11.2.7-h14 or 11.2.12 or later.</td>\n </tr><tr>\n <td></td>\n <td>11.2.0 through 11.2.4-h*</td>\n <td>Upgrade to 11.2.4-h17 or 11.2.12 or later.</td>\n </tr><tr>\n <td>PAN-OS 11.1<br></td>\n <td>11.1.14 or later</td>\n <td>Upgrade to 11.1.15 or later.</td>\n </tr><tr>\n <td></td>\n <td>11.1.11 through 11.1.13-h*</td>\n <td>Upgrade to 11.1.13-h5 or 11.1.15 or later.</td>\n </tr><tr>\n <td></td>\n <td>11.1.8 through 11.1.10-h*</td>\n <td>Upgrade to 11.1.10-h25 or 11.1.15 or later.</td>\n </tr><tr>\n <td></td>\n <td>11.1.7 through 11.1.7-h*</td>\n <td>Upgrade to 11.1.7-h6 or 11.1.15 or later.</td>\n </tr><tr>\n <td></td>\n <td>11.1.5 through 11.1.6-h*</td>\n <td>Upgrade to 11.1.6-h32 or 11.1.15 or later.</td>\n </tr><tr>\n <td></td>\n <td>11.1.0 through 11.1.4-h*</td>\n <td>Upgrade to 11.1.4-h33 or 11.1.15 or later.</td>\n </tr><tr>\n <td>PAN-OS 10.2<br></td>\n <td>10.2.17 through 10.2.18-h*</td>\n <td>Upgrade to 10.2.18 or 10.2.18-h6 or later.</td>\n </tr><tr>\n <td></td>\n <td>10.2.14 through 10.2.16-h*</td>\n <td>Upgrade to 10.2.16-h7 or 10.2.18 or later.</td>\n </tr><tr>\n <td></td>\n <td>10.2.11 through 10.2.13-h*</td>\n <td>Upgrade to 10.2.13-h21 or 10.2.18 or later.</td>\n </tr><tr>\n <td></td>\n <td>10.2.8 through 10.2.10-h*</td>\n <td>Upgrade to 10.2.10-h36 or 10.2.18 or later.</td>\n </tr><tr>\n <td></td>\n <td>10.2.0 through 10.2.7-h*</td>\n <td>Upgrade to 10.2.7-h34 or 10.2.18 or later.</td>\n </tr><tr><td>All older<br>unsupported<br>PAN-OS versions</td><td>&nbsp;</td><td>Upgrade to a supported fixed version.</td></tr><tr>\n <td>Prisma Access 10.2<br></td>\n <td>10.2.0 through 10.2.10-h*</td>\n <td>Upgrade to 10.2.10-h36 or later.</td>\n </tr><tr>\n <td>Prisma Access 11.2<br></td>\n <td>11.2.0 through 11.2.7-h*</td>\n <td>Upgrade to 11.2.7-h13 or later.<br></td>\n </tr></tbody></table><p><b>Note</b>:&nbsp;With this fix, if the firewall is configured to use an authentication override cookie for the GlobalProtect Portal or Gateway, it will regenerate the cookie using a more secure method. Therefore, GP users will need to re-authenticate after a PAN-OS upgrade, even if a valid cookie is present. This is a one time requirement. Once they re-authenticate after the upgrade, the authentication override cookie and its validity will work as they do today.</p>", "base64": false}]}], "datePublic": "2026-05-13T16:00:00.000Z", "references": [{"url": "https://security.paloaltonetworks.com/CVE-2026-0257", "tags": ["vendor-advisory"]}], "workarounds": [{"lang": "eng", "value": "Customers can mitigate the risk of this issue by taking any of the following actions:\n\n\n\n * Use a dedicated certificate for Authentication Override cookies: Generate a new certificate exclusively for authentication override cookies and store it securely. Do not reuse the portal or gateway certificate, and do not share this certificate with other features or users.\n * Disable Authentication Override: Uncheck the Authentication Override options (for generating and accepting cookies) in the GlobalProtect portal and gateway configuration.", "supportingMedia": [{"type": "text/html", "value": "<p><span>Customers can mitigate the risk of this issue by taking any of the following actions:</span></p><p></p><ul><li><span><b><span>Use a dedicated certificate for </span>Authentication Override cookies:</b>&nbsp;</span><span>Generate a new certificate exclusively for authentication override cookies and store it securely. Do not reuse the portal or gateway certificate, and do not share this certificate with other features or users.</span></li><li><span><b>Disable Authentication Override:</b></span><span> Uncheck the Authentication Override options (for generating and accepting cookies) in the GlobalProtect portal and gateway configuration.</span></li></ul><p></p>", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS\u00ae software allows the attacker to bypass security restrictions and establish an unauthorized VPN connection.\n\nPanorama and Cloud NGFW are not impacted by these issues.", "supportingMedia": [{"type": "text/html", "value": "<p>Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS\u00ae software allows the attacker to bypass security restrictions and establish an unauthorized VPN connection.<br><br>Panorama and Cloud NGFW are not impacted by these issues.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-565", "description": "CWE-565 Reliance on Cookies without Validation and Integrity Checking"}]}], "configurations": [{"lang": "eng", "value": "This issue affects firewalls with GlobalProtect portal or gateway configured when authentication override cookies are enabled and a specific certificate configuration exists. To check if authentication cookies are enabled follow the steps below:\n\nOn the Portal:\n\n1. Navigate to Network > GlobalProtect > Portals in the management interface.\n2. Click on your Portal Name and go to the Agent tab.\n3. Click on your Agent Configuration profile.\n4. Go to the Authentication tab.\n5. Generate cookie for authentication override or Accept cookie for authentication override options are checked.\n\n\nOn the Gateway:\n\n1. Navigate to Network > GlobalProtect > Gateways in the management interface.\n2. Click on your Gateway Name and go to the Agent tab.\n3. Click on your Client Settings profile.\n4. Go to the Authentication Override tab.\n5. Accept cookie for authentication override option is checked.", "supportingMedia": [{"type": "text/html", "value": "<p>This issue affects firewalls with GlobalProtect portal or gateway configured when authentication override cookies are enabled and a specific certificate configuration exists. To check if authentication cookies are enabled follow the steps below:</p><p>On the Portal:<br><br>1. Navigate to <b>Network</b> &gt; <b>GlobalProtect</b> &gt; <b>Portals</b> in the management interface.<br>2. Click on your <b>Portal Name</b> and go to the <b>Agent</b> tab.<br>3. Click on your <b>Agent Configuration</b> profile.<br>4. Go to the <b>Authentication</b> tab.<br>5. <b>Generate cookie for authentication override</b> or <b>Accept cookie for authentication override</b> options are checked.<br></p>On the Gateway:<br><br>1. Navigate to <b>Network</b> &gt; <b>GlobalProtect</b> &gt; <b>Gateways</b> in the management interface.<br>2. Click on your <b>Gateway Name</b> and go to the <b>Agent</b> tab.<br>3. Click on your <b>Client Settings</b> profile.<br>4. Go to the <b>Authentication Override</b> tab.<br>5. <b>Accept cookie for authentication override</b> option is checked.<p></p>", "base64": false}]}], "x_affectedList": ["PAN-OS 12.1.6", "PAN-OS 12.1.5", "PAN-OS 12.1.4-h3", "PAN-OS 12.1.4-h2", "PAN-OS 12.1.4", "PAN-OS 12.1.3-h3", "PAN-OS 12.1.3-h1", "PAN-OS 12.1.3", "PAN-OS 12.1.2", "PAN-OS 11.2.11", "PAN-OS 11.2.10-h4", "PAN-OS 11.2.10-h3", "PAN-OS 11.2.10-h2", "PAN-OS 11.2.10-h1", "PAN-OS 11.2.10", "PAN-OS 11.2.9", "PAN-OS 11.2.8", "PAN-OS 11.2.7-h11", "PAN-OS 11.2.7-h10", "PAN-OS 11.2.7-h8", "PAN-OS 11.2.7-h7", "PAN-OS 11.2.7-h4", "PAN-OS 11.2.7-h3", "PAN-OS 11.2.7-h2", "PAN-OS 11.2.7-h1", "PAN-OS 11.2.7", "PAN-OS 11.2.6", "PAN-OS 11.2.5", "PAN-OS 11.2.4-h15", "PAN-OS 11.2.4-h14", "PAN-OS 11.2.4-h12", "PAN-OS 11.2.4-h11", "PAN-OS 11.2.4-h10", "PAN-OS 11.2.4-h9", "PAN-OS 11.2.4-h8", "PAN-OS 11.2.4-h7", "PAN-OS 11.2.4-h6", "PAN-OS 11.2.4-h5", "PAN-OS 11.2.4-h4", "PAN-OS 11.2.4-h3", "PAN-OS 11.2.4-h2", "PAN-OS 11.2.4-h1", "PAN-OS 11.2.4", "PAN-OS 11.2.3-h5", "PAN-OS 11.2.3-h4", "PAN-OS 11.2.3-h3", "PAN-OS 11.2.3-h2", "PAN-OS 11.2.3-h1", "PAN-OS 11.2.3", "PAN-OS 11.2.2-h2", "PAN-OS 11.2.2-h1", "PAN-OS 11.2.1-h1", "PAN-OS 11.2.1", "PAN-OS 11.2.0-h1", "PAN-OS 11.2.0", "PAN-OS 11.1.13-h3", "PAN-OS 11.1.13-h2", "PAN-OS 11.1.13-h1", "PAN-OS 11.1.13", "PAN-OS 11.1.12", "PAN-OS 11.1.11", "PAN-OS 11.1.10-h21", "PAN-OS 11.1.10-h12", "PAN-OS 11.1.10-h10", "PAN-OS 11.1.10-h9", "PAN-OS 11.1.10-h7", "PAN-OS 11.1.10-h5", "PAN-OS 11.1.10-h4", "PAN-OS 11.1.10-h1", "PAN-OS 11.1.10", "PAN-OS 11.1.9", "PAN-OS 11.1.8", "PAN-OS 11.1.6-h29", "PAN-OS 11.1.6-h25", "PAN-OS 11.1.6-h23", "PAN-OS 11.1.6-h22", "PAN-OS 11.1.6-h21", "PAN-OS 11.1.6-h20", "PAN-OS 11.1.6-h19", "PAN-OS 11.1.6-h18", "PAN-OS 11.1.6-h17", "PAN-OS 11.1.6-h14", "PAN-OS 11.1.6-h10", "PAN-OS 11.1.6-h7", "PAN-OS 11.1.6-h6", "PAN-OS 11.1.6-h4", "PAN-OS 11.1.6-h3", "PAN-OS 11.1.6-h2", "PAN-OS 11.1.6-h1", "PAN-OS 11.1.6", "PAN-OS 11.1.5-h1", "PAN-OS 11.1.5", "PAN-OS 11.1.4-h27", "PAN-OS 11.1.4-h25", "PAN-OS 11.1.4-h18", "PAN-OS 11.1.4-h17", "PAN-OS 11.1.4-h15", "PAN-OS 11.1.4-h13", "PAN-OS 11.1.4-h12", "PAN-OS 11.1.4-h11", "PAN-OS 11.1.4-h10", "PAN-OS 11.1.4-h9", "PAN-OS 11.1.4-h8", "PAN-OS 11.1.4-h7", "PAN-OS 11.1.4-h6", "PAN-OS 11.1.4-h5", "PAN-OS 11.1.4-h4", "PAN-OS 11.1.4-h3", "PAN-OS 11.1.4-h2", "PAN-OS 11.1.4-h1", "PAN-OS 11.1.4", "PAN-OS 11.1.3-h13", "PAN-OS 11.1.3-h12", "PAN-OS 11.1.3-h11", "PAN-OS 11.1.3-h10", "PAN-OS 11.1.3-h9", "PAN-OS 11.1.3-h8", "PAN-OS 11.1.3-h7", "PAN-OS 11.1.3-h6", "PAN-OS 11.1.3-h5", "PAN-OS 11.1.3-h4", "PAN-OS 11.1.3-h3", "PAN-OS 11.1.3-h2", "PAN-OS 11.1.3-h1", "PAN-OS 11.1.3", "PAN-OS 11.1.2-h18", "PAN-OS 11.1.2-h17", "PAN-OS 11.1.2-h16", "PAN-OS 11.1.2-h15", "PAN-OS 11.1.2-h14", "PAN-OS 11.1.2-h13", "PAN-OS 11.1.2-h12", "PAN-OS 11.1.2-h11", "PAN-OS 11.1.2-h10", "PAN-OS 11.1.2-h9", "PAN-OS 11.1.2-h8", "PAN-OS 11.1.2-h7", "PAN-OS 11.1.2-h6", "PAN-OS 11.1.2-h5", "PAN-OS 11.1.2-h4", "PAN-OS 11.1.2-h3", "PAN-OS 11.1.2-h2", "PAN-OS 11.1.2-h1", "PAN-OS 11.1.2", "PAN-OS 11.1.1-h2", "PAN-OS 11.1.1-h1", "PAN-OS 11.1.1", "PAN-OS 11.1.0-h4", "PAN-OS 11.1.0-h3", "PAN-OS 11.1.0-h2", "PAN-OS 11.1.0-h1", "PAN-OS 11.1.0", "PAN-OS 10.2.18-h1", "PAN-OS 10.2.18", "PAN-OS 10.2.17", "PAN-OS 10.2.16-h6", "PAN-OS 10.2.16-h4", "PAN-OS 10.2.16-h1", "PAN-OS 10.2.16", "PAN-OS 10.2.15", "PAN-OS 10.2.14-h1", "PAN-OS 10.2.14", "PAN-OS 10.2.13-h18", "PAN-OS 10.2.13-h16", "PAN-OS 10.2.13-h15", "PAN-OS 10.2.13-h10", "PAN-OS 10.2.13-h7", "PAN-OS 10.2.13-h5", "PAN-OS 10.2.13-h4", "PAN-OS 10.2.13-h3", "PAN-OS 10.2.13-h2", "PAN-OS 10.2.13-h1", "PAN-OS 10.2.13", "PAN-OS 10.2.12-h6", "PAN-OS 10.2.12-h5", "PAN-OS 10.2.12-h4", "PAN-OS 10.2.12-h3", "PAN-OS 10.2.12-h2", "PAN-OS 10.2.12-h1", "PAN-OS 10.2.12", "PAN-OS 10.2.11-h13", "PAN-OS 10.2.11-h12", "PAN-OS 10.2.11-h11", "PAN-OS 10.2.11-h10", "PAN-OS 10.2.11-h9", "PAN-OS 10.2.11-h8", "PAN-OS 10.2.11-h7", "PAN-OS 10.2.11-h6", "PAN-OS 10.2.11-h5", "PAN-OS 10.2.11-h4", "PAN-OS 10.2.11-h3", "PAN-OS 10.2.11-h2", "PAN-OS 10.2.11-h1", "PAN-OS 10.2.11", "PAN-OS 10.2.10-h31", "PAN-OS 10.2.10-h30", "PAN-OS 10.2.10-h27", "PAN-OS 10.2.10-h26", "PAN-OS 10.2.10-h23", "PAN-OS 10.2.10-h21", "PAN-OS 10.2.10-h18", "PAN-OS 10.2.10-h17", "PAN-OS 10.2.10-h14", "PAN-OS 10.2.10-h13", "PAN-OS 10.2.10-h12", "PAN-OS 10.2.10-h11", "PAN-OS 10.2.10-h10", "PAN-OS 10.2.10-h9", "PAN-OS 10.2.10-h8", "PAN-OS 10.2.10-h7", "PAN-OS 10.2.10-h6", "PAN-OS 10.2.10-h5", "PAN-OS 10.2.10-h4", "PAN-OS 10.2.10-h3", "PAN-OS 10.2.10-h2", "PAN-OS 10.2.10-h1", "PAN-OS 10.2.10", "PAN-OS 10.2.9-h21", "PAN-OS 10.2.9-h20", "PAN-OS 10.2.9-h19", "PAN-OS 10.2.9-h18", "PAN-OS 10.2.9-h17", "PAN-OS 10.2.9-h16", "PAN-OS 10.2.9-h15", "PAN-OS 10.2.9-h14", "PAN-OS 10.2.9-h13", "PAN-OS 10.2.9-h12", "PAN-OS 10.2.9-h11", "PAN-OS 10.2.9-h10", "PAN-OS 10.2.9-h9", "PAN-OS 10.2.9-h8", "PAN-OS 10.2.9-h7", "PAN-OS 10.2.9-h6", "PAN-OS 10.2.9-h5", "PAN-OS 10.2.9-h4", "PAN-OS 10.2.9-h3", "PAN-OS 10.2.9-h2", "PAN-OS 10.2.9-h1", "PAN-OS 10.2.9", "PAN-OS 10.2.8-h21", "PAN-OS 10.2.8-h20", "PAN-OS 10.2.8-h19", "PAN-OS 10.2.8-h18", "PAN-OS 10.2.8-h17", "PAN-OS 10.2.8-h16", "PAN-OS 10.2.8-h15", "PAN-OS 10.2.8-h14", "PAN-OS 10.2.8-h13", "PAN-OS 10.2.8-h12", "PAN-OS 10.2.8-h11", "PAN-OS 10.2.8-h10", "PAN-OS 10.2.8-h9", "PAN-OS 10.2.8-h8", "PAN-OS 10.2.8-h7", "PAN-OS 10.2.8-h6", "PAN-OS 10.2.8-h5", "PAN-OS 10.2.8-h4", "PAN-OS 10.2.8-h3", "PAN-OS 10.2.8-h2", "PAN-OS 10.2.8-h1", "PAN-OS 10.2.8", "PAN-OS 10.2.7-h32", "PAN-OS 10.2.7-h24", "PAN-OS 10.2.7-h23", "PAN-OS 10.2.7-h22", "PAN-OS 10.2.7-h21", "PAN-OS 10.2.7-h20", "PAN-OS 10.2.7-h19", "PAN-OS 10.2.7-h18", "PAN-OS 10.2.7-h17", "PAN-OS 10.2.7-h16", "PAN-OS 10.2.7-h15", "PAN-OS 10.2.7-h14", "PAN-OS 10.2.7-h13", "PAN-OS 10.2.7-h12", "PAN-OS 10.2.7-h11", "PAN-OS 10.2.7-h10", "PAN-OS 10.2.7-h9", "PAN-OS 10.2.7-h8", "PAN-OS 10.2.7-h7", "PAN-OS 10.2.7-h6", "PAN-OS 10.2.7-h5", "PAN-OS 10.2.7-h4", "PAN-OS 10.2.7-h3", "PAN-OS 10.2.7-h2", "PAN-OS 10.2.7-h1", "PAN-OS 10.2.7", "PAN-OS 10.2.6-h6", "PAN-OS 10.2.6-h5", "PAN-OS 10.2.6-h4", "PAN-OS 10.2.6-h3", "PAN-OS 10.2.6-h2", "PAN-OS 10.2.6-h1", "PAN-OS 10.2.6", "PAN-OS 10.2.5-h9", "PAN-OS 10.2.5-h8", "PAN-OS 10.2.5-h7", "PAN-OS 10.2.5-h6", "PAN-OS 10.2.5-h5", "PAN-OS 10.2.5-h4", "PAN-OS 10.2.5-h3", "PAN-OS 10.2.5-h2", "PAN-OS 10.2.5-h1", "PAN-OS 10.2.5", "PAN-OS 10.2.4-h32", "PAN-OS 10.2.4-h31", "PAN-OS 10.2.4-h30", "PAN-OS 10.2.4-h29", "PAN-OS 10.2.4-h28", "PAN-OS 10.2.4-h27", "PAN-OS 10.2.4-h26", "PAN-OS 10.2.4-h25", "PAN-OS 10.2.4-h24", "PAN-OS 10.2.4-h23", "PAN-OS 10.2.4-h22", "PAN-OS 10.2.4-h21", "PAN-OS 10.2.4-h20", "PAN-OS 10.2.4-h19", "PAN-OS 10.2.4-h18", "PAN-OS 10.2.4-h17", "PAN-OS 10.2.4-h16", "PAN-OS 10.2.4-h15", "PAN-OS 10.2.4-h14", "PAN-OS 10.2.4-h13", "PAN-OS 10.2.4-h12", "PAN-OS 10.2.4-h11", "PAN-OS 10.2.4-h10", "PAN-OS 10.2.4-h9", "PAN-OS 10.2.4-h8", "PAN-OS 10.2.4-h7", "PAN-OS 10.2.4-h6", "PAN-OS 10.2.4-h5", "PAN-OS 10.2.4-h4", "PAN-OS 10.2.4-h3", "PAN-OS 10.2.4-h2", "PAN-OS 10.2.4-h1", "PAN-OS 10.2.4", "PAN-OS 10.2.3-h14", "PAN-OS 10.2.3-h13", "PAN-OS 10.2.3-h12", "PAN-OS 10.2.3-h11", "PAN-OS 10.2.3-h10", "PAN-OS 10.2.3-h9", "PAN-OS 10.2.3-h8", "PAN-OS 10.2.3-h7", "PAN-OS 10.2.3-h6", "PAN-OS 10.2.3-h5", "PAN-OS 10.2.3-h4", "PAN-OS 10.2.3-h3", "PAN-OS 10.2.3-h2", "PAN-OS 10.2.3-h1", "PAN-OS 10.2.3", "PAN-OS 10.2.2-h6", "PAN-OS 10.2.2-h5", "PAN-OS 10.2.2-h4", "PAN-OS 10.2.2-h3", "PAN-OS 10.2.2-h2", "PAN-OS 10.2.2-h1", "PAN-OS 10.2.2", "PAN-OS 10.2.1-h3", "PAN-OS 10.2.1-h2", "PAN-OS 10.2.1-h1", "PAN-OS 10.2.1", "PAN-OS 10.2.0-h4", "PAN-OS 10.2.0-h3", "PAN-OS 10.2.0-h2", "PAN-OS 10.2.0-h1", "PAN-OS 10.2.0"], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:palo_alto_networks:cloud_ngfw:all:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "12.1.7_12.1.4-h6", "versionStartIncluding": "12.1.0"}, {"criteria": "cpe:2.3:a:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "11.2.12_11.2.10-h7_11.2.7-h14_11.2.4-h17", "versionStartIncluding": "11.2.0"}, {"criteria": "cpe:2.3:a:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "11.1.15_11.1.13-h5_11.1.10-h25_11.1.7-h6_11.1.6-h32_11.1.4-h33", "versionStartIncluding": "11.1.0"}, {"criteria": "cpe:2.3:a:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "10.2.18-h6_10.2.16-h7_10.2.13-h21_10.2.10-h36_10.2.7-h34", "versionStartIncluding": "10.2.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:palo_alto_networks:prisma_access:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "10.2.10-h36", "versionStartIncluding": "10.2.0"}, {"criteria": "cpe:2.3:a:palo_alto_networks:prisma_access:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "11.2.7-h13", "versionStartIncluding": "11.2.0"}], "operator": "OR"}], "operator": "OR"}], "providerMetadata": {"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "shortName": "palo_alto", "dateUpdated": "2026-05-13T18:15:10.172Z"}}}, "cveMetadata": {"cveId": "CVE-2026-0257", "state": "PUBLISHED", "dateUpdated": "2026-05-28T20:57:40.335Z", "dateReserved": "2025-11-03T20:44:17.691Z", "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "datePublished": "2026-05-13T18:15:10.172Z", "assignerShortName": "palo_alto"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", "matchCriteriaId": "57F7F91D-1366-42D9-B106-B200D38D8A38", "versionEndExcluding": "10.2.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:-:*:*:*:*:*:*", "matchCriteriaId": "A8C42D98-CF8F-456B-9D57-80BBDC2C8E74", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h1:*:*:*:*:*:*", "matchCriteriaId": "B3AAD4BA-22DD-43D3-91F1-8A6F5FBBF029", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h12:*:*:*:*:*:*", "matchCriteriaId": "AA4994CB-6591-4B44-A5D7-3CDF540B97DE", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h16:*:*:*:*:*:*", "matchCriteriaId": "A6AB7874-FE24-42AC-8E3A-822A70722126", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h18:*:*:*:*:*:*", "matchCriteriaId": "34B083B9-CC1B-43CD-9A16-C018F7FA2DDB", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h19:*:*:*:*:*:*", "matchCriteriaId": "0D88CC33-7E32-4E82-8A94-70759E910510", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h21:*:*:*:*:*:*", "matchCriteriaId": "FA91A4E9-CE1E-4CB8-B717-4B0E314C0171", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h24:*:*:*:*:*:*", "matchCriteriaId": "28994519-3519-4E94-8D8B-7C4251A82B8B", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h3:*:*:*:*:*:*", "matchCriteriaId": "776E06EC-2FDA-4664-AB43-9F6BE9B897CA", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h32:*:*:*:*:*:*", "matchCriteriaId": "53981EA8-847F-4FBC-BA55-8EDF591E0FF8", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h6:*:*:*:*:*:*", "matchCriteriaId": "CBE09375-A863-42FF-813F-C20679D7C45C", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h8:*:*:*:*:*:*", "matchCriteriaId": "1311961A-0EF6-488E-B0C2-EDBD508587C9", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:*:*:*:*:*:*:*", "matchCriteriaId": "78EAA309-2755-4ED2-9AFC-F4D9DF8F90D3", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:*:*:*:*:*:*:*", "matchCriteriaId": "5D6D42C2-1CEC-47D2-82B2-1EFE71A8C8A3", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:-:*:*:*:*:*:*", "matchCriteriaId": "03C5ABF2-8C53-4376-8A64-6CB34E18E77C", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h10:*:*:*:*:*:*", "matchCriteriaId": "FF7FCD8B-80DF-4004-A9D2-4EE884F089A6", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h12:*:*:*:*:*:*", "matchCriteriaId": "83C9637A-B615-4CC2-84AA-BDCFE611484C", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h14:*:*:*:*:*:*", "matchCriteriaId": "224270A7-767D-433B-AD51-C031506747C1", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h17:*:*:*:*:*:*", "matchCriteriaId": "A532EFC6-A883-4279-8C05-9CD600B3F963", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h18:*:*:*:*:*:*", "matchCriteriaId": "F4F20C02-DF90-4609-9254-B765481C83E0", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h2:*:*:*:*:*:*", "matchCriteriaId": "872BC747-512A-4872-AC86-E7F1DC589F47", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h21:*:*:*:*:*:*", "matchCriteriaId": "E5E36C87-E01D-49DC-AB73-10E5EE27F596", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h27:*:*:*:*:*:*", "matchCriteriaId": "39437442-B24D-492F-B637-2203492327FC", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h3:*:*:*:*:*:*", "matchCriteriaId": "67F527D0-F85B-4B83-AEA5-BA636FC89210", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h30:*:*:*:*:*:*", "matchCriteriaId": "984BE1FB-ADB7-4831-AEDD-39DBAED078B0", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h31:*:*:*:*:*:*", "matchCriteriaId": "AF2C954D-9763-41E3-A132-F83C82E79BC0", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h4:*:*:*:*:*:*", "matchCriteriaId": "6CF8F985-7E51-49E6-857A-FAAF027F5611", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h5:*:*:*:*:*:*", "matchCriteriaId": "B437DCEA-ABA3-41CA-B320-97EC430F1122", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h7:*:*:*:*:*:*", "matchCriteriaId": "593AFE7A-CB37-4156-A2B8-646A317F3176", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h9:*:*:*:*:*:*", "matchCriteriaId": "A9F032C2-3202-479B-8C70-277F6871A4A4", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:*:*:*:*:*:*:*", "matchCriteriaId": "3079F29C-688B-4FFB-BBC0-5FCD7B5B6905", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:*:*:*:*:*:*:*", "matchCriteriaId": "674C85C5-162E-42DE-ACD1-D18943040E1C", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:-:*:*:*:*:*:*", "matchCriteriaId": "C2B871A6-0636-42A0-9573-6F693D7753AD", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h1:*:*:*:*:*:*", "matchCriteriaId": "F1FC63B8-B8D9-4EC1-85CA-2E12B38ACD3E", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h10:*:*:*:*:*:*", "matchCriteriaId": "F3F8462A-71C0-4F81-9882-C73BC90697CA", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h16:*:*:*:*:*:*", "matchCriteriaId": "C1B72E68-2D01-483F-BEC5-59C49E96B976", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h18:*:*:*:*:*:*", "matchCriteriaId": "E49419C4-9AFE-4B7F-90EF-DB50EBB608D3", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h2:*:*:*:*:*:*", "matchCriteriaId": "60CE628F-C4CB-4342-8D71-DE61A089B612", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h3:*:*:*:*:*:*", "matchCriteriaId": "2447D2B1-A145-4036-B9F2-17648B193465", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h4:*:*:*:*:*:*", "matchCriteriaId": "C24353AF-DC81-49B9-9132-9EEC8E6009BB", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h5:*:*:*:*:*:*", "matchCriteriaId": "B4420489-AE0F-4A48-B2CE-C165BEBFA6A2", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h7:*:*:*:*:*:*", "matchCriteriaId": "C45D8DF1-9483-4B24-AB94-B1FF4A5F2606", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.14:*:*:*:*:*:*:*", "matchCriteriaId": "941CB947-862C-4C17-A039-8CD46D21B3BA", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.15:*:*:*:*:*:*:*", "matchCriteriaId": "146BFB2E-5802-495E-B20D-9783B41357A2", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.16:-:*:*:*:*:*:*", "matchCriteriaId": "BC38A9CD-CDB6-423A-BE8D-2E0E45A3B239", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.16:h1:*:*:*:*:*:*", "matchCriteriaId": "41B48ECA-FD05-4EA2-B1C9-771624EAAFF4", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.16:h4:*:*:*:*:*:*", "matchCriteriaId": "4D65D1F0-323E-41AF-962E-1F9741748A76", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.16:h6:*:*:*:*:*:*", "matchCriteriaId": "D5D41E00-D517-4B81-A7FC-C8E101884807", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.17:*:*:*:*:*:*:*", "matchCriteriaId": "8A30968E-901A-49AE-94B0-C44A5257AADB", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.18:-:*:*:*:*:*:*", "matchCriteriaId": "19604659-570D-4766-B8B5-8B9920E2607F", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.18:h1:*:*:*:*:*:*", "matchCriteriaId": "745A3A2A-73CF-4DC2-968B-ACFC66389E11", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.18:h5:*:*:*:*:*:*", "matchCriteriaId": "3A1E533E-DE4A-4F2F-A71A-FFF56E757087", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "CB628D07-9AB0-4C19-8DA3-DBE5689A3F40", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "3A94EA8A-EADF-416D-AE54-3CF56214714C", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "BC05CBD3-7679-4640-9BE4-FD5418D9F756", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "7F383C3D-0C7A-4B5E-9798-D1CE9632687B", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:-:*:*:*:*:*:*", "matchCriteriaId": "DF83EAA1-49E1-4AD0-A049-F1B3065950BC", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h1:*:*:*:*:*:*", "matchCriteriaId": "BE3F7369-9F35-409A-9F47-45A959592DFA", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h13:*:*:*:*:*:*", "matchCriteriaId": "FD701663-4C57-4115-BD59-9DFFB504E2AF", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h15:*:*:*:*:*:*", "matchCriteriaId": "82816C09-6A9D-4AB2-AA55-62CC714CCA82", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h16:*:*:*:*:*:*", "matchCriteriaId": "9AA9F77D-BC9C-4A2C-8988-6DEE65CD9C8E", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h17:*:*:*:*:*:*", "matchCriteriaId": "A5A3CEBF-9F8A-47F9-A302-7C395F2A8146", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h18:*:*:*:*:*:*", "matchCriteriaId": "A79B51D2-74E8-4BA3-AE33-829A9C1776E9", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h25:*:*:*:*:*:*", "matchCriteriaId": "E08297B1-95E9-4730-B59D-252B958C4199", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h27:*:*:*:*:*:*", "matchCriteriaId": "B56B153E-8693-4257-9E33-38904A949ED8", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h32:*:*:*:*:*:*", "matchCriteriaId": "A220ED95-5E1A-45AA-85BD-8A58CFC6C697", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h4:*:*:*:*:*:*", "matchCriteriaId": "E9DB4DA9-2262-4E9E-B3A1-49D261D01295", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h7:*:*:*:*:*:*", "matchCriteriaId": "4852E738-990C-4DD2-8252-D4625D843A99", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h9:*:*:*:*:*:*", "matchCriteriaId": "CB2C59F8-2583-4510-90F8-500F8329AFFD", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "7C31ACD7-46AB-4092-89F3-7B4C9B642199", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:-:*:*:*:*:*:*", "matchCriteriaId": "52C50A07-F4D8-4F1F-BA61-3429BB1721BE", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h1:*:*:*:*:*:*", "matchCriteriaId": "9D12FF27-C186-467C-8627-1284EBC67243", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h10:*:*:*:*:*:*", "matchCriteriaId": "AF4AA997-35BC-4BC1-9EF2-644503B2D806", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h14:*:*:*:*:*:*", "matchCriteriaId": "12EF4DDF-9773-4B02-8FF4-F94A1D49E6AA", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h17:*:*:*:*:*:*", "matchCriteriaId": "8FAE17BB-7938-41D0-8D62-46F829C647BC", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h19:*:*:*:*:*:*", "matchCriteriaId": "6DA5A0AD-C4FB-4210-8651-F94F2875A0EA", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h2:*:*:*:*:*:*", "matchCriteriaId": "45D633D7-A4B5-4D68-9BAB-D9BA25877F36", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h20:*:*:*:*:*:*", "matchCriteriaId": "B79DB477-A907-4300-A651-16F93880B049", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h21:*:*:*:*:*:*", "matchCriteriaId": "AF74D8FA-677F-484D-9338-A1761614FFD6", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h22:*:*:*:*:*:*", "matchCriteriaId": "F9FC5118-4056-4E22-A1F0-D6FFA2B88472", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h23:*:*:*:*:*:*", "matchCriteriaId": "5E7A808F-F52F-4786-950C-591CCADB2EE4", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h25:*:*:*:*:*:*", "matchCriteriaId": "0CA82012-AA59-44C1-BB9D-0B28764D507E", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h29:*:*:*:*:*:*", "matchCriteriaId": "27233F80-A620-42D3-927D-4FCDE6345456", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h3:*:*:*:*:*:*", "matchCriteriaId": "63729FA6-ED2A-4593-9436-232F282A0A78", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h4:*:*:*:*:*:*", "matchCriteriaId": "F39792EF-61B5-4874-9FD0-7544F8C5C0D4", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h5:*:*:*:*:*:*", "matchCriteriaId": "CCC24BCD-E508-4553-9BAC-468A1078C9A2", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h6:*:*:*:*:*:*", "matchCriteriaId": "4A06B6F4-DCAE-4115-93D4-25D0A37AAB9F", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h7:*:*:*:*:*:*", "matchCriteriaId": "91529C45-FA55-4844-A153-682F729F440D", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.7:-:*:*:*:*:*:*", "matchCriteriaId": "64B56778-2698-493D-80AD-B4AE81F48124", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.7:h1:*:*:*:*:*:*", "matchCriteriaId": "0A9D3E2E-BA37-4F2A-BD43-97DD93E43D08", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.7:h2:*:*:*:*:*:*", "matchCriteriaId": "9DCE8F6C-541E-4C61-ABC8-4A618B0DD58D", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.7:h4:*:*:*:*:*:*", "matchCriteriaId": "1E5EF79B-1A25-4AAB-AF2E-D151359E7FFE", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.8:*:*:*:*:*:*:*", "matchCriteriaId": "7193CCDA-D5D4-41D2-A808-87EDC19F2F49", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.9:*:*:*:*:*:*:*", "matchCriteriaId": "D58FF578-775A-4BC0-9975-2C8B8E51B1E1", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:-:*:*:*:*:*:*", "matchCriteriaId": "A92886DF-C989-47AD-8F68-8F468BBC6E57", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:h1:*:*:*:*:*:*", "matchCriteriaId": "9893920B-A00E-4890-A897-EE1CF0751BA0", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:h10:*:*:*:*:*:*", "matchCriteriaId": "D1289923-12D8-4FDD-B18B-C52516F14922", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:h12:*:*:*:*:*:*", "matchCriteriaId": "AFC923D7-672D-4556-8344-BBD285324067", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:h21:*:*:*:*:*:*", "matchCriteriaId": "E1510DE9-04A3-4E08-872D-C0F6041BCFCD", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:h4:*:*:*:*:*:*", "matchCriteriaId": "31CD3B15-2CE0-404A-9542-9C39B8E71027", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:h5:*:*:*:*:*:*", "matchCriteriaId": "0194DA0B-041A-4810-8BFB-2308290517B3", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:h7:*:*:*:*:*:*", "matchCriteriaId": "69E64D86-034F-4BC7-9A4E-2703D834EBC1", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:h9:*:*:*:*:*:*", "matchCriteriaId": "B992628F-1114-4FC8-9364-800ACE997044", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.11:*:*:*:*:*:*:*", "matchCriteriaId": "73CF31A0-82EC-45DF-87DD-81C458AAF94C", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.12:*:*:*:*:*:*:*", "matchCriteriaId": "77024A63-A28F-4467-8D4C-3CFD41724777", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.13:-:*:*:*:*:*:*", "matchCriteriaId": "9223B0D4-6194-4684-8EF4-84A0EF511D8F", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.13:h1:*:*:*:*:*:*", "matchCriteriaId": "CB16C018-2B70-4F4D-9025-69FF82CD40F0", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.13:h2:*:*:*:*:*:*", "matchCriteriaId": "1259B519-130D-4584-86AA-E4EA1E89ACB2", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.13:h3:*:*:*:*:*:*", "matchCriteriaId": "0DCA6D54-E623-4985-B35F-AC98299828EF", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.14:-:*:*:*:*:*:*", "matchCriteriaId": "20A38461-BC7E-4D75-A168-FA493955A54C", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "AF9D96B4-E4D2-4F35-A4AF-D79BB9F3A41B", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "DAF8163D-1EE5-4955-A317-1BC95581C87D", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "AEEE3CF8-1B67-44D3-8FF1-9EC6C5197835", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "A6DFD05F-0A72-45E0-8D20-E1C28642C973", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:-:*:*:*:*:*:*", "matchCriteriaId": "C01AD190-F3C2-4349-A063-8C5C78B725B9", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h1:*:*:*:*:*:*", "matchCriteriaId": "30F4CD1C-6862-4279-8D2D-40B4D164222F", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h10:*:*:*:*:*:*", "matchCriteriaId": "8137F3AF-BA32-41BC-AD2E-A668FFA33892", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h11:*:*:*:*:*:*", "matchCriteriaId": "8C977AF0-D2B0-401A-A7C5-A1C71AC3C072", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h12:*:*:*:*:*:*", "matchCriteriaId": "B9C0A53F-2AFE-4B0D-AEC1-464E6001E02F", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h14:*:*:*:*:*:*", "matchCriteriaId": "D720448D-F40B-4C92-9101-A48AC36C9CBF", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h15:*:*:*:*:*:*", "matchCriteriaId": "5F12F7AC-D5B3-499E-87DA-27427D8BFFC5", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h2:*:*:*:*:*:*", "matchCriteriaId": "A52B7A7A-483A-4075-B1E9-5C14B66F7FC3", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h4:*:*:*:*:*:*", "matchCriteriaId": "76949F0F-2ADC-492F-83F0-0A1B0E861F97", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h5:*:*:*:*:*:*", "matchCriteriaId": "C1DD83BC-4E8E-4C1D-80C7-A6209B4E70CE", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h6:*:*:*:*:*:*", "matchCriteriaId": "73888909-64C5-41BC-BAE0-BD9BDEEAF723", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h7:*:*:*:*:*:*", "matchCriteriaId": "E7861D82-815D-4894-9E11-1B6B1E66CDEC", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h8:*:*:*:*:*:*", "matchCriteriaId": "D269E33D-9A79-40CC-B79A-C9A398AB7AFE", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h9:*:*:*:*:*:*", "matchCriteriaId": "9762E441-856F-466F-812C-798CA2EEF965", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "0EF09924-12F7-4F76-9FD0-08AF707AA289", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.6:*:*:*:*:*:*:*", "matchCriteriaId": "C62D458B-2BC0-4E0C-8E95-894674DBD791", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:-:*:*:*:*:*:*", "matchCriteriaId": "0A25C9D9-BC83-49AE-BEE7-EF05F8336B01", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h1:*:*:*:*:*:*", "matchCriteriaId": "A93C2B58-EC78-4C3D-89FF-35D9C489E39F", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h10:*:*:*:*:*:*", "matchCriteriaId": "A32E35C0-913E-4348-8AD4-E1F169C40C92", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h11:*:*:*:*:*:*", "matchCriteriaId": "39112398-2A93-4E26-A7DF-0E3FA81C5130", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h12:*:*:*:*:*:*", "matchCriteriaId": "C88442D1-599F-411D-B7A2-E17AA839F177", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h13:*:*:*:*:*:*", "matchCriteriaId": "B3B538CC-6EA0-4555-B828-18A55997F454", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h2:*:*:*:*:*:*", "matchCriteriaId": "D12C3EB6-842E-4378-896C-FDBB2BC75D10", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h3:*:*:*:*:*:*", "matchCriteriaId": "86B41903-FF08-454D-B626-184CB73B122E", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h4:*:*:*:*:*:*", "matchCriteriaId": "396DC378-7716-40F6-88A4-99299A16CAF1", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h7:*:*:*:*:*:*", "matchCriteriaId": "5E5C6E3A-262C-4212-B21C-00E8079AA8CF", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h8:*:*:*:*:*:*", "matchCriteriaId": "4C855108-D3C9-4DE3-B9F4-9735A0A439AF", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.8:*:*:*:*:*:*:*", "matchCriteriaId": "5B887380-062F-45B2-9F25-861227E86377", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.9:*:*:*:*:*:*:*", "matchCriteriaId": "02713C77-26D8-4C84-A8B2-86B6BA5BE600", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.10:-:*:*:*:*:*:*", "matchCriteriaId": "051673AB-50BF-4DD0-8679-F5825520241A", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.10:h1:*:*:*:*:*:*", "matchCriteriaId": "BAC15D8A-83CA-413F-BA2B-17EC2B169F6E", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.10:h2:*:*:*:*:*:*", "matchCriteriaId": "70B3EB0C-87F1-46C2-B95C-C5808E473BD2", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.10:h3:*:*:*:*:*:*", "matchCriteriaId": "073BF631-451B-4DFC-B23C-F0F68C2450F0", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.10:h4:*:*:*:*:*:*", "matchCriteriaId": "13AA1BEF-F2F6-4534-89F3-DF4E79217978", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.10:h5:*:*:*:*:*:*", "matchCriteriaId": "CBFDE611-4981-4D92-ABAF-858DF132535F", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.10:h6:*:*:*:*:*:*", "matchCriteriaId": "AAEA66F4-81AC-49C3-81B1-65EF5F16951A", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.11:-:*:*:*:*:*:*", "matchCriteriaId": "CE68AC6C-61B6-4245-96AE-3D1F96D44721", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:12.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "7A116B32-5798-47EC-A22D-D3E960B29C07", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:12.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "F1725F67-BF14-48B4-A405-1CCA507CD553", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:12.1.4:-:*:*:*:*:*:*", "matchCriteriaId": "8C1ADE94-3F05-48EE-94E0-FD6EB682705C", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:12.1.4:h2:*:*:*:*:*:*", "matchCriteriaId": "F727C18E-1C8D-448A-954C-073294FBC65C", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:12.1.4:h3:*:*:*:*:*:*", "matchCriteriaId": "7E492BE6-EB2E-4616-85EA-3B389741301B", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:12.1.4:h5:*:*:*:*:*:*", "matchCriteriaId": "E5F85240-989D-4E2D-B2D0-F0F35E0590A4", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:12.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "FB597850-D759-4062-974D-C33B1BA62BE3", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:12.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "1507AE7A-A685-464F-BB0F-1868244A36C8", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:paloaltonetworks:prisma_access:-:*:*:*:*:*:*:*", "matchCriteriaId": "FFB6FBC7-DEEB-4571-BCF9-92345A4B614A", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", "matchCriteriaId": "ECC53672-829D-4995-A75A-CE8D3C38A3A3", "versionEndExcluding": "10.2.10", "versionStartIncluding": "10.2.0", "vulnerable": false}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", "matchCriteriaId": "A589C841-0E91-4A4E-9A90-8000C4AAB8EE", "versionEndExcluding": "11.2.7", "versionStartIncluding": "11.2.0", "vulnerable": false}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:-:*:*:*:*:*:*", "matchCriteriaId": "03C5ABF2-8C53-4376-8A64-6CB34E18E77C", "vulnerable": false}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h10:*:*:*:*:*:*", "matchCriteriaId": "FF7FCD8B-80DF-4004-A9D2-4EE884F089A6", "vulnerable": false}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h12:*:*:*:*:*:*", "matchCriteriaId": "83C9637A-B615-4CC2-84AA-BDCFE611484C", "vulnerable": false}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h14:*:*:*:*:*:*", "matchCriteriaId": "224270A7-767D-433B-AD51-C031506747C1", "vulnerable": false}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h17:*:*:*:*:*:*", "matchCriteriaId": "A532EFC6-A883-4279-8C05-9CD600B3F963", "vulnerable": false}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h18:*:*:*:*:*:*", "matchCriteriaId": "F4F20C02-DF90-4609-9254-B765481C83E0", "vulnerable": false}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h2:*:*:*:*:*:*", "matchCriteriaId": "872BC747-512A-4872-AC86-E7F1DC589F47", "vulnerable": false}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h21:*:*:*:*:*:*", "matchCriteriaId": "E5E36C87-E01D-49DC-AB73-10E5EE27F596", "vulnerable": false}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h27:*:*:*:*:*:*", "matchCriteriaId": "39437442-B24D-492F-B637-2203492327FC", "vulnerable": false}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h3:*:*:*:*:*:*", "matchCriteriaId": "67F527D0-F85B-4B83-AEA5-BA636FC89210", "vulnerable": false}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h30:*:*:*:*:*:*", "matchCriteriaId": "984BE1FB-ADB7-4831-AEDD-39DBAED078B0", "vulnerable": false}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h31:*:*:*:*:*:*", "matchCriteriaId": "AF2C954D-9763-41E3-A132-F83C82E79BC0", "vulnerable": false}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h4:*:*:*:*:*:*", "matchCriteriaId": "6CF8F985-7E51-49E6-857A-FAAF027F5611", "vulnerable": false}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h5:*:*:*:*:*:*", "matchCriteriaId": "B437DCEA-ABA3-41CA-B320-97EC430F1122", "vulnerable": false}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h7:*:*:*:*:*:*", "matchCriteriaId": "593AFE7A-CB37-4156-A2B8-646A317F3176", "vulnerable": false}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h9:*:*:*:*:*:*", "matchCriteriaId": "A9F032C2-3202-479B-8C70-277F6871A4A4", "vulnerable": false}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:-:*:*:*:*:*:*", "matchCriteriaId": "0A25C9D9-BC83-49AE-BEE7-EF05F8336B01", "vulnerable": false}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h1:*:*:*:*:*:*", "matchCriteriaId": "A93C2B58-EC78-4C3D-89FF-35D9C489E39F", "vulnerable": false}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h10:*:*:*:*:*:*", "matchCriteriaId": "A32E35C0-913E-4348-8AD4-E1F169C40C92", "vulnerable": false}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h11:*:*:*:*:*:*", "matchCriteriaId": "39112398-2A93-4E26-A7DF-0E3FA81C5130", "vulnerable": false}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h12:*:*:*:*:*:*", "matchCriteriaId": "C88442D1-599F-411D-B7A2-E17AA839F177", "vulnerable": false}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h2:*:*:*:*:*:*", "matchCriteriaId": "D12C3EB6-842E-4378-896C-FDBB2BC75D10", "vulnerable": false}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h3:*:*:*:*:*:*", "matchCriteriaId": "86B41903-FF08-454D-B626-184CB73B122E", "vulnerable": false}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h4:*:*:*:*:*:*", "matchCriteriaId": "396DC378-7716-40F6-88A4-99299A16CAF1", "vulnerable": false}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h7:*:*:*:*:*:*", "matchCriteriaId": "5E5C6E3A-262C-4212-B21C-00E8079AA8CF", "vulnerable": false}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h8:*:*:*:*:*:*", "matchCriteriaId": "4C855108-D3C9-4DE3-B9F4-9735A0A439AF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS\u00ae software allows the attacker to bypass security restrictions and establish an unauthorized VPN connection.\n\nPanorama and Cloud NGFW are not impacted by these issues."}], "id": "CVE-2026-0257", "lastModified": "2026-05-29T20:16:21.803", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NO", "Recovery": "AUTOMATIC", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "ATTACKED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "RED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:N/E:A/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:A/V:D/RE:M/U:Red", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "MODERATE"}, "source": "psirt@paloaltonetworks.com", "type": "Secondary"}]}, "published": "2026-05-13T19:17:01.040", "references": [{"source": "psirt@paloaltonetworks.com", "tags": ["Vendor Advisory"], "url": "https://security.paloaltonetworks.com/CVE-2026-0257"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-0257"}], "sourceIdentifier": "psirt@paloaltonetworks.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-565"}], "source": "psirt@paloaltonetworks.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[0,*]"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Cloud NGFW", "source": "cna", "vendor": "Palo Alto Networks"}, "product": "cloud_ngfw", "vendor": "palo_alto_networks"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[12.1.0,12.1.4-h6)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[11.2.0,11.2.4-h17)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[11.1.0,11.1.4-h33)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[10.2.0,10.2.7-h34)"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "PAN-OS", "source": "cna", "vendor": "Palo Alto Networks"}, "product": "pan-os", "vendor": "palo_alto_networks"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[10.2.0,10.2.10-h36)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[11.2.0,11.2.7-h13)"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Prisma Access", "source": "cna", "vendor": "Palo Alto Networks"}, "product": "prisma_access", "vendor": "palo_alto_networks"}], "created": "2026-05-13T20:15:04.393598+00:00", "updated": "2026-05-29T20:30:07.361158+00:00", "vendors": ["palo_alto_networks", "palo_alto_networks$PRODUCT$cloud_ngfw", "palo_alto_networks$PRODUCT$pan-os", "palo_alto_networks$PRODUCT$prisma_access"]}