Incorrect Calculation of Buffer Size in Palo Alto PAN-OS - CVE-2026-0280
Published: July 10, 2026
Palo Alto PAN-OS
Detailed vulnerability description
The vulnerability allows a remote attacker to bypass firewall security policy enforcement.
The vulnerability exists due to incorrect calculation of buffer size in the dataplane when processing IPv6 packets. A remote attacker can send crafted network traffic to bypass firewall security policy enforcement.
Only firewalls with IPv6 enabled on one or more interfaces are vulnerable. Cloud NGFW and Panorama are not impacted by this vulnerability.