Palo Alto Networks: Eight Vulnerabilities Disclosed on June 10, 2026
Key findings • Eight vulnerabilities disclosed by Palo Alto Networks on June 10, 2026. • Affected products include PAN-OS, Cortex XSOAR, GlobalProtect App, and Prisma Access Agent. • Vuln…
Key findings
- Eight vulnerabilities disclosed by Palo Alto Networks on June 10, 2026.
- Affected products include PAN-OS, Cortex XSOAR, GlobalProtect App, and Prisma Access Agent.
- Vulnerabilities range from low to high severity, with one high-severity flaw in Cortex XSOAR.
- Issues include command injection, privilege escalation, path traversal, and XSS.
- Palo Alto Networks has released advisories and patches for all disclosed vulnerabilities.
On June 10, 2026, Palo Alto Networks released security advisories for eight distinct vulnerabilities impacting several of its key products, including PAN-OS, Cortex XSOAR, GlobalProtect App, and Prisma Access Agent. The disclosed issues, which span a range of severity levels from low to high, were all published on the same day, indicating a coordinated disclosure event by the vendor.
Several vulnerabilities were identified within the PAN-OS operating system. CVE-2026-0273 describes an authenticated administrator command injection vulnerability accessible via the CLI or Web UI. Additionally, CVE-2026-0272 details a privilege escalation vulnerability specifically within the PAN-OS Command Line Interface (CLI). A low-severity stored cross-site scripting (XSS) vulnerability in the PAN-OS Web Interface was also disclosed as CVE-2026-0266.
The Cortex XSOAR platform is affected by two vulnerabilities. CVE-2026-0270 is a path traversal vulnerability, while CVE-2026-0274 involves improper validation of credentials within the CommvaultSecurityIQ integration, rated as high severity. This latter vulnerability could potentially allow unauthorized access or actions within integrated systems.
Further vulnerabilities impact endpoint and access solutions. CVE-2026-0267, a medium-severity information exposure vulnerability, affects the GlobalProtect App on macOS. The Prisma Access Agent is subject to two distinct issues: CVE-2026-0268, a local authenticated VPN enforcement bypass on Linux, and CVE-2026-0271, a local privilege escalation vulnerability for authorized users.
All eight vulnerabilities have been addressed by Palo Alto Networks, with specific patches and recommended versions available through the vendor's security advisories. Users are strongly encouraged to consult the individual advisories for detailed information on affected versions and remediation steps. The coordinated disclosure of these vulnerabilities highlights the ongoing need for diligent security patching and monitoring across Palo Alto Networks' product ecosystem.
This batch of disclosures underscores the importance of staying current with security updates for network and security infrastructure. While most vulnerabilities were rated medium, the presence of a high-severity flaw in Cortex XSOAR and command injection/privilege escalation issues in PAN-OS warrant immediate attention from administrators managing these systems. Users should prioritize reviewing their configurations and applying necessary updates to mitigate potential risks.