Cross-site scripting in Palo Alto PAN-OS - CVE-2026-0279
Published: July 10, 2026
Palo Alto PAN-OS
Detailed vulnerability description
The vulnerability allows a remote attacker to execute malicious JavaScript payload.
The vulnerability exists due to cross-site scripting in the User-ID Authentication Portal, GlobalProtect gateway/portal features, and Clientless VPN when handling web content. A remote attacker can store or execute a malicious JavaScript payload to execute malicious JavaScript payload.
User interaction is required for exploitation.