{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-0273", "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "state": "PUBLISHED", "assignerShortName": "palo_alto", "dateReserved": "2025-11-03T20:44:32.837Z", "datePublished": "2026-06-10T21:01:45.198Z", "dateUpdated": "2026-06-10T21:01:45.198Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "shortName": "palo_alto", "dateUpdated": "2026-06-10T21:01:45.198Z"}, "title": "PAN-OS: Authenticated Admin Command Injection Vulnerability via CLI or Web UI", "datePublic": "2026-06-10T16:00:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-78", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-248", "descriptions": [{"lang": "en", "value": "CAPEC-248 Command Injection"}]}], "affected": [{"vendor": "Palo Alto Networks", "product": "Cloud NGFW", "versions": [{"status": "unaffected", "version": "All", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Palo Alto Networks", "product": "PAN-OS", "versions": [{"status": "affected", "version": "12.1.0", "lessThan": "12.1.4-h7", "changes": [{"at": "12.1.4-h7", "status": "unaffected"}, {"at": "12.1.7", "status": "unaffected"}], "versionType": "custom"}, {"status": "affected", "version": "11.2.0", "lessThan": "11.2.4-h18", "changes": [{"at": "11.2.4-h18", "status": "unaffected"}, {"at": "11.2.7-h16", "status": "unaffected"}, {"at": "11.2.10-h9", "status": "unaffected"}, {"at": "11.2.12", "status": "unaffected"}], "versionType": "custom"}, {"status": "affected", "version": "11.1.0", "lessThan": "11.1.4-h34", "changes": [{"at": "11.1.4-h34", "status": "unaffected"}, {"at": "11.1.6-h33", "status": "unaffected"}, {"at": "11.1.7-h7", "status": "unaffected"}, {"at": "11.1.10-h27", "status": "unaffected"}, {"at": "11.1.13-h7", "status": "unaffected"}, {"at": "11.1.15", "status": "unaffected"}], "versionType": "custom"}, {"status": "affected", "version": "10.2.0", "lessThan": "10.2.7-h35", "changes": [{"at": "10.2.7-h35", "status": "unaffected"}, {"at": "10.2.10-h37", "status": "unaffected"}, {"at": "10.2.13-h22", "status": "unaffected"}, {"at": "10.2.16-h8", "status": "unaffected"}, {"at": "10.2.18-h7", "status": "unaffected"}], "versionType": "custom"}], "defaultStatus": "unaffected", "cpes": ["cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h6:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h5:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h3:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h2:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h8:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h7:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h6:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h5:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h4:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h3:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h2:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h1:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h15:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h14:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h13:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h12:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h11:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h10:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h8:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h7:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h4:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h3:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h2:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h1:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h17:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h15:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h14:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h12:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h11:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h10:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h9:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h8:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h7:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h6:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h5:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h4:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h3:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h2:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h1:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.14:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h6:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h5:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h3:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h2:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h1:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h26:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h25:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h21:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h12:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h10:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h9:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h7:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h5:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h4:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h1:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h32:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h29:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h25:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h23:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h22:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h21:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h20:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h19:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h18:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h17:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h14:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h10:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h7:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h6:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h4:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h3:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h2:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h1:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h33:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h32:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h27:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h25:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h18:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h17:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h15:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h13:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h12:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h11:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h10:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h9:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h8:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h7:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h6:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h5:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h4:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h3:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h2:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h1:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h6:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h5:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h1:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h7:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h6:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h4:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h1:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h21:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h18:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h16:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h15:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h10:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h7:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h5:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h4:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h3:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h2:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h1:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h36:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h31:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h30:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h27:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h26:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h23:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h21:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h18:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h17:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h14:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h13:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h12:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h11:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h10:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h9:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h8:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h7:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h6:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h5:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h4:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h3:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h2:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h1:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h34:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h32:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h24:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h23:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h22:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h21:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h20:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h19:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h18:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h17:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h16:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h15:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h14:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h13:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h12:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h11:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h10:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h9:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h8:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h7:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h6:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h5:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h4:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h3:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h2:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h1:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*"]}, {"vendor": "Palo Alto Networks", "product": "Prisma Access", "versions": [{"status": "unaffected", "version": "All", "versionType": "custom"}], "defaultStatus": "unaffected"}], "cpeApplicability": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*", "versionEndExcluding": "12.1.4-h7", "versionStartIncluding": "12.1.4", "vulnerable": true}, {"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*", "versionEndExcluding": "12.1.7", "versionStartIncluding": "12.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*", "versionEndExcluding": "11.2.4-h18", "versionStartIncluding": "11.2.4", "vulnerable": true}, {"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*", "versionEndExcluding": "11.2.7-h16", "versionStartIncluding": "11.2.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*", "versionEndExcluding": "11.2.10-h9", "versionStartIncluding": "11.2.10", "vulnerable": true}, {"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*", "versionEndExcluding": "11.2.12", "versionStartIncluding": "11.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*", "versionEndExcluding": "11.1.4-h34", "versionStartIncluding": "11.1.4", "vulnerable": true}, {"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*", "versionEndExcluding": "11.1.6-h33", "versionStartIncluding": "11.1.6", "vulnerable": true}, {"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*", "versionEndExcluding": "11.1.7-h7", "versionStartIncluding": "11.1.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*", "versionEndExcluding": "11.1.10-h27", "versionStartIncluding": "11.1.10", "vulnerable": true}, {"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*", "versionEndExcluding": "11.1.13-h7", "versionStartIncluding": "11.1.13", "vulnerable": true}, {"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*", "versionEndExcluding": "11.1.15", "versionStartIncluding": "11.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*", "versionEndExcluding": "10.2.7-h35", "versionStartIncluding": "10.2.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*", "versionEndExcluding": "10.2.10-h37", "versionStartIncluding": "10.2.10", "vulnerable": true}, {"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*", "versionEndExcluding": "10.2.13-h22", "versionStartIncluding": "10.2.13", "vulnerable": true}, {"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*", "versionEndExcluding": "10.2.16-h8", "versionStartIncluding": "10.2.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*", "versionEndExcluding": "10.2.18-h7", "versionStartIncluding": "10.2.18", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "OR"}], "descriptions": [{"lang": "en", "value": "A command injection vulnerability in Palo Alto Networks PAN-OS\u00ae software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. To be able to exploit this issue, the user must have access to the PAN-OS CLI or Web UI.\n\nThe security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators and by restricting access to the management web interface to only trusted internal IP addresses according to our recommended best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .\n\nThis issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series).\n\nCloud NGFW and Prisma\u00ae Access are not affected by this vulnerability.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "A command injection vulnerability in Palo Alto Networks PAN-OS\u00ae software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. To be able to exploit this issue, the user must have access to the PAN-OS CLI or Web UI.<br><br>The security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators and by restricting access to the management web interface to only trusted internal IP addresses according to our recommended <a target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\">best practice deployment guidelines</a>.<br><br>This issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series).<br><br>Cloud NGFW and Prisma\u00ae Access are not affected by this vulnerability."}]}], "references": [{"url": "https://security.paloaltonetworks.com/CVE-2026-0273", "tags": ["vendor-advisory"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "The risk is highest when you allow access to the management interface from external IP addresses on the internet. Our recommendation is to remediate as soon as possible."}], "cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subAvailabilityImpact": "NONE", "exploitMaturity": "UNREPORTED", "Safety": "NOT_DEFINED", "Automatable": "NO", "Recovery": "USER", "valueDensity": "DIFFUSE", "vulnerabilityResponseEffort": "MODERATE", "providerUrgency": "AMBER", "version": "4.0", "baseSeverity": "MEDIUM", "baseScore": 6.1, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber"}}, {"format": "CVSS", "scenarios": [{"lang": "en", "value": "You can reduce the risk of exploitation by restricting access to a jump box that is the only system allowed to access the management interface. This will ensure that attacks can succeed only if they obtain privileged access through those specified IP addresses."}], "cvssV4_0": {"attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subAvailabilityImpact": "NONE", "exploitMaturity": "UNREPORTED", "Safety": "NOT_DEFINED", "Automatable": "NO", "Recovery": "USER", "valueDensity": "DIFFUSE", "vulnerabilityResponseEffort": "MODERATE", "providerUrgency": "AMBER", "version": "4.0", "baseSeverity": "MEDIUM", "baseScore": 5.7, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber"}}], "configurations": [{"lang": "eng", "value": "No special configuration is required to be affected by this issue.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "No special configuration is required to be affected by this issue."}]}], "workarounds": [{"lang": "eng", "value": "The vast majority of firewalls already follow Palo Alto Networks' and industry best practices. However, if you have not done so already, we strongly recommend that you secure access to your management interface according to our best practice deployment guidelines (https://live.paloaltonetworks.com/t5/community-blogs/critical-recommendations-for-deployment-guides-how-to-secure-the/ba-p/464431). Specifically, you should restrict management interface access to only trusted internal IP addresses.\n\nReview information about how to secure management access to your Palo Alto Networks firewalls:\n\nPalo Alto Networks LIVEcommunity article (https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431)\n\nhttps://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431Palo Alto Networks official and detailed technical documentation (https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices)", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p><span>The vast majority of firewalls already follow Palo Alto Networks' and industry best practices. However, if you have not done so already, we strongly recommend that you secure access to your management interface according to our </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/critical-recommendations-for-deployment-guides-how-to-secure-the/ba-p/464431\"><span>best practice deployment guidelines</span></a><span>. Specifically, you should restrict management interface access to only trusted internal IP addresses.</span><b><span><br></span><span><br></span></b><span>Review information about how to secure management access to your Palo Alto Networks firewalls:</span><b><span><br></span><span><br></span></b><a target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"><span>Palo Alto Networks LIVEcommunity article</span></a><b><a target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"><span><br></span><span><br></span></a></b><a target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices\"><span>Palo Alto Networks official and detailed technical documentation</span></a><br></p>"}]}], "solutions": [{"lang": "eng", "value": "VERSION MINOR VERSION RANGE SUGGESTED SOLUTION\nCloud NGFW No action needed.\nPAN-OS 12.1 12.1.5 through 12.1.6 Upgrade to 12.1.7 or later.\n\u00a0 12.1.2 through 12.1.4-h* Upgrade to 12.1.4-h7 or 12.1.7 or later.\nPAN-OS 11.2 11.2.11 or later Upgrade to 11.2.12 or later.\n 11.2.8 through 11.2.10-h* Upgrade to 11.2.10-h9 or 11.2.12 or later.\n 11.2.5 through 11.2.7-h* Upgrade to 11.2.7-h16 or 11.2.12 or later.\n 11.2.0 through 11.2.4-h* Upgrade to 11.2.4-h18 or 11.2.12 or later.\nPAN-OS 11.1 11.1.14 or later Upgrade to 11.1.15 or later.\n 11.1.11 through 11.1.13-h* Upgrade to 11.1.13-h7 or 11.1.15 or later.\n\u00a0 11.1.8 through 11.1.10-h* Upgrade to 11.1.10-h27 or 11.1.15 or later.\n 11.1.7 through 11.1.7-h* Upgrade to 11.1.7-h7 or 11.1.15 or later.\n 11.1.5 through 11.1.6-h* Upgrade to 11.1.6-h33 or 11.1.15 or later.\n 11.1.0 through 11.1.4-h* Upgrade to 11.1.4-h34 or 11.1.15 or later.\nPAN-OS 10.2 10.2.17 or later Upgrade to 10.2.18-h7 or later.\n 10.2.14 through 10.2.16-h* Upgrade to 10.2.16-h8 or 10.2.18-h7 or later.\n 10.2.11 through 10.2.13-h* Upgrade to 10.2.13-h22 or 10.2.18-h7 or later.\n 10.2.8 through 10.2.10-h* Upgrade to 10.2.10-h37 or 10.2.18-h7 or later.\n 10.2.0 through 10.2.7-h* Upgrade to 10.2.7-h35 or 10.2.18-h7 or later.\nAll other older Upgrade to a supported fixed version.\nunsupported\nPAN-OS versions\nPrisma Access No action needed.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<table class=\"tbl\"><thead><tr><th>Version</th><th>Minor Version Range</th><th>Suggested Solution</th></tr></thead><tbody><tr><td>Cloud NGFW</td><td></td><td>No action needed.</td></tr><tr><td>PAN-OS 12.1</td><td>12.1.5 through 12.1.6<br></td><td>Upgrade to 12.1.7 or later.<br></td></tr><tr><td>&nbsp;</td><td><span>12.1.2 through 12.1.4-h*</span></td><td><span>Upgrade to 12.1.4-h7 or 12.1.7 or later.</span><br></td></tr><tr><td><span>PAN-OS 11.2</span></td><td>11.2.11 or later</td><td>Upgrade to 11.2.12 or later.<br></td></tr><tr><td><br></td><td>11.2.8 through 11.2.10-h*</td><td>Upgrade to 11.2.10-h9 or 11.2.12 or later.</td></tr><tr><td><br></td><td>11.2.5 through 11.2.7-h*</td><td>Upgrade to 11.2.7-h16 or 11.2.12 or later.</td></tr><tr><td><br></td><td>11.2.0 through 11.2.4-h*</td><td>Upgrade to 11.2.4-h18 or 11.2.12 or later.</td></tr><tr><td><span>PAN-OS 11.1</span></td><td>11.1.14 or later</td><td>Upgrade to 11.1.15 or later.<br></td></tr><tr><td><br></td><td>11.1.11 through 11.1.13-h*</td><td>Upgrade to 11.1.13-h7 or 11.1.15 or later.</td></tr><tr><td>&nbsp;</td><td>11.1.8 through 11.1.10-h*</td><td>Upgrade to 11.1.10-h27 or 11.1.15 or later.</td></tr><tr><td><br></td><td>11.1.7 through 11.1.7-h*</td><td>Upgrade to 11.1.7-h7 or 11.1.15 or later.</td></tr><tr><td><br></td><td>11.1.5 through 11.1.6-h*</td><td>Upgrade to 11.1.6-h33 or 11.1.15 or later.</td></tr><tr><td><br></td><td>11.1.0 through 11.1.4-h*</td><td>Upgrade to 11.1.4-h34 or 11.1.15 or later.</td></tr><tr><td>PAN-OS 10.2<br></td><td>10.2.17 or later<br></td><td>Upgrade to 10.2.18-h7 or later.</td></tr><tr><td><br></td><td>10.2.14 through 10.2.16-h*</td><td>Upgrade to 10.2.16-h8 or 10.2.18-h7 or later.</td></tr><tr><td><br></td><td>10.2.11 through 10.2.13-h*</td><td>Upgrade to 10.2.13-h22 or 10.2.18-h7 or later.</td></tr><tr><td><br></td><td>10.2.8 through 10.2.10-h*</td><td>Upgrade to 10.2.10-h37 or 10.2.18-h7 or later.</td></tr><tr><td><br></td><td>10.2.0 through 10.2.7-h*</td><td>Upgrade to 10.2.7-h35 or 10.2.18-h7 or later.</td></tr><tr><td>All other older<br>unsupported<br>PAN-OS versions</td><td></td><td>Upgrade to a supported fixed version.</td></tr><tr><td>Prisma Access</td><td></td><td>No action needed.</td></tr></tbody></table>"}]}], "exploits": [{"lang": "en", "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."}]}], "timeline": [{"time": "2026-06-10T16:00:00.000Z", "lang": "en", "value": "Initial Publication"}], "credits": [{"lang": "en", "value": "Visa Inc. (external reporter), Rotem Bar (internal reporter), and Deep Product Security Research Team (internal reporter)", "type": "finder"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "x_affectedList": ["PAN-OS 12.1.6", "PAN-OS 12.1.5", "PAN-OS 12.1.4-h6", "PAN-OS 12.1.4-h5", "PAN-OS 12.1.4-h3", "PAN-OS 12.1.4-h2", "PAN-OS 12.1.4", "PAN-OS 12.1.3-h3", "PAN-OS 12.1.3-h1", "PAN-OS 12.1.3", "PAN-OS 12.1.2", "PAN-OS 11.2.11", "PAN-OS 11.2.10-h8", "PAN-OS 11.2.10-h7", "PAN-OS 11.2.10-h6", "PAN-OS 11.2.10-h5", "PAN-OS 11.2.10-h4", "PAN-OS 11.2.10-h3", "PAN-OS 11.2.10-h2", "PAN-OS 11.2.10-h1", "PAN-OS 11.2.10", "PAN-OS 11.2.9", "PAN-OS 11.2.8", "PAN-OS 11.2.7-h15", "PAN-OS 11.2.7-h14", "PAN-OS 11.2.7-h13", "PAN-OS 11.2.7-h12", "PAN-OS 11.2.7-h11", "PAN-OS 11.2.7-h10", "PAN-OS 11.2.7-h8", "PAN-OS 11.2.7-h7", "PAN-OS 11.2.7-h4", "PAN-OS 11.2.7-h3", "PAN-OS 11.2.7-h2", "PAN-OS 11.2.7-h1", "PAN-OS 11.2.7", "PAN-OS 11.2.6", "PAN-OS 11.2.5", "PAN-OS 11.2.4-h17", "PAN-OS 11.2.4-h15", "PAN-OS 11.2.4-h14", "PAN-OS 11.2.4-h12", "PAN-OS 11.2.4-h11", "PAN-OS 11.2.4-h10", "PAN-OS 11.2.4-h9", "PAN-OS 11.2.4-h8", "PAN-OS 11.2.4-h7", "PAN-OS 11.2.4-h6", "PAN-OS 11.2.4-h5", "PAN-OS 11.2.4-h4", "PAN-OS 11.2.4-h3", "PAN-OS 11.2.4-h2", "PAN-OS 11.2.4-h1", "PAN-OS 11.2.4", "PAN-OS 11.2.3-h5", "PAN-OS 11.2.3-h4", "PAN-OS 11.2.3-h3", "PAN-OS 11.2.3-h2", "PAN-OS 11.2.3-h1", "PAN-OS 11.2.3", "PAN-OS 11.2.2-h2", "PAN-OS 11.2.2-h1", "PAN-OS 11.2.1-h1", "PAN-OS 11.2.1", "PAN-OS 11.2.0-h1", "PAN-OS 11.2.0", "PAN-OS 11.1.14", "PAN-OS 11.1.13-h6", "PAN-OS 11.1.13-h5", "PAN-OS 11.1.13-h3", "PAN-OS 11.1.13-h2", "PAN-OS 11.1.13-h1", "PAN-OS 11.1.13", "PAN-OS 11.1.12", "PAN-OS 11.1.11", "PAN-OS 11.1.10-h26", "PAN-OS 11.1.10-h25", "PAN-OS 11.1.10-h21", "PAN-OS 11.1.10-h12", "PAN-OS 11.1.10-h10", "PAN-OS 11.1.10-h9", "PAN-OS 11.1.10-h7", "PAN-OS 11.1.10-h5", "PAN-OS 11.1.10-h4", "PAN-OS 11.1.10-h1", "PAN-OS 11.1.10", "PAN-OS 11.1.9", "PAN-OS 11.1.8", "PAN-OS 11.1.6-h32", "PAN-OS 11.1.6-h29", "PAN-OS 11.1.6-h25", "PAN-OS 11.1.6-h23", "PAN-OS 11.1.6-h22", "PAN-OS 11.1.6-h21", "PAN-OS 11.1.6-h20", "PAN-OS 11.1.6-h19", "PAN-OS 11.1.6-h18", "PAN-OS 11.1.6-h17", "PAN-OS 11.1.6-h14", "PAN-OS 11.1.6-h10", "PAN-OS 11.1.6-h7", "PAN-OS 11.1.6-h6", "PAN-OS 11.1.6-h4", "PAN-OS 11.1.6-h3", "PAN-OS 11.1.6-h2", "PAN-OS 11.1.6-h1", "PAN-OS 11.1.6", "PAN-OS 11.1.5-h1", "PAN-OS 11.1.5", "PAN-OS 11.1.4-h33", "PAN-OS 11.1.4-h32", "PAN-OS 11.1.4-h27", "PAN-OS 11.1.4-h25", "PAN-OS 11.1.4-h18", "PAN-OS 11.1.4-h17", "PAN-OS 11.1.4-h15", "PAN-OS 11.1.4-h13", "PAN-OS 11.1.4-h12", "PAN-OS 11.1.4-h11", "PAN-OS 11.1.4-h10", "PAN-OS 11.1.4-h9", "PAN-OS 11.1.4-h8", "PAN-OS 11.1.4-h7", "PAN-OS 11.1.4-h6", "PAN-OS 11.1.4-h5", "PAN-OS 11.1.4-h4", "PAN-OS 11.1.4-h3", "PAN-OS 11.1.4-h2", "PAN-OS 11.1.4-h1", "PAN-OS 11.1.4", "PAN-OS 11.1.3-h13", "PAN-OS 11.1.3-h12", "PAN-OS 11.1.3-h11", "PAN-OS 11.1.3-h10", "PAN-OS 11.1.3-h9", "PAN-OS 11.1.3-h8", "PAN-OS 11.1.3-h7", "PAN-OS 11.1.3-h6", "PAN-OS 11.1.3-h5", "PAN-OS 11.1.3-h4", "PAN-OS 11.1.3-h3", "PAN-OS 11.1.3-h2", "PAN-OS 11.1.3-h1", "PAN-OS 11.1.3", "PAN-OS 11.1.2-h18", "PAN-OS 11.1.2-h17", "PAN-OS 11.1.2-h16", "PAN-OS 11.1.2-h15", "PAN-OS 11.1.2-h14", "PAN-OS 11.1.2-h13", "PAN-OS 11.1.2-h12", "PAN-OS 11.1.2-h11", "PAN-OS 11.1.2-h10", "PAN-OS 11.1.2-h9", "PAN-OS 11.1.2-h8", "PAN-OS 11.1.2-h7", "PAN-OS 11.1.2-h6", "PAN-OS 11.1.2-h5", "PAN-OS 11.1.2-h4", "PAN-OS 11.1.2-h3", "PAN-OS 11.1.2-h2", "PAN-OS 11.1.2-h1", "PAN-OS 11.1.2", "PAN-OS 11.1.1-h2", "PAN-OS 11.1.1-h1", "PAN-OS 11.1.1", "PAN-OS 11.1.0-h4", "PAN-OS 11.1.0-h3", "PAN-OS 11.1.0-h2", "PAN-OS 11.1.0-h1", "PAN-OS 11.1.0", "PAN-OS 10.2.18-h6", "PAN-OS 10.2.18-h5", "PAN-OS 10.2.18-h1", "PAN-OS 10.2.18", "PAN-OS 10.2.17", "PAN-OS 10.2.16-h7", "PAN-OS 10.2.16-h6", "PAN-OS 10.2.16-h4", "PAN-OS 10.2.16-h1", "PAN-OS 10.2.16", "PAN-OS 10.2.15", "PAN-OS 10.2.14-h1", "PAN-OS 10.2.14", "PAN-OS 10.2.13-h21", "PAN-OS 10.2.13-h18", "PAN-OS 10.2.13-h16", "PAN-OS 10.2.13-h15", "PAN-OS 10.2.13-h10", "PAN-OS 10.2.13-h7", "PAN-OS 10.2.13-h5", "PAN-OS 10.2.13-h4", "PAN-OS 10.2.13-h3", "PAN-OS 10.2.13-h2", "PAN-OS 10.2.13-h1", "PAN-OS 10.2.13", "PAN-OS 10.2.12-h6", "PAN-OS 10.2.12-h5", "PAN-OS 10.2.12-h4", "PAN-OS 10.2.12-h3", "PAN-OS 10.2.12-h2", "PAN-OS 10.2.12-h1", "PAN-OS 10.2.12", "PAN-OS 10.2.11-h13", "PAN-OS 10.2.11-h12", "PAN-OS 10.2.11-h11", "PAN-OS 10.2.11-h10", "PAN-OS 10.2.11-h9", "PAN-OS 10.2.11-h8", "PAN-OS 10.2.11-h7", "PAN-OS 10.2.11-h6", "PAN-OS 10.2.11-h5", "PAN-OS 10.2.11-h4", "PAN-OS 10.2.11-h3", "PAN-OS 10.2.11-h2", "PAN-OS 10.2.11-h1", "PAN-OS 10.2.11", "PAN-OS 10.2.10-h36", "PAN-OS 10.2.10-h31", "PAN-OS 10.2.10-h30", "PAN-OS 10.2.10-h27", "PAN-OS 10.2.10-h26", "PAN-OS 10.2.10-h23", "PAN-OS 10.2.10-h21", "PAN-OS 10.2.10-h18", "PAN-OS 10.2.10-h17", "PAN-OS 10.2.10-h14", "PAN-OS 10.2.10-h13", "PAN-OS 10.2.10-h12", "PAN-OS 10.2.10-h11", "PAN-OS 10.2.10-h10", "PAN-OS 10.2.10-h9", "PAN-OS 10.2.10-h8", "PAN-OS 10.2.10-h7", "PAN-OS 10.2.10-h6", "PAN-OS 10.2.10-h5", "PAN-OS 10.2.10-h4", "PAN-OS 10.2.10-h3", "PAN-OS 10.2.10-h2", "PAN-OS 10.2.10-h1", "PAN-OS 10.2.10", "PAN-OS 10.2.9-h21", "PAN-OS 10.2.9-h20", "PAN-OS 10.2.9-h19", "PAN-OS 10.2.9-h18", "PAN-OS 10.2.9-h17", "PAN-OS 10.2.9-h16", "PAN-OS 10.2.9-h15", "PAN-OS 10.2.9-h14", "PAN-OS 10.2.9-h13", "PAN-OS 10.2.9-h12", "PAN-OS 10.2.9-h11", "PAN-OS 10.2.9-h10", "PAN-OS 10.2.9-h9", "PAN-OS 10.2.9-h8", "PAN-OS 10.2.9-h7", "PAN-OS 10.2.9-h6", "PAN-OS 10.2.9-h5", "PAN-OS 10.2.9-h4", "PAN-OS 10.2.9-h3", "PAN-OS 10.2.9-h2", "PAN-OS 10.2.9-h1", "PAN-OS 10.2.9", "PAN-OS 10.2.8-h21", "PAN-OS 10.2.8-h20", "PAN-OS 10.2.8-h19", "PAN-OS 10.2.8-h18", "PAN-OS 10.2.8-h17", "PAN-OS 10.2.8-h16", "PAN-OS 10.2.8-h15", "PAN-OS 10.2.8-h14", "PAN-OS 10.2.8-h13", "PAN-OS 10.2.8-h12", "PAN-OS 10.2.8-h11", "PAN-OS 10.2.8-h10", "PAN-OS 10.2.8-h9", "PAN-OS 10.2.8-h8", "PAN-OS 10.2.8-h7", "PAN-OS 10.2.8-h6", "PAN-OS 10.2.8-h5", "PAN-OS 10.2.8-h4", "PAN-OS 10.2.8-h3", "PAN-OS 10.2.8-h2", "PAN-OS 10.2.8-h1", "PAN-OS 10.2.8", "PAN-OS 10.2.7-h34", "PAN-OS 10.2.7-h32", "PAN-OS 10.2.7-h24", "PAN-OS 10.2.7-h23", "PAN-OS 10.2.7-h22", "PAN-OS 10.2.7-h21", "PAN-OS 10.2.7-h20", "PAN-OS 10.2.7-h19", "PAN-OS 10.2.7-h18", "PAN-OS 10.2.7-h17", "PAN-OS 10.2.7-h16", "PAN-OS 10.2.7-h15", "PAN-OS 10.2.7-h14", "PAN-OS 10.2.7-h13", "PAN-OS 10.2.7-h12", "PAN-OS 10.2.7-h11", "PAN-OS 10.2.7-h10", "PAN-OS 10.2.7-h9", "PAN-OS 10.2.7-h8", "PAN-OS 10.2.7-h7", "PAN-OS 10.2.7-h6", "PAN-OS 10.2.7-h5", "PAN-OS 10.2.7-h4", "PAN-OS 10.2.7-h3", "PAN-OS 10.2.7-h2", "PAN-OS 10.2.7-h1", "PAN-OS 10.2.7", "PAN-OS 10.2.6-h6", "PAN-OS 10.2.6-h5", "PAN-OS 10.2.6-h4", "PAN-OS 10.2.6-h3", "PAN-OS 10.2.6-h2", "PAN-OS 10.2.6-h1", "PAN-OS 10.2.6", "PAN-OS 10.2.5-h9", "PAN-OS 10.2.5-h8", "PAN-OS 10.2.5-h7", "PAN-OS 10.2.5-h6", "PAN-OS 10.2.5-h5", "PAN-OS 10.2.5-h4", "PAN-OS 10.2.5-h3", "PAN-OS 10.2.5-h2", "PAN-OS 10.2.5-h1", "PAN-OS 10.2.5", "PAN-OS 10.2.4-h32", "PAN-OS 10.2.4-h31", "PAN-OS 10.2.4-h30", "PAN-OS 10.2.4-h29", "PAN-OS 10.2.4-h28", "PAN-OS 10.2.4-h27", "PAN-OS 10.2.4-h26", "PAN-OS 10.2.4-h25", "PAN-OS 10.2.4-h24", "PAN-OS 10.2.4-h23", "PAN-OS 10.2.4-h22", "PAN-OS 10.2.4-h21", "PAN-OS 10.2.4-h20", "PAN-OS 10.2.4-h19", "PAN-OS 10.2.4-h18", "PAN-OS 10.2.4-h17", "PAN-OS 10.2.4-h16", "PAN-OS 10.2.4-h15", "PAN-OS 10.2.4-h14", "PAN-OS 10.2.4-h13", "PAN-OS 10.2.4-h12", "PAN-OS 10.2.4-h11", "PAN-OS 10.2.4-h10", "PAN-OS 10.2.4-h9", "PAN-OS 10.2.4-h8", "PAN-OS 10.2.4-h7", "PAN-OS 10.2.4-h6", "PAN-OS 10.2.4-h5", "PAN-OS 10.2.4-h4", "PAN-OS 10.2.4-h3", "PAN-OS 10.2.4-h2", "PAN-OS 10.2.4-h1", "PAN-OS 10.2.4", "PAN-OS 10.2.3-h14", "PAN-OS 10.2.3-h13", "PAN-OS 10.2.3-h12", "PAN-OS 10.2.3-h11", "PAN-OS 10.2.3-h10", "PAN-OS 10.2.3-h9", "PAN-OS 10.2.3-h8", "PAN-OS 10.2.3-h7", "PAN-OS 10.2.3-h6", "PAN-OS 10.2.3-h5", "PAN-OS 10.2.3-h4", "PAN-OS 10.2.3-h3", "PAN-OS 10.2.3-h2", "PAN-OS 10.2.3-h1", "PAN-OS 10.2.3", "PAN-OS 10.2.2-h6", "PAN-OS 10.2.2-h5", "PAN-OS 10.2.2-h4", "PAN-OS 10.2.2-h3", "PAN-OS 10.2.2-h2", "PAN-OS 10.2.2-h1", "PAN-OS 10.2.2", "PAN-OS 10.2.1-h3", "PAN-OS 10.2.1-h2", "PAN-OS 10.2.1-h1", "PAN-OS 10.2.1", "PAN-OS 10.2.0-h4", "PAN-OS 10.2.0-h3", "PAN-OS 10.2.0-h2", "PAN-OS 10.2.0-h1", "PAN-OS 10.2.0"]}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A command injection vulnerability in Palo Alto Networks PAN-OS\u00ae software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. To be able to exploit this issue, the user must have access to the PAN-OS CLI or Web UI.\n\nThe security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators and by restricting access to the management web interface to only trusted internal IP addresses according to our recommended best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .\n\nThis issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series).\n\nCloud NGFW and Prisma\u00ae Access are not affected by this vulnerability."}], "id": "CVE-2026-0273", "lastModified": "2026-06-10T22:16:54.730", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NO", "Recovery": "USER", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "UNREPORTED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "AMBER", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "MODERATE"}, "source": "[email protected]", "type": "Secondary"}]}, "published": "2026-06-10T22:16:54.730", "references": [{"source": "[email protected]", "url": "https://security.paloaltonetworks.com/CVE-2026-0273"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "[email protected]", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[0,*]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Cloud NGFW", "source": "cna", "vendor": "Palo Alto Networks"}, "product": "cloud_ngfw", "vendor": "palo_alto_networks"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[12.1.0,12.1.4-h7)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[11.2.0,11.2.4-h18)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[11.1.0,11.1.4-h34)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[10.2.0,10.2.7-h35)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "PAN-OS", "source": "cna", "vendor": "Palo Alto Networks"}, "product": "pan-os", "vendor": "palo_alto_networks"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[0,*]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Prisma Access", "source": "cna", "vendor": "Palo Alto Networks"}, "product": "prisma_access", "vendor": "palo_alto_networks"}], "created": "2026-06-10T22:30:22.249731+00:00", "updated": "2026-06-10T22:30:22.249796+00:00", "vendors": ["palo_alto_networks", "palo_alto_networks$PRODUCT$cloud_ngfw", "palo_alto_networks$PRODUCT$pan-os", "palo_alto_networks$PRODUCT$prisma_access"]}