Server-Side Request Forgery (SSRF) in Palo Alto PAN-OS - CVE-2026-0285
Published: July 10, 2026
Palo Alto PAN-OS
Detailed vulnerability description
The vulnerability allows a remote user to make unauthorized requests to internal services.
The vulnerability exists due to server-side request forgery in the management web interface when handling crafted requests. A remote privileged user can send a specially crafted request to make unauthorized requests to internal services.
Exploitation requires network access to the management web interface.