Home

Description

An IPv6 packet processing vulnerability in the dataplane of Palo Alto Networks PAN-OS® software enables an unauthenticated attacker to bypass firewall security policy enforcement, allowing network traffic that should be blocked to reach protected services. Cloud NGFW and Panorama are not impacted by this vulnerability.

PUBLISHED Reserved 2025-11-03 | Published 2026-07-09 | Updated 2026-07-09 | Assigner palo_alto




LOW: 1.7CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/AU:Y/V:D/RE:M/U:Amber

Problem types

CWE-131 Incorrect Calculation of Buffer Size

Product status

Default status
unaffected

All (custom)
unaffected

Default status
unaffected

12.1.0 (custom) before 12.1.8
affected

11.2.0 (custom) before 11.2.13
affected

11.1.0 (custom) before 11.1.16
affected

10.2.0 (custom) before 10.2.18-h8
affected

Default status
unaffected

All (custom)
unaffected

Default status
unaffected

11.2.0 (custom) before 11.2.7-h18
affected

10.2.0 (custom) before 10.2.10-h39
affected

Timeline

2026-07-08:Initial Publication

Credits

Curious of TRAPA Security finder

References

security.paloaltonetworks.com/CVE-2026-0280 vendor-advisory

cve.org (CVE-2026-0280)

nvd.nist.gov (CVE-2026-0280)

Download JSON