Use of cache containing sensitive information in Palo Alto PAN-OS - CVE-2026-0281
Published: July 10, 2026
Palo Alto PAN-OS
Detailed vulnerability description
The vulnerability allows a remote attacker to disclose web session tokens.
The vulnerability exists due to use of cache containing sensitive information in the management web interface when handling a malicious link clicked by a legitimate user. A remote attacker can provide a malicious link to obtain web session tokens.
User interaction is required, and a legitimate user must first click an attacker-supplied malicious link.