VYPR
Vypr IntelligenceAI-generatedJul 8, 2026· 10 CVEs

Palo Alto PAN-OS: Ten Vulnerabilities Disclosed Together, Including High-Severity Code Execution Flaw

Palo Alto Networks patched ten PAN-OS vulnerabilities on July 8, 2026, including a high-severity flaw in the User-ID TSA component that could lead to code execution.

Key findings

  • Ten PAN-OS vulnerabilities disclosed simultaneously on July 8, 2026, ranging from low to high severity.
  • High-severity CVE-2026-0288 in User-ID TSA allows for potential arbitrary code execution.
  • Vulnerabilities impact diverse PAN-OS components including web interface, LSVPN, and CLI.
  • Multiple CVEs address information disclosure, SSRF, authentication bypass, and command injection.
  • Palo Alto Networks has issued specific advisories for each disclosed vulnerability.

On July 8, 2026, Palo Alto Networks addressed a batch of ten vulnerabilities in its PAN-OS network security operating system. The disclosures, all published simultaneously by the vendor, span a range of severities from low to high, impacting various components including the management web interface, Large Scale VPN (LSVPN), User-ID Terminal Server Agent (TSA), and the Command Line Interface (CLI). The most critical of these, CVE-2026-0288, is a high-severity buffer overflow vulnerability in the User-ID TSA component.

Several vulnerabilities affect the management web interface. CVE-2026-0281 is a low-severity information disclosure flaw, while CVE-2026-0285 presents a medium-severity Server-Side Request Forgery (SSRF) risk. Additionally, CVE-2026-0282, another low-severity issue, allows for file deletion.

The Large Scale VPN (LSVPN) component is also impacted. CVE-2026-0283 and CVE-2026-0284 are medium-severity vulnerabilities, involving authentication bypass and XML injection, respectively.

Other notable vulnerabilities include CVE-2026-0279, a set of low-severity Cross-Site Scripting (XSS) flaws, and CVE-2026-0286, a medium-severity authenticated command injection vulnerability accessible via the CLI. CVE-2026-0287, a medium-severity denial-of-service vulnerability, affects network traffic processing. Lastly, CVE-2026-0280 is a low-severity IPv6 firewall policy bypass.

The high-severity CVE-2026-0288, described as multiple buffer overflow vulnerabilities in the User-ID Terminal Server Agent, carries a CVSS-B score of 9.2 and has been assigned the highest urgency rating by Palo Alto Networks. Exploitation could lead to arbitrary code execution or denial-of-service conditions. This vulnerability affects devices with a Terminal Server Agent configured and accessible via the network.

Palo Alto Networks has released security advisories for each CVE, providing detailed information and mitigation strategies. Users are strongly advised to consult the specific advisories for each vulnerability and apply any necessary patches or updates to secure their PAN-OS deployments. The coordinated disclosure of these ten vulnerabilities underscores the importance of timely patching and security vigilance for PAN-OS users.

AI-written article. Grounded in 10 CVE records listed below.