FKIE_CVE-2026-0263
Vulnerability from fkie_nvd - Published: 2026-05-13 18:16 - Updated: 2026-07-14 14:49
Severity
Summary
A buffer overflow vulnerability in the IKEv2 processing of Palo Alto Networks PAN-OS® software allows an unauthenticated network-based attacker to execute arbitrary code with elevated privileges on the firewall, or cause a denial of service (DoS) condition.
Panorama, Cloud NGFW, and Prisma® Access are not impacted by these vulnerabilities.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@paloaltonetworks.com | https://security.paloaltonetworks.com/CVE-2026-0263 | Vendor Advisory |
Impacted products
{
"affected": [
{
"affectedData": [
{
"defaultStatus": "unaffected",
"product": "Cloud NGFW",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "unaffected",
"version": "All",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h12:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h11:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h8:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h15:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h14:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h12:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h11:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h9:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h8:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.14:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h21:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h12:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h9:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h29:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h25:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h23:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h22:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h21:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h20:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h19:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h18:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h17:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h14:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h32:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h27:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h25:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h18:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h17:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h15:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h13:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h12:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h11:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h9:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h8:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "PAN-OS",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "12.1.7",
"status": "unaffected"
},
{
"at": "12.1.4-h5",
"status": "unaffected"
}
],
"lessThan": "12.1.7, 12.1.4-h5",
"status": "affected",
"version": "12.1.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "11.2.12",
"status": "unaffected"
},
{
"at": "11.2.10-h6",
"status": "unaffected"
},
{
"at": "11.2.7-h13",
"status": "unaffected"
},
{
"at": "11.2.4-h17",
"status": "unaffected"
}
],
"lessThan": "11.2.12, 11.2.10-h6, 11.2.7-h13, 11.2.4-h17",
"status": "affected",
"version": "11.2.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "11.1.15",
"status": "unaffected"
},
{
"at": "11.1.13-h5",
"status": "unaffected"
},
{
"at": "11.1.10-h25",
"status": "unaffected"
},
{
"at": "11.1.7-h6",
"status": "unaffected"
},
{
"at": "11.1.6-h32",
"status": "unaffected"
},
{
"at": "11.1.4-h33",
"status": "unaffected"
}
],
"lessThan": "11.1.15, 11.1.13-h5, 11.1.10-h25, 11.1.7-h6, 11.1.6-h32, 11.1.4-h33",
"status": "affected",
"version": "11.1.0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "10.2.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Prisma Access",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "unaffected",
"version": "All",
"versionType": "custom"
}
]
}
],
"source": "psirt@paloaltonetworks.com"
}
],
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "459485B4-47FF-4A5F-9249-AE0445A0096A",
"versionEndExcluding": "11.1.4",
"versionStartIncluding": "11.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F35F4848-BBF3-4B43-9E5C-98E7AB437FF2",
"versionEndExcluding": "11.1.6",
"versionStartIncluding": "11.1.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "45D0EA32-45AE-4411-8E14-43B74715387C",
"versionEndExcluding": "11.1.10",
"versionStartIncluding": "11.1.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D9CE1AA7-46F4-4740-BF21-EE6732134D57",
"versionEndExcluding": "11.1.13",
"versionStartIncluding": "11.1.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:-:*:*:*:*:*:*",
"matchCriteriaId": "DF83EAA1-49E1-4AD0-A049-F1B3065950BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h1:*:*:*:*:*:*",
"matchCriteriaId": "BE3F7369-9F35-409A-9F47-45A959592DFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h10:*:*:*:*:*:*",
"matchCriteriaId": "6650937C-D778-4B5D-AA28-E7DA96DDAB7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h11:*:*:*:*:*:*",
"matchCriteriaId": "DB835E23-6984-413D-A870-8734E626D219",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h12:*:*:*:*:*:*",
"matchCriteriaId": "FD247097-EEC7-48E7-9C14-3314900BD5F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h13:*:*:*:*:*:*",
"matchCriteriaId": "FD701663-4C57-4115-BD59-9DFFB504E2AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h15:*:*:*:*:*:*",
"matchCriteriaId": "82816C09-6A9D-4AB2-AA55-62CC714CCA82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h16:*:*:*:*:*:*",
"matchCriteriaId": "9AA9F77D-BC9C-4A2C-8988-6DEE65CD9C8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h17:*:*:*:*:*:*",
"matchCriteriaId": "A5A3CEBF-9F8A-47F9-A302-7C395F2A8146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h18:*:*:*:*:*:*",
"matchCriteriaId": "A79B51D2-74E8-4BA3-AE33-829A9C1776E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h2:*:*:*:*:*:*",
"matchCriteriaId": "83A04AA3-4B6C-4B75-9797-74FA230FD299",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h25:*:*:*:*:*:*",
"matchCriteriaId": "E08297B1-95E9-4730-B59D-252B958C4199",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h27:*:*:*:*:*:*",
"matchCriteriaId": "B56B153E-8693-4257-9E33-38904A949ED8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h3:*:*:*:*:*:*",
"matchCriteriaId": "AECB34F6-76F3-46E4-8F08-8570247AC281",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h32:*:*:*:*:*:*",
"matchCriteriaId": "A220ED95-5E1A-45AA-85BD-8A58CFC6C697",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h4:*:*:*:*:*:*",
"matchCriteriaId": "E9DB4DA9-2262-4E9E-B3A1-49D261D01295",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h5:*:*:*:*:*:*",
"matchCriteriaId": "552C1E17-E4A7-462C-97E4-AF14C00B89FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h6:*:*:*:*:*:*",
"matchCriteriaId": "1EB942A4-026C-494D-A1DD-96259354CB0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h7:*:*:*:*:*:*",
"matchCriteriaId": "4852E738-990C-4DD2-8252-D4625D843A99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h8:*:*:*:*:*:*",
"matchCriteriaId": "010E5816-BB0D-438B-A280-AF35B435DCFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h9:*:*:*:*:*:*",
"matchCriteriaId": "CB2C59F8-2583-4510-90F8-500F8329AFFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:-:*:*:*:*:*:*",
"matchCriteriaId": "52C50A07-F4D8-4F1F-BA61-3429BB1721BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h1:*:*:*:*:*:*",
"matchCriteriaId": "9D12FF27-C186-467C-8627-1284EBC67243",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h10:*:*:*:*:*:*",
"matchCriteriaId": "AF4AA997-35BC-4BC1-9EF2-644503B2D806",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h14:*:*:*:*:*:*",
"matchCriteriaId": "12EF4DDF-9773-4B02-8FF4-F94A1D49E6AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h17:*:*:*:*:*:*",
"matchCriteriaId": "8FAE17BB-7938-41D0-8D62-46F829C647BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h18:*:*:*:*:*:*",
"matchCriteriaId": "2682D64E-79A4-4522-8742-7EF1637764AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h19:*:*:*:*:*:*",
"matchCriteriaId": "6DA5A0AD-C4FB-4210-8651-F94F2875A0EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h2:*:*:*:*:*:*",
"matchCriteriaId": "45D633D7-A4B5-4D68-9BAB-D9BA25877F36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h20:*:*:*:*:*:*",
"matchCriteriaId": "B79DB477-A907-4300-A651-16F93880B049",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h21:*:*:*:*:*:*",
"matchCriteriaId": "AF74D8FA-677F-484D-9338-A1761614FFD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h22:*:*:*:*:*:*",
"matchCriteriaId": "F9FC5118-4056-4E22-A1F0-D6FFA2B88472",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h23:*:*:*:*:*:*",
"matchCriteriaId": "5E7A808F-F52F-4786-950C-591CCADB2EE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h25:*:*:*:*:*:*",
"matchCriteriaId": "0CA82012-AA59-44C1-BB9D-0B28764D507E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h29:*:*:*:*:*:*",
"matchCriteriaId": "27233F80-A620-42D3-927D-4FCDE6345456",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h3:*:*:*:*:*:*",
"matchCriteriaId": "63729FA6-ED2A-4593-9436-232F282A0A78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h4:*:*:*:*:*:*",
"matchCriteriaId": "F39792EF-61B5-4874-9FD0-7544F8C5C0D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h5:*:*:*:*:*:*",
"matchCriteriaId": "CCC24BCD-E508-4553-9BAC-468A1078C9A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h6:*:*:*:*:*:*",
"matchCriteriaId": "4A06B6F4-DCAE-4115-93D4-25D0A37AAB9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h7:*:*:*:*:*:*",
"matchCriteriaId": "91529C45-FA55-4844-A153-682F729F440D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.7:-:*:*:*:*:*:*",
"matchCriteriaId": "64B56778-2698-493D-80AD-B4AE81F48124",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.7:h1:*:*:*:*:*:*",
"matchCriteriaId": "0A9D3E2E-BA37-4F2A-BD43-97DD93E43D08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.7:h2:*:*:*:*:*:*",
"matchCriteriaId": "9DCE8F6C-541E-4C61-ABC8-4A618B0DD58D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.7:h4:*:*:*:*:*:*",
"matchCriteriaId": "1E5EF79B-1A25-4AAB-AF2E-D151359E7FFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:-:*:*:*:*:*:*",
"matchCriteriaId": "A92886DF-C989-47AD-8F68-8F468BBC6E57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:h1:*:*:*:*:*:*",
"matchCriteriaId": "9893920B-A00E-4890-A897-EE1CF0751BA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:h10:*:*:*:*:*:*",
"matchCriteriaId": "D1289923-12D8-4FDD-B18B-C52516F14922",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:h12:*:*:*:*:*:*",
"matchCriteriaId": "AFC923D7-672D-4556-8344-BBD285324067",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:h21:*:*:*:*:*:*",
"matchCriteriaId": "E1510DE9-04A3-4E08-872D-C0F6041BCFCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:h4:*:*:*:*:*:*",
"matchCriteriaId": "31CD3B15-2CE0-404A-9542-9C39B8E71027",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:h5:*:*:*:*:*:*",
"matchCriteriaId": "0194DA0B-041A-4810-8BFB-2308290517B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:h7:*:*:*:*:*:*",
"matchCriteriaId": "69E64D86-034F-4BC7-9A4E-2703D834EBC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:h9:*:*:*:*:*:*",
"matchCriteriaId": "B992628F-1114-4FC8-9364-800ACE997044",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.13:-:*:*:*:*:*:*",
"matchCriteriaId": "9223B0D4-6194-4684-8EF4-84A0EF511D8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.13:h1:*:*:*:*:*:*",
"matchCriteriaId": "CB16C018-2B70-4F4D-9025-69FF82CD40F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.13:h2:*:*:*:*:*:*",
"matchCriteriaId": "1259B519-130D-4584-86AA-E4EA1E89ACB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.13:h3:*:*:*:*:*:*",
"matchCriteriaId": "0DCA6D54-E623-4985-B35F-AC98299828EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.14:-:*:*:*:*:*:*",
"matchCriteriaId": "20A38461-BC7E-4D75-A168-FA493955A54C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7E4D3A51-0A40-4B19-AAFC-A2484B1CF5D7",
"versionEndExcluding": "11.2.4",
"versionStartIncluding": "11.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A52983E4-71BF-46D7-8A4A-D199F7DCAA36",
"versionEndExcluding": "11.2.7",
"versionStartIncluding": "11.2.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "85010E8F-E824-4C69-9B59-58DB01789ECB",
"versionEndExcluding": "11.2.10",
"versionStartIncluding": "11.2.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:-:*:*:*:*:*:*",
"matchCriteriaId": "C01AD190-F3C2-4349-A063-8C5C78B725B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h1:*:*:*:*:*:*",
"matchCriteriaId": "30F4CD1C-6862-4279-8D2D-40B4D164222F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h10:*:*:*:*:*:*",
"matchCriteriaId": "8137F3AF-BA32-41BC-AD2E-A668FFA33892",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h11:*:*:*:*:*:*",
"matchCriteriaId": "8C977AF0-D2B0-401A-A7C5-A1C71AC3C072",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h12:*:*:*:*:*:*",
"matchCriteriaId": "B9C0A53F-2AFE-4B0D-AEC1-464E6001E02F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h14:*:*:*:*:*:*",
"matchCriteriaId": "D720448D-F40B-4C92-9101-A48AC36C9CBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h15:*:*:*:*:*:*",
"matchCriteriaId": "5F12F7AC-D5B3-499E-87DA-27427D8BFFC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h2:*:*:*:*:*:*",
"matchCriteriaId": "A52B7A7A-483A-4075-B1E9-5C14B66F7FC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h3:*:*:*:*:*:*",
"matchCriteriaId": "6E46608E-682E-47B8-B810-8714571286C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h4:*:*:*:*:*:*",
"matchCriteriaId": "76949F0F-2ADC-492F-83F0-0A1B0E861F97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h5:*:*:*:*:*:*",
"matchCriteriaId": "C1DD83BC-4E8E-4C1D-80C7-A6209B4E70CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h6:*:*:*:*:*:*",
"matchCriteriaId": "73888909-64C5-41BC-BAE0-BD9BDEEAF723",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h7:*:*:*:*:*:*",
"matchCriteriaId": "E7861D82-815D-4894-9E11-1B6B1E66CDEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h8:*:*:*:*:*:*",
"matchCriteriaId": "D269E33D-9A79-40CC-B79A-C9A398AB7AFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h9:*:*:*:*:*:*",
"matchCriteriaId": "9762E441-856F-466F-812C-798CA2EEF965",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:-:*:*:*:*:*:*",
"matchCriteriaId": "0A25C9D9-BC83-49AE-BEE7-EF05F8336B01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h1:*:*:*:*:*:*",
"matchCriteriaId": "A93C2B58-EC78-4C3D-89FF-35D9C489E39F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h10:*:*:*:*:*:*",
"matchCriteriaId": "A32E35C0-913E-4348-8AD4-E1F169C40C92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h11:*:*:*:*:*:*",
"matchCriteriaId": "39112398-2A93-4E26-A7DF-0E3FA81C5130",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h12:*:*:*:*:*:*",
"matchCriteriaId": "C88442D1-599F-411D-B7A2-E17AA839F177",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h2:*:*:*:*:*:*",
"matchCriteriaId": "D12C3EB6-842E-4378-896C-FDBB2BC75D10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h3:*:*:*:*:*:*",
"matchCriteriaId": "86B41903-FF08-454D-B626-184CB73B122E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h4:*:*:*:*:*:*",
"matchCriteriaId": "396DC378-7716-40F6-88A4-99299A16CAF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h7:*:*:*:*:*:*",
"matchCriteriaId": "5E5C6E3A-262C-4212-B21C-00E8079AA8CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h8:*:*:*:*:*:*",
"matchCriteriaId": "4C855108-D3C9-4DE3-B9F4-9735A0A439AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.10:-:*:*:*:*:*:*",
"matchCriteriaId": "051673AB-50BF-4DD0-8679-F5825520241A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.10:h1:*:*:*:*:*:*",
"matchCriteriaId": "BAC15D8A-83CA-413F-BA2B-17EC2B169F6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.10:h2:*:*:*:*:*:*",
"matchCriteriaId": "70B3EB0C-87F1-46C2-B95C-C5808E473BD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.10:h3:*:*:*:*:*:*",
"matchCriteriaId": "073BF631-451B-4DFC-B23C-F0F68C2450F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.10:h4:*:*:*:*:*:*",
"matchCriteriaId": "13AA1BEF-F2F6-4534-89F3-DF4E79217978",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.10:h5:*:*:*:*:*:*",
"matchCriteriaId": "CBFDE611-4981-4D92-ABAF-858DF132535F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.11:-:*:*:*:*:*:*",
"matchCriteriaId": "CE68AC6C-61B6-4245-96AE-3D1F96D44721",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "181F9096-34AB-483A-B33F-F4A7F250052F",
"versionEndExcluding": "12.1.4",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D1EA4C4A-D7DC-4A63-B109-9C9328772E9E",
"versionEndExcluding": "12.1.7",
"versionStartIncluding": "12.1.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:12.1.4:-:*:*:*:*:*:*",
"matchCriteriaId": "8C1ADE94-3F05-48EE-94E0-FD6EB682705C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:12.1.4:h2:*:*:*:*:*:*",
"matchCriteriaId": "F727C18E-1C8D-448A-954C-073294FBC65C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:12.1.4:h3:*:*:*:*:*:*",
"matchCriteriaId": "7E492BE6-EB2E-4616-85EA-3B389741301B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow vulnerability in the IKEv2 processing of Palo Alto Networks PAN-OS\u00ae software allows an unauthenticated network-based attacker to execute arbitrary code with elevated privileges on the firewall, or cause a denial of service (DoS) condition.\n\n\nPanorama, Cloud NGFW, and Prisma\u00ae Access are not impacted by these vulnerabilities."
}
],
"id": "CVE-2026-0263",
"lastModified": "2026-07-14T14:49:23.970",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "UNREPORTED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "RED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:C/RE:H/U:Red",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "HIGH"
},
"source": "psirt@paloaltonetworks.com",
"type": "Secondary"
}
],
"ssvcV203": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"ssvcData": {
"id": "CVE-2026-0263",
"options": [
{
"exploitation": "none"
},
{
"automatable": "no"
},
{
"technicalImpact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-13T00:00:00+00:00",
"version": "2.0.3"
}
}
]
},
"published": "2026-05-13T18:16:14.003",
"references": [
{
"source": "psirt@paloaltonetworks.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2026-0263"
}
],
"sourceIdentifier": "psirt@paloaltonetworks.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "psirt@paloaltonetworks.com",
"type": "Secondary"
}
]
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…