CVE-2026-0256

Vulnerability Description

A stored cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS® software enables a malicious authenticated administrator to store a JavaScript payload using the web interface. This issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series). Cloud NGFW and Prisma® Access are not impacted by this vulnerability.

Related Weaknesses (CWE)

CWE-79

References

https://security.paloaltonetworks.com/CVE-2026-0256

FAQ

What is CVE-2026-0256?

CVE-2026-0256 is a documented vulnerability. A stored cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS® software enables a malicious authenticated administrator to store a JavaScript payload using the web interface. This i...

How severe is CVE-2026-0256?

CVSS scoring is not yet available for CVE-2026-0256. Check NVD for updates.

Is there a patch for CVE-2026-0256?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.