Medium4.8Vendor: LowPalo Alto Networks Updated
CVE-2026-0266 PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the Web Interface
CVE-2026-0266 Published Jun 10, 2026
CVE-2026-0266
Affected products & platforms
Palo Alto NetworksPAN-OSFirewall
Summary
CVE-2026-0266 PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the Web Interface
Affected versions
- PAN-OS < 12.1.5
- PAN-OS < 11.2.11
- PAN-OS < 11.1.14
Official advisory · high-confidence parse· fetched 1 day ago·verify at source
Fixed versions
- PAN-OS >= 12.1.5
- PAN-OS >= 11.2.11
- PAN-OS >= 11.1.14
Official advisory · high-confidence parse· fetched 1 day ago·verify at source
Mitigation checklist
Recommended fix / mitigation
- VersionMinor VersionSuggested SolutionCloud NGFWNo action needed.
- PAN-OS 12.1 12.1.2 through 12.1.4 Upgrade to 12.1.5 or later.
- PAN-OS 11.2 11.2.0 through 11.2.10 Upgrade to 11.2.11 or later.
- PAN-OS 11.1 11.1.0 through 11.1.13 Upgrade to 11.1.14 or later.
Temporary workarounds
- No known workarounds or mitigations exist for this issue.
Official advisory · high-confidence parse· fetched 1 day ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.