Vendor scorecard
Palo Alto Networks
PAN-OS firewalls, Panorama management and the Prisma cloud-security line.
CPE: paloaltonetworks
Product families
5
Open in latest
93
Inferred — see methodology
Last disclosure
May 13, 2026
01
Product categories
5 trackedCVE volume, severity mix and the inferred latest shipping version per category.
| Category | CVEs | Volume | Severity mix | Open | Inferred latest |
|---|---|---|---|---|---|
| PAN-OSNGFW / Network Security · Network Detection / IDS-IPSpan-os | 5 | 76 | 11.2.10HIGH | ||
| PrismaSD-WAN & SASEprisma_cloud, prisma_access, prisma_sd-wan | 2 | 1 | 32.05.124MED | ||
| PanoramaNetwork Management & Monitoringpanorama | 0 | 0 | unknown | ||
| CortexNetwork Detection / IDS-IPScortex_xdr, cortex_xsoar, cortex_xsiam | 0 | 8 | 6.10.0.185964MED | ||
| GlobalProtectSecure Remote Access / VPN · Zero-Trust / ZTNAglobalprotect | 0 | 9 | 6.3.3HIGH |
02
Recent CVEs
5 shownMost recently published, newest first. Each ID links to its NVD record.
| CVE | Severity | CVSS | Summary | Published |
|---|---|---|---|---|
| CVE-2026-0257(opens NVD record) | Critical | 9.1 | Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS® software allows the attacker to bypass security restrictions and establish an unauthorized VPN connection. Panorama and Cloud NGFW are not impacted by these issues. | May 13, 2026 |
| CVE-2026-0300(opens NVD record) | Critical | 9.8 | A buffer overflow vulnerability in the User-ID™ Authentication Portal (aka Captive Portal) service of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets. The risk of this issue is greatly reduced if you secure access to the User-ID™ Authentication Portal per the best practice guidelines https://knowledgebase.paloaltonetworks.com/KCSArticleDetail by restricting access to only trusted internal IP addresses. Prisma Access, Cloud NGFW and Panorama appliances are not impacted by this vulnerability. | May 6, 2026 |
| CVE-2026-0227(opens NVD record) | High | 7.5 | A vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to cause a denial of service (DoS) to the firewall. Repeated attempts to trigger this issue results in the firewall entering into maintenance mode. | Jan 15, 2026 |
| CVE-2025-4615(opens NVD record) | High | 7.2 | An improper input neutralization vulnerability in the management web interface of the Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and execute arbitrary commands. The security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators. Cloud NGFW and Prisma® Access are not affected by this vulnerability. | Oct 9, 2025 |
| CVE-2025-4614(opens NVD record) | Low | 2.7 | An information disclosure vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to view session tokens of users authenticated to the firewall web UI. This may allow impersonation of users whose session tokens are leaked. The security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators. Cloud NGFW and Prisma® Access are not affected by this vulnerability. | Oct 9, 2025 |
5 CVEs · 5 product families