CVE-2026-0244 | THREATINT

Description

An improper certificate validation vulnerability in the Palo Alto Networks Prisma SD-WAN ION enables man-in-the-middle (MitM) attacker to impersonate the controller.

PUBLISHED Reserved 2025-11-03 | Published 2026-05-13 | Updated 2026-05-13 | Assigner palo_alto

MEDIUM: 5.2CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:Y/R:U/V:D/RE:M/U:Amber

Problem types

CWE-295 Improper Certificate Validation

Product status

Default status

unaffected

6.5.0 (custom) before 6.5.3-b15

affected

6.4.0 (custom) before 6.4.3-b8

affected

6.3.0 (custom) before 6.3.6-b10

affected

6.1.0 (custom)

unaffected

5.6.0 (custom)

unaffected

Timeline

2026-05-13:

Initial publication.

Credits

Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue. other

References

security.paloaltonetworks.com/CVE-2026-0244 vendor-advisory

cve.org (CVE-2026-0244)

nvd.nist.gov (CVE-2026-0244)

Download JSON