CVE-2026-0280

HIGH

PAN-OS: IPv6 Firewall Policy Bypass

Title source: cna
STIX 2.1

Description

An IPv6 packet processing vulnerability in the dataplane of Palo Alto Networks PAN-OS® software enables an unauthenticated attacker to bypass firewall security policy enforcement, allowing network traffic that should be blocked to reach protected services. Cloud NGFW and Panorama are not impacted by this vulnerability.

References (1)

Core 1
Core References
Vendor Advisory vendor-advisory
https://security.paloaltonetworks.com/CVE-2026-0280

Scores

CVSS v3 7.2
EPSS 0.0047
EPSS Percentile 37.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-131
Status published
Products (10)
Palo Alto Networks/Cloud NGFW All
Palo Alto Networks/PAN-OS 10.2.0 - 10.2.18-h8
Palo Alto Networks/PAN-OS 11.1.0 - 11.1.16
Palo Alto Networks/PAN-OS 11.2.0 - 11.2.13
Palo Alto Networks/PAN-OS 12.1.0 - 12.1.8
Palo Alto Networks/Panorama All
Palo Alto Networks/Prisma Access 10.2.0 - 10.2.10-h39
Palo Alto Networks/Prisma Access 11.2.0 - 11.2.7-h18
paloaltonetworks/pan-os 10.2.7 (28 CPE variants)
paloaltonetworks/pan-os 10.2.10 (14 CPE variants)
Published Jul 09, 2026
Tracked Since Jul 10, 2026