Palo Alto Networks has released security advisories detailing 13 vulnerabilities affecting its software solutions. The company’s latest updates also address over 500 issues recently patched by Google in the Chromium browser, which is utilized in Palo Alto’s Prisma browser.
Details of the Critical Vulnerability
The most critical of these vulnerabilities, identified as CVE-2026-0288, involves multiple buffer overflow issues in the PAN-OS software, which is integral to Palo Alto’s firewalls. This high-severity flaw can potentially be exploited by an unauthenticated attacker with network access to induce a denial-of-service (DoS) state and execute arbitrary code.
Organizations can mitigate the risk of exploitation by implementing best practices, such as restricting User-ID Terminal Server Agent (TSA) access to trusted internal IPs.
Medium and Low Severity Flaws
Seven patched vulnerabilities are classified as medium severity. Five of these affect PAN-OS, potentially leading to DoS conditions, unauthorized internal service requests, information leaks, and authentication bypass. Exploitation of these issues generally requires admin-level access.
Additional medium-severity issues impacting the Prisma Access Agent could allow attackers to perform man-in-the-middle attacks, intercept VPN traffic, and bypass data loss prevention policies.
There are also five low-severity vulnerabilities that, despite their lower rating, can lead to privilege escalation, firewall policy bypass, and unauthorized actions like file deletion and information disclosure.
Proactive Measures and Discoveries
While Palo Alto Networks has not detected any active exploitation of these vulnerabilities, the company stresses the importance of applying the latest patches to prevent potential attacks. The firm notes an increase in internally discovered vulnerabilities, attributing this to its enhanced use of artificial intelligence technologies.
External researchers have contributed to identifying several of the patched flaws, demonstrating a collaborative effort in addressing cybersecurity threats.
Organizations are encouraged to remain vigilant and ensure their systems are up-to-date with the latest security patches to maintain a robust defense against potential threats.
