OS Command Injection in Palo Alto PAN-OS - CVE-2026-0286
Published: July 10, 2026
Palo Alto PAN-OS
Detailed vulnerability description
The vulnerability allows a remote user to execute arbitrary OS commands as root.
The vulnerability exists due to improper neutralization of special elements used in an OS command in the management plane CLI when processing crafted CLI input. A remote privileged user can send crafted CLI commands to execute arbitrary OS commands as root.
This issue affects the management plane and does not require special configuration to be exposed.