CVE Catalog

CVE-2026-0256

MediumCVSS 4.4
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.06%

18th percentile - higher than 18% of all known CVEs

Summary

A stored cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS® software allows a malicious authenticated administrator to store a JavaScript payload using the web interface.

Risk Assessment

This vulnerability may lead to the execution of malicious code in the context of users' browsers, posing a risk of data theft or session hijacking.

Recommendation

It is recommended to update PAN-OS software to the latest version to mitigate this vulnerability and restrict web interface access to trusted administrators.

Original NVD description (English source)

A stored cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS® software enables a malicious authenticated administrator to store a JavaScript payload using the web interface. This issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series). Cloud NGFW and Prisma® Access are not impacted by this vulnerability.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS