Use of cache containing sensitive information in Palo Alto PAN-OS - CVE-2026-0281

 

Use of cache containing sensitive information in Palo Alto PAN-OS - CVE-2026-0281

Published: July 10, 2026


Vulnerability identifier: #VU137308
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2026-0281
CWE-ID: CWE-524
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: Palo Alto Networks, Inc.
Affected software:
Palo Alto PAN-OS

Detailed vulnerability description

The vulnerability allows a remote attacker to disclose web session tokens.

The vulnerability exists due to use of cache containing sensitive information in the management web interface when handling a malicious link clicked by a legitimate user. A remote attacker can provide a malicious link to obtain web session tokens.

User interaction is required, and a legitimate user must first click an attacker-supplied malicious link.


How to mitigate CVE-2026-0281

Install security update from vendor's website.

Sources