PAN-OS: Privilege Escalation (PE) Vulnerability in the Command Line Interface (CLI)
Summary
| CVE | CVE-2026-0272 |
|---|---|
| State | PUBLISHED |
| Assigner | palo_alto |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2026-06-10 22:16:54 UTC |
| Updated | 2026-06-11 15:21:30 UTC |
| Description | A privilege escalation vulnerability in Palo Alto Networks PAN-OS® software allows an authenticated administrator with access to the Command Line Interface (CLI) to perform actions on the device with root privileges. The security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators and by restricting access to the management interface to only trusted internal IP addresses according to our recommended best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . This issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series). Cloud NGFW, and Prisma® Access are not impacted by this vulnerability. |
Risk And Classification
Primary CVSS: v4.0 6 MEDIUM from [email protected]
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:M/U:Amber
EPSS: 0.002290000 probability, percentile 0.134720000 (date 2026-06-17)
Problem Types: CWE-862 | CWE-862 CWE-862 Missing Authorization
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 4.0 | [email protected] | Secondary | 6 | MEDIUM | CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/C... |
| 4.0 | CNA | CVSS | 6 | MEDIUM | CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/A... |
| 4.0 | CNA | CVSS | 5.6 | MEDIUM | CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/A... |
CVSS v4.0 Breakdown
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:M/U:Amber
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Palo Alto Networks | Cloud NGFW | unaffected All custom | Not specified |
| CNA | Palo Alto Networks | PAN-OS | affected 12.1.0 12.1.4-h7 custom | Not specified |
| CNA | Palo Alto Networks | PAN-OS | affected 11.2.0 11.2.4-h18 custom | Not specified |
| CNA | Palo Alto Networks | PAN-OS | affected 11.1.0 11.1.4-h34 custom | Not specified |
| CNA | Palo Alto Networks | PAN-OS | affected 10.2.0 10.2.7-h35 custom | Not specified |
| CNA | Palo Alto Networks | Prisma Access | unaffected All custom | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| security.paloaltonetworks.com/CVE-2026-0272 | [email protected] | security.paloaltonetworks.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
CNA: Palo Alto Networks thanks an external reporter, Frigo, for discovering and reporting this issue. (en)
Additional Advisory Data
| Source | Time | Event |
|---|---|---|
| CNA | 2026-06-10T16:00:00.000Z | Initial publication. |
Solutions
CNA: VERSION MINOR VERSION RANGE SUGGESTED SOLUTION Cloud NGFW No action needed. PAN-OS 12.1 12.1.2 through 12.1.4-h* Upgrade to 12.1.4-h7 or 12.1.5 or later. PAN-OS 11.2 11.2.8 through 11.2.10-h* Upgrade to 11.2.10-h9 or 11.2.11 or later. 11.2.5 through 11.2.7-h* Upgrade to 11.2.7-h16 or 11.2.11 or later. 11.2.0 through 11.2.4-h* Upgrade to 11.2.4-h18 or 11.2.11 or later. PAN-OS 11.1 11.1.11 through 11.1.13-h* Upgrade to 11.1.13-h7 or 11.1.14 or later. 11.1.7 through 11.1.10-h* Upgrade to 11.1.10-h27 or 11.1.14 or later. 11.1.5 through 11.1.6-h* Upgrade to 11.1.6-h33 or 11.1.14 or later. 11.1.0 through 11.1.4-h* Upgrade to 11.1.4-h34 or 11.1.14 or later. PAN-OS 10.2 10.2.17 through 10.2.18-h* Upgrade to 10.2.18-h5 or later. 10.2.14 through 10.2.16-h* Upgrade to 10.2.16-h8 or 10.2.18-h5 or later. 10.2.11 through 10.2.13-h* Upgrade to 10.2.13-h22 or 10.2.18-h5 or later. 10.2.8 through 10.2.10-h* Upgrade to 10.2.10-h37 or 10.2.18-h5 or later. 10.2.0 through 10.2.7-h* Upgrade to 10.2.7-h35 or 10.2.18-h5 or later. All other older Upgrade to a supported fixed version. unsupported PAN-OS versions Prisma Access No action needed.
Workarounds
CNA: The vast majority of firewalls already follow Palo Alto Networks' and industry best practices. However, if you have not already, we strongly recommend that you secure access to your management interface according to our best practice deployment guidelines (https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431). Specifically, you should restrict management interface access to only trusted internal IP addresses. Review information about how to secure management access to your Palo Alto Networks firewalls: * Palo Alto Networks LIVEcommunity article (https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431) * Palo Alto Networks official and detailed technical documentation (https://docs.paloaltonetworks.com/best-practices/10-1/administrative-access-best-practices/administrative-access-best-practices/deploy-administrative-access-best-practices)
Exploits
CNA: Palo Alto Networks is not aware of any malicious exploitation of this issue.