CVE-2026-0256
MediumCVSS 4.4Exploitation Probability (EPSS)
Low risk18th percentile - higher than 18% of all known CVEs
Summary
A stored cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS® software allows a malicious authenticated administrator to store a JavaScript payload using the web interface.
Risk Assessment
This vulnerability may lead to the execution of malicious code in the context of users' browsers, posing a risk of data theft or session hijacking.
Recommendation
It is recommended to update PAN-OS software to the latest version to mitigate this vulnerability and restrict web interface access to trusted administrators.
Original NVD description (English source)
A stored cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS® software enables a malicious authenticated administrator to store a JavaScript payload using the web interface. This issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series). Cloud NGFW and Prisma® Access are not impacted by this vulnerability.

