Description
Multiple denial of service vulnerabilities in Palo Alto Networks PAN-OS® software allow an unauthenticated attacker with network access to cause a denial of service (DoS) condition by sending specially crafted network traffic to or through a dataplane interface. Repeated attempts to trigger this condition result in the firewall entering maintenance mode. Panorama is not impacted by these vulnerabilities.
The risk of exploitation is lower for Prisma Access as it requires an authenticated user and the external network access to the dataplane interface is restricted.
Problem types
CWE-754 Improper Check for Unusual or Exceptional Conditions
Product status
All (custom)
12.1.0 (custom) before 12.1.4-h8
11.2.0 (custom) before 11.2.4-h20
11.1.0 (custom) before 11.1.4-h35
10.2.0 (custom) before 10.2.7-h36
11.2.0 (custom) before 11.2.7-h18
10.2.0 (custom) before 10.2.10-h39
Timeline
| 2026-07-08: | Initial publication |
Credits
our internal security research teams
References
security.paloaltonetworks.com/CVE-2026-0287 (https://security.paloaltonetworks.com/CVE-2026-PAN-323400)