Missing Authentication for Critical Function in Palo Alto PAN-OS - CVE-2026-0283
Published: July 10, 2026
Palo Alto PAN-OS
Detailed vulnerability description
The vulnerability allows a remote attacker to bypass security restrictions and establish an unauthorized site-to-site VPN connection.
The vulnerability exists due to missing authentication for a critical function in the large scale vpn (lsvpn) functionality when handling network access to configured satellite connections. A remote attacker can send crafted connection attempts to bypass security restrictions and establish an unauthorized site-to-site VPN connection.
Only firewalls using large scale vpn (lsvpn) with configured satellites are vulnerable.