Out-of-bounds write in Palo Alto PAN-OS - CVE-2026-0288
Published: July 10, 2026
Palo Alto PAN-OS
Detailed vulnerability description
The vulnerability allows a remote attacker to cause a denial of service or execute arbitrary code.
The vulnerability exists due to out-of-bounds write in the User-ID Terminal Server Agent (TSA) component when handling network traffic. A remote attacker can send specially crafted network traffic to cause a denial of service or execute arbitrary code.
This issue only affects devices with at least one Terminal Server Agent entry configured. Panorama is not impacted.