CVE-2026-0258
MediumCVSS 4.8Exploitation Probability (EPSS)
Low risk20th percentile - higher than 20% of all known CVEs
Summary
CVE-2026-0258 describes a server-side request forgery (SSRF) vulnerability in the IKEv2 implementation of Palo Alto Networks PAN-OS® software. It allows an unauthenticated attacker to cause the firewall to send network requests to unintended destinations or cause a denial of service (DoS) condition.
Risk Assessment
This vulnerability could lead to unauthorized access to network resources and potential service disruptions, posing a significant security threat to the organization.
Recommendation
It is recommended to update Palo Alto Networks PAN-OS® software to the latest version to mitigate the risks associated with this vulnerability.
Original NVD description (English source)
A server-side request forgery (SSRF) vulnerability in the IKEv2 implementation of Palo Alto Networks PAN-OS® software allows an unauthenticated attacker to cause the firewall to send network requests to unintended destinations or cause a denial of service (DoS) condition. Panorama, Cloud NGFW and Prisma® Access are not impacted by these vulnerabilities.

