CVE-2026-0266

Vulnerability

A stored cross-site scripting (XSS) vulnerability exists in the web interface of PAN-OS software versions prior to 12.1.5, 11.2.11, and 11.1.14, as well as all versions of PAN-OS 10.2. This issue allows a malicious authenticated administrator to store a JavaScript payload that can be executed by other users interacting with the web interface. The vulnerability affects PA-Series, VM-Series firewalls, and Panorama devices. Cloud NGFW and Prisma Access are not impacted [1].

Exploitation

An attacker must first possess administrative privileges and authenticated access to the PAN-OS web interface. The attacker can then inject a JavaScript payload into the web interface, which will be stored. Subsequent access to the affected web interface by other users could trigger the execution of this payload. No special configuration is required for exposure, but the risk is highest when the management interface is accessible from external IP addresses [1].

Impact

Successful exploitation of this vulnerability could lead to a low integrity impact. An attacker can store a JavaScript payload that, when executed by other users, could potentially manipulate the content displayed in their browser or perform actions on their behalf within the context of the web interface, depending on the privileges of the user viewing the content [1].

Mitigation

Palo Alto Networks has released fixed versions of PAN-OS: 12.1.5, 11.2.11, and 11.1.14. Users are advised to upgrade to these versions or later. For versions not yet patched, restricting access to the management interface via a jump box accessible only from specified IP addresses can reduce the risk of exploitation [1].