CVE-2026-0243

Vulnerability

Overview

CVE-2026-0243 is a denial of Palo Alto Networks Prisma SD-WAN ION devices is a denial of service (DoS) vulnerability that stems from an unchecked input for a loop condition (CWE-606). An unauthenticated attacker in a network adjacent to the device can trigger a system disruption by sending a specially crafted IPv6 packet [1]. The vulnerability requires that IPv6 is enabled on the SD-WAN ION device [1].

Exploitation and

Attack Surface

The attack vector is adjacent network (AV:A), with low attack complexity (AC:L) and no privileges required (PR:N). The attacker does not need user interaction (UI:N) and the attack is automatable (AU:Y) [1]. The only prerequisite is that the target device has IPv6 enabled, which is a common configuration in SD-WAN deployments [1].

Impact

Successful exploitation results in a high impact on product availability (VA:H), meaning the device becomes unavailable or severely degraded. The CVSS-B score is 7.1 (Medium), with a CVSS-BT score of 4.9, reflecting a moderate response effort and a diffuse value density of diffuse [1]. There is no impact on confidentiality or integrity [1].

Mitigation

Palo Alto Networks has released fixed versions: Prisma SD-WAN ION 6.5.3-b15, 6.4.3-b8, and 6.3.6-b10, and recommends upgrading to these or later versions. Versions 6.1 and 5.6 are unaffected. No malicious exploitation has been reported as of the advisory date [1].