Improper Neutralization of Special Elements in Output Used by a Downstream Component in Palo Alto PAN-OS - CVE-2026-0284

 

Improper Neutralization of Special Elements in Output Used by a Downstream Component in Palo Alto PAN-OS - CVE-2026-0284

Published: July 10, 2026


Vulnerability identifier: #VU137305
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2026-0284
CWE-ID: CWE-74
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: Palo Alto Networks, Inc.
Affected software:
Palo Alto PAN-OS

Detailed vulnerability description

The vulnerability allows a remote attacker to disclose sensitive information or corrupt internal LSVPN satellite data.

The vulnerability exists due to improper neutralization of special elements in output used by a downstream component in the Large Scale VPN (LSVPN) functionality when processing network-supplied XML content. A remote attacker can inject malicious XML content to disclose sensitive information or corrupt internal LSVPN satellite data.

Only firewalls using Large Scale VPN (LSVPN) with configured satellites are vulnerable. Panorama, Cloud NGFW, and Prisma Access are not impacted.


How to mitigate CVE-2026-0284

Install security update from vendor's website.

Sources