SD-WAN & SASE · head-to-head
Cisco vs Palo Alto Networks
WAN-edge appliances and on-prem single-vendor SASE. Counts are scoped to this segment and the selected published-date window. Cisco carries 17.8× the disclosed CVE volume of Palo Alto Networks. Volume reflects disclosure practice and install base as much as code quality — read it with the severity mix. Sourced from the NIST NVD; lower counts indicate a smaller disclosed vulnerability surface — not necessarily lower risk.
Disclosure record
Bars are normalized per row to the larger value; the leading count is emphasized.
| Cisco | Metric | Palo Alto Networks | ||
|---|---|---|---|---|
| 71 | Total CVEs | 4 | ||
| 2 | Critical | 1 | ||
| 37 | High | 3 | ||
| 32 | Medium | 0 | ||
| 0 | Low | 0 | ||
| 1,007 | Open in latest | 1 |
Risk profile
Each severity band as a share of the vendor's own total — strips out raw volume so the profiles compare directly.
Cisco
2.8% critical- Critical
- 22.8%
- High
- 3752.1%
- Medium
- 3245.1%
- Low
- 00.0%
Palo Alto Networks
25.0% critical- Critical
- 125.0%
- High
- 375.0%
- Medium
- 00.0%
- Low
- 00.0%
Recent activity
Latest in-window disclosures per vendor, newest first. Each ID links to its NVD record.
Cisco
| CVE | Severity | CVSS | Published |
|---|---|---|---|
| CVE-2026-20046(opens NVD record) | High | 8.8 | Mar 11, 2026 |
| CVE-2026-20040(opens NVD record) | High | 8.8 | Mar 11, 2026 |
| CVE-2025-20363(opens NVD record) | Critical | 9.0 | Sep 25, 2025 |
| CVE-2025-20352(opens NVD record) | High | 7.7 | Sep 24, 2025 |
| CVE-2025-20338(opens NVD record) | Medium | 6.0 | Sep 24, 2025 |
| CVE-2025-20221(opens NVD record) | Medium | 5.3 | May 7, 2025 |
Palo Alto Networks
| CVE | Severity | CVSS | Published |
|---|---|---|---|
| CVE-2026-0257(opens NVD record) | Critical | 9.1 | May 13, 2026 |
| CVE-2026-0227(opens NVD record) | High | 7.5 | Jan 15, 2026 |
| CVE-2024-3393(opens NVD record) | High | 7.5 | Dec 27, 2024 |
| CVE-2024-8687(opens NVD record) | High | 7.1 | Sep 11, 2024 |
Track new CVEs for these vendors
Get an email the moment a new vulnerability is disclosed for the products you rely on.