Palo Alto Networks has identified a critical vulnerability in its PAN-OS software that could potentially allow attackers to execute arbitrary code or cause a denial-of-service (DoS) condition by sending specially crafted network traffic. This vulnerability, tracked as CVE-2026-0288, has been given a CVSS-B score of 9.2, indicating high severity.
Details of the Vulnerability
The flaw originates from buffer overflow issues within the User-ID Terminal Server Agent (TSA) component of PAN-OS. Attackers with network access to the TSA IP and port can exploit this vulnerability without needing authentication or user interaction, potentially leading to remote code execution or crashing the affected service.
Devices are susceptible if they have at least one Terminal Server Agent entry configured. Although some services like Panorama and Cloud NGFW on AWS are not affected, the vulnerability spans across various PAN-OS branches, including versions before 12.1.4-h8 and others.
Impact and Urgency
The risk severity is contingent on the exposure level of the devices. Those with TSA exposed to the internet or untrusted networks are at high risk (CVSS-B 9.2), while devices with restricted access have a lower risk (CVSS-B 7.7). Palo Alto Networks stresses the importance of immediate patching, as they have not detected any active exploitation yet.
For users of Prisma Access, scheduled maintenance will include updates, and on-demand upgrades are available via support. As an interim measure, limiting TSA connectivity to trusted internal IPs is advised to mitigate the risk prior to patch application.
Response and Recommendations
This vulnerability was responsibly disclosed by security researcher Liang Zhu, and Palo Alto Networks recommends rapid patch deployment across all impacted branches. Organizations with TSA configurations exposed to potential threats should prioritize immediate action to safeguard their systems.
The company has released specific patch versions for each affected branch, and users are encouraged to follow the complete advisory for detailed instructions on securing their networks against this serious threat.
In the evolving landscape of cyber threats, maintaining updated software and adhering to security best practices are essential for minimizing vulnerabilities and protecting critical infrastructure.
