{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-0258", "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "state": "PUBLISHED", "assignerShortName": "palo_alto", "dateReserved": "2025-11-03T20:44:18.750Z", "datePublished": "2026-05-13T18:08:36.338Z", "dateUpdated": "2026-05-13T18:58:00.878Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "shortName": "palo_alto", "dateUpdated": "2026-05-13T18:08:36.338Z"}, "title": "PAN-OS: Server-Side Request Forgery (SSRF) in IKEv2 Certificate URL Fetching", "datePublic": "2026-05-13T16:00:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-918", "description": "CWE-918 Server-Side Request Forgery (SSRF)", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-664", "descriptions": [{"lang": "en", "value": "CAPEC-664 Server-Side Request Forgery"}]}], "affected": [{"vendor": "Palo Alto Networks", "product": "Cloud NGFW", "versions": [{"status": "unaffected", "version": "All", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Palo Alto Networks", "product": "PAN-OS", "versions": [{"status": "affected", "version": "12.1.0", "lessThan": "12.1.7, 12.1.4-h5", "changes": [{"at": "12.1.4-h5", "status": "unaffected"}, {"at": "12.1.7", "status": "unaffected"}], "versionType": "custom"}, {"status": "affected", "version": "11.2.0", "lessThan": "11.2.12, 11.2.10-h6, 11.2.7-h13, 11.2.4-h17", "changes": [{"at": "11.2.4-h17", "status": "unaffected"}, {"at": "11.2.7-h13", "status": "unaffected"}, {"at": "11.2.10-h6", "status": "unaffected"}, {"at": "11.2.12", "status": "unaffected"}], "versionType": "custom"}, {"status": "affected", "version": "11.1.0", "lessThan": "11.1.15, 11.1.13-h5, 11.1.10-h25, 11.1.7-h6, 11.1.6-h32, 11.1.4-h33", "changes": [{"at": "11.1.4-h33", "status": "unaffected"}, {"at": "11.1.6-h32", "status": "unaffected"}, {"at": "11.1.7-h6", "status": "unaffected"}, {"at": "11.1.10-h25", "status": "unaffected"}, {"at": "11.1.13-h5", "status": "unaffected"}, {"at": "11.1.15", "status": "unaffected"}], "versionType": "custom"}, {"status": "affected", "version": "10.2.0", "lessThan": "10.2.18-h6, 10.2.16-h7, 10.2.13-h21, 10.2.10-h36, 10.2.7-h34", "changes": [{"at": "10.2.7-h34", "status": "unaffected"}, {"at": "10.2.10-h36", "status": "unaffected"}, {"at": "10.2.13-h21", "status": "unaffected"}, {"at": "10.2.16-h7", "status": "unaffected"}, {"at": "10.2.18-h6", "status": "unaffected"}], "versionType": "custom"}], "defaultStatus": "unaffected", "cpes": ["cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h3:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h2:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h5:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h4:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h3:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h2:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h1:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h12:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h11:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h10:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h8:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h7:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h4:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h3:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h2:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h1:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h15:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h14:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h12:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h11:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h10:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h9:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h8:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h7:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h6:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h5:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h4:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h3:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h2:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h1:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.14:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h3:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h2:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h1:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h21:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h12:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h10:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h9:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h7:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h5:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h4:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h1:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h29:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h25:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h23:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h22:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h21:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h20:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h19:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h18:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h17:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h14:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h10:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h7:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h6:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h4:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h3:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h2:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h1:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h32:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h27:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h25:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h18:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h17:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h15:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h13:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h12:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h11:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h10:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h9:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h8:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h7:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h6:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h5:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h4:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h3:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h2:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h1:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h5:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h1:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h6:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h4:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h1:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h18:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h16:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h15:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h10:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h7:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h5:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h4:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h3:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h2:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h1:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h31:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h30:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h27:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h26:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h23:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h21:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h18:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h17:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h14:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h13:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h12:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h11:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h10:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h9:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h8:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h7:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h6:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h5:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h4:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h3:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h2:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h1:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h32:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h24:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h23:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h22:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h21:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h20:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h19:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h18:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h17:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h16:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h15:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h14:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h13:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h12:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h11:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h10:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h9:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h8:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h7:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h6:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h5:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h4:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h3:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h2:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h1:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*"]}, {"vendor": "Palo Alto Networks", "product": "Prisma Access", "versions": [{"status": "unaffected", "version": "All", "versionType": "custom"}], "defaultStatus": "unaffected"}], "cpeApplicability": [{"operator": "OR", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:a:palo_alto_networks:cloud_ngfw:all:*:*:*:*:*:*:*"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.1.0", "versionEndExcluding": "12.1.7_12.1.4-h5"}, {"vulnerable": true, "criteria": "cpe:2.3:a:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*", "versionStartIncluding": "11.2.0", "versionEndExcluding": "11.2.12_11.2.10-h6_11.2.7-h13_11.2.4-h17"}, {"vulnerable": true, "criteria": "cpe:2.3:a:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*", "versionStartIncluding": "11.1.0", "versionEndExcluding": "11.1.15_11.1.13-h5_11.1.10-h25_11.1.7-h6_11.1.6-h32_11.1.4-h33"}, {"vulnerable": true, "criteria": "cpe:2.3:a:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*", "versionStartIncluding": "10.2.0", "versionEndExcluding": "10.2.18-h6_10.2.16-h7_10.2.13-h21_10.2.10-h36_10.2.7-h34"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:a:palo_alto_networks:prisma_access:all:*:*:*:*:*:*:*"}]}]}], "descriptions": [{"lang": "en", "value": "A server-side request forgery (SSRF) vulnerability in the IKEv2 implementation of Palo Alto Networks PAN-OS\u00ae software allows an unauthenticated attacker to cause the firewall to send network requests to unintended destinations or cause a denial of service (DoS) condition.\n\n\n\nPanorama, Cloud NGFW and Prisma\u00ae Access are not impacted by these vulnerabilities.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>A server-side request forgery (SSRF) vulnerability in the IKEv2 implementation of Palo Alto Networks PAN-OS\u00ae software allows an unauthenticated attacker to cause the firewall to send network requests to unintended destinations or cause a denial of service (DoS) condition.</p><p>Panorama, Cloud NGFW and Prisma<span>\u00ae</span> Access are not impacted by these vulnerabilities.</p>"}]}], "references": [{"url": "https://security.paloaltonetworks.com/CVE-2026-0258", "tags": ["vendor-advisory"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subAvailabilityImpact": "NONE", "exploitMaturity": "UNREPORTED", "Safety": "NOT_DEFINED", "Automatable": "YES", "Recovery": "USER", "valueDensity": "CONCENTRATED", "vulnerabilityResponseEffort": "HIGH", "providerUrgency": "AMBER", "version": "4.0", "baseSeverity": "MEDIUM", "baseScore": 4.8, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/AU:Y/R:U/V:C/RE:H/U:Amber"}}], "configurations": [{"lang": "eng", "value": "This issue is applicable only to PAN-OS configurations with a PAN-OS Site-to-Site VPN Gateway with IKEv2 configured.\n\nTo verify if you have Site-to-Site VPN Gateway that is configured with IKEv2 on a device please refer to our documentation (https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClGkCAK).", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>This issue is applicable only to PAN-OS configurations with a PAN-OS Site-to-Site VPN Gateway with IKEv2 configured.</p><p>To verify if you have Site-to-Site VPN Gateway that is configured with IKEv2 on a device please&nbsp;<a target=\"_blank\" rel=\"nofollow\" href=\"https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClGkCAK\">refer to our documentation</a>.</p>"}]}], "workarounds": [{"lang": "eng", "value": "Customers who do not require IKEv2 VPN can mitigate this issue by removing all IKEv2 VPN gateway configurations.\n\nCustomers with a Threat Prevention subscription can block attacks for this vulnerability by enabling Threat ID 510014 (from Applications and Threats content version 9100-10044).", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>Customers who do not require IKEv2 VPN can mitigate this issue by removing all IKEv2 VPN gateway configurations.</p><p>Customers with a Threat Prevention subscription can block attacks for this vulnerability by enabling Threat ID 510014 (from Applications and Threats content version 9100-10044).<br></p>"}]}], "solutions": [{"lang": "eng", "value": "VERSION MINOR VERSION SUGGESTED SOLUTION\nCloud NGFW No action needed\nPAN-OS 12.1 12.1.5 through 12.1.6 Upgrade to 12.1.7 or later.\n 12.1.2 through 12.1.4-h* Upgrade to 12.1.4-h5 or 12.1.7 or later.\nPAN-OS 11.2 11.2.11 or later Upgrade to 11.2.12 or later.\n 11.2.8 through 11.2.10-h* Upgrade to 11.2.10-h6 or 11.2.12 or later.\n 11.2.5 through 11.2.7-h* Upgrade to 11.2.7-h13 or 11.2.12 or later.\n 11.2.0 through 11.2.4-h* Upgrade to 11.2.4-h17 or 11.2.12 or later.\nPAN-OS 11.1 11.1.14 or later Upgrade to 11.1.15 or later.\n 11.1.11 through 11.1.13-h* Upgrade to 11.1.13-h5 or 11.1.15 or later.\n 11.1.8 through 11.1.10-h* Upgrade to 11.1.10-h25 or 11.1.15 or later.\n 11.1.7 through 11.1.7-h* Upgrade to 11.1.7-h6 or 11.1.15 or later.\n 11.1.5 through 11.1.6-h* Upgrade to 11.1.6-h32 or 11.1.15 or later.\n 11.1.0 through 11.1.4-h* Upgrade to 11.1.4-h33 or 11.1.15 or later.\nPAN-OS 10.2 10.2.17 through 10.2.18-h* Upgrade to 10.2.18-h6 or later.\n 10.2.14 through 10.2.16-h* Upgrade to 10.2.16-h7 or 10.2.18-h6 or later.\n 10.2.11 through 10.2.13-h* Upgrade to 10.2.13-h21 or 10.2.18-h6 or later.\n 10.2.8 through 10.2.10-h* Upgrade to 10.2.10-h36 or 10.2.18-h6 or later.\n 10.2.0 through 10.2.7-h* Upgrade to 10.2.7-h34 or 10.2.18-h6 or later\nPrisma Access No action needed. \nAll older unsupported PAN-OS versions Upgrade to a supported fixed version.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<table class=\"tbl\"><thead><tr><th>Version</th><th>Minor Version</th><th>Suggested Solution</th></tr></thead><tbody><tr><td> Cloud NGFW</td><td>&nbsp;</td><td>No action needed</td></tr><tr><td>PAN-OS 12.1</td><td>12.1.5 through 12.1.6</td><td>Upgrade to 12.1.7 or later.</td></tr><tr><td><br></td><td>12.1.2 through 12.1.4-h*</td><td>Upgrade to 12.1.4-h5 or 12.1.7 or later.</td></tr><tr><td>PAN-OS 11.2</td><td>11.2.11 or later</td><td>Upgrade to 11.2.12 or later.</td></tr><tr><td><br></td><td>11.2.8 through 11.2.10-h*</td><td>Upgrade to 11.2.10-h6 or 11.2.12 or later.</td></tr><tr><td><br></td><td>11.2.5 through 11.2.7-h*</td><td>Upgrade to 11.2.7-h13 or 11.2.12 or later.</td></tr><tr><td><br></td><td>11.2.0 through 11.2.4-h*</td><td>Upgrade to 11.2.4-h17 or 11.2.12 or later.</td></tr><tr><td>PAN-OS 11.1</td><td>11.1.14 or later</td><td>Upgrade to 11.1.15 or later.</td></tr><tr><td><br></td><td>11.1.11 through 11.1.13-h*</td><td>Upgrade to 11.1.13-h5 or 11.1.15 or later.</td></tr><tr><td><br></td><td>11.1.8 through 11.1.10-h*</td><td>Upgrade to 11.1.10-h25 or 11.1.15 or later.</td></tr><tr><td><br></td><td>11.1.7 through 11.1.7-h*</td><td>Upgrade to 11.1.7-h6 or 11.1.15 or later.</td></tr><tr><td><br></td><td>11.1.5 through 11.1.6-h*</td><td>Upgrade to 11.1.6-h32 or 11.1.15 or later.</td></tr><tr><td><br></td><td>11.1.0 through 11.1.4-h*</td><td>Upgrade to 11.1.4-h33 or 11.1.15 or later.</td></tr><tr><td>PAN-OS 10.2</td><td>10.2.17 through 10.2.18-h*</td><td>Upgrade to 10.2.18-h6 or later.</td></tr><tr><td>&nbsp;</td><td>10.2.14 through 10.2.16-h*</td><td>Upgrade to 10.2.16-h7 or 10.2.18-h6 or later.</td></tr><tr><td><br></td><td>10.2.11 through 10.2.13-h*</td><td>Upgrade to 10.2.13-h21 or 10.2.18-h6 or later.</td></tr><tr><td><br></td><td>10.2.8 through 10.2.10-h*</td><td>Upgrade to 10.2.10-h36 or 10.2.18-h6 or later.</td></tr><tr><td>&nbsp;</td><td>10.2.0 through 10.2.7-h*</td><td>Upgrade to 10.2.7-h34 or 10.2.18-h6 or later</td></tr><tr><td>Prisma Access&nbsp;</td><td><br></td><td>No action needed.&nbsp;</td></tr><tr><td> All older unsupported PAN-OS versions</td><td>&nbsp;</td><td> Upgrade to a supported fixed version.</td></tr></tbody></table>"}]}], "exploits": [{"lang": "en", "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>Palo Alto Networks is not aware of any malicious exploitation of this issue.</p>"}]}], "timeline": [{"time": "2026-05-13T16:00:00.000Z", "lang": "en", "value": "Initial publication."}], "credits": [{"lang": "en", "value": "Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue.", "type": "other"}], "source": {"discovery": "INTERNAL"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "x_affectedList": ["PAN-OS 12.1.6", "PAN-OS 12.1.5", "PAN-OS 12.1.4-h3", "PAN-OS 12.1.4-h2", "PAN-OS 12.1.4", "PAN-OS 12.1.3-h3", "PAN-OS 12.1.3-h1", "PAN-OS 12.1.3", "PAN-OS 12.1.2", "PAN-OS 11.2.11", "PAN-OS 11.2.10-h5", "PAN-OS 11.2.10-h4", "PAN-OS 11.2.10-h3", "PAN-OS 11.2.10-h2", "PAN-OS 11.2.10-h1", "PAN-OS 11.2.10", "PAN-OS 11.2.9", "PAN-OS 11.2.8", "PAN-OS 11.2.7-h12", "PAN-OS 11.2.7-h11", "PAN-OS 11.2.7-h10", "PAN-OS 11.2.7-h8", "PAN-OS 11.2.7-h7", "PAN-OS 11.2.7-h4", "PAN-OS 11.2.7-h3", "PAN-OS 11.2.7-h2", "PAN-OS 11.2.7-h1", "PAN-OS 11.2.7", "PAN-OS 11.2.6", "PAN-OS 11.2.5", "PAN-OS 11.2.4-h15", "PAN-OS 11.2.4-h14", "PAN-OS 11.2.4-h12", "PAN-OS 11.2.4-h11", "PAN-OS 11.2.4-h10", "PAN-OS 11.2.4-h9", "PAN-OS 11.2.4-h8", "PAN-OS 11.2.4-h7", "PAN-OS 11.2.4-h6", "PAN-OS 11.2.4-h5", "PAN-OS 11.2.4-h4", "PAN-OS 11.2.4-h3", "PAN-OS 11.2.4-h2", "PAN-OS 11.2.4-h1", "PAN-OS 11.2.4", "PAN-OS 11.2.3-h5", "PAN-OS 11.2.3-h4", "PAN-OS 11.2.3-h3", "PAN-OS 11.2.3-h2", "PAN-OS 11.2.3-h1", "PAN-OS 11.2.3", "PAN-OS 11.2.2-h2", "PAN-OS 11.2.2-h1", "PAN-OS 11.2.1-h1", "PAN-OS 11.2.1", "PAN-OS 11.2.0-h1", "PAN-OS 11.2.0", "PAN-OS 11.1.14", "PAN-OS 11.1.13-h3", "PAN-OS 11.1.13-h2", "PAN-OS 11.1.13-h1", "PAN-OS 11.1.13", "PAN-OS 11.1.12", "PAN-OS 11.1.11", "PAN-OS 11.1.10-h21", "PAN-OS 11.1.10-h12", "PAN-OS 11.1.10-h10", "PAN-OS 11.1.10-h9", "PAN-OS 11.1.10-h7", "PAN-OS 11.1.10-h5", "PAN-OS 11.1.10-h4", "PAN-OS 11.1.10-h1", "PAN-OS 11.1.10", "PAN-OS 11.1.9", "PAN-OS 11.1.8", "PAN-OS 11.1.6-h29", "PAN-OS 11.1.6-h25", "PAN-OS 11.1.6-h23", "PAN-OS 11.1.6-h22", "PAN-OS 11.1.6-h21", "PAN-OS 11.1.6-h20", "PAN-OS 11.1.6-h19", "PAN-OS 11.1.6-h18", "PAN-OS 11.1.6-h17", "PAN-OS 11.1.6-h14", "PAN-OS 11.1.6-h10", "PAN-OS 11.1.6-h7", "PAN-OS 11.1.6-h6", "PAN-OS 11.1.6-h4", "PAN-OS 11.1.6-h3", "PAN-OS 11.1.6-h2", "PAN-OS 11.1.6-h1", "PAN-OS 11.1.6", "PAN-OS 11.1.5-h1", "PAN-OS 11.1.5", "PAN-OS 11.1.4-h32", "PAN-OS 11.1.4-h27", "PAN-OS 11.1.4-h25", "PAN-OS 11.1.4-h18", "PAN-OS 11.1.4-h17", "PAN-OS 11.1.4-h15", "PAN-OS 11.1.4-h13", "PAN-OS 11.1.4-h12", "PAN-OS 11.1.4-h11", "PAN-OS 11.1.4-h10", "PAN-OS 11.1.4-h9", "PAN-OS 11.1.4-h8", "PAN-OS 11.1.4-h7", "PAN-OS 11.1.4-h6", "PAN-OS 11.1.4-h5", "PAN-OS 11.1.4-h4", "PAN-OS 11.1.4-h3", "PAN-OS 11.1.4-h2", "PAN-OS 11.1.4-h1", "PAN-OS 11.1.4", "PAN-OS 11.1.3-h13", "PAN-OS 11.1.3-h12", "PAN-OS 11.1.3-h11", "PAN-OS 11.1.3-h10", "PAN-OS 11.1.3-h9", "PAN-OS 11.1.3-h8", "PAN-OS 11.1.3-h7", "PAN-OS 11.1.3-h6", "PAN-OS 11.1.3-h5", "PAN-OS 11.1.3-h4", "PAN-OS 11.1.3-h3", "PAN-OS 11.1.3-h2", "PAN-OS 11.1.3-h1", "PAN-OS 11.1.3", "PAN-OS 11.1.2-h18", "PAN-OS 11.1.2-h17", "PAN-OS 11.1.2-h16", "PAN-OS 11.1.2-h15", "PAN-OS 11.1.2-h14", "PAN-OS 11.1.2-h13", "PAN-OS 11.1.2-h12", "PAN-OS 11.1.2-h11", "PAN-OS 11.1.2-h10", "PAN-OS 11.1.2-h9", "PAN-OS 11.1.2-h8", "PAN-OS 11.1.2-h7", "PAN-OS 11.1.2-h6", "PAN-OS 11.1.2-h5", "PAN-OS 11.1.2-h4", "PAN-OS 11.1.2-h3", "PAN-OS 11.1.2-h2", "PAN-OS 11.1.2-h1", "PAN-OS 11.1.2", "PAN-OS 11.1.1-h2", "PAN-OS 11.1.1-h1", "PAN-OS 11.1.1", "PAN-OS 11.1.0-h4", "PAN-OS 11.1.0-h3", "PAN-OS 11.1.0-h2", "PAN-OS 11.1.0-h1", "PAN-OS 11.1.0", "PAN-OS 10.2.18-h5", "PAN-OS 10.2.18-h1", "PAN-OS 10.2.18", "PAN-OS 10.2.17", "PAN-OS 10.2.16-h6", "PAN-OS 10.2.16-h4", "PAN-OS 10.2.16-h1", "PAN-OS 10.2.16", "PAN-OS 10.2.15", "PAN-OS 10.2.14-h1", "PAN-OS 10.2.14", "PAN-OS 10.2.13-h18", "PAN-OS 10.2.13-h16", "PAN-OS 10.2.13-h15", "PAN-OS 10.2.13-h10", "PAN-OS 10.2.13-h7", "PAN-OS 10.2.13-h5", "PAN-OS 10.2.13-h4", "PAN-OS 10.2.13-h3", "PAN-OS 10.2.13-h2", "PAN-OS 10.2.13-h1", "PAN-OS 10.2.13", "PAN-OS 10.2.12-h6", "PAN-OS 10.2.12-h5", "PAN-OS 10.2.12-h4", "PAN-OS 10.2.12-h3", "PAN-OS 10.2.12-h2", "PAN-OS 10.2.12-h1", "PAN-OS 10.2.12", "PAN-OS 10.2.11-h13", "PAN-OS 10.2.11-h12", "PAN-OS 10.2.11-h11", "PAN-OS 10.2.11-h10", "PAN-OS 10.2.11-h9", "PAN-OS 10.2.11-h8", "PAN-OS 10.2.11-h7", "PAN-OS 10.2.11-h6", "PAN-OS 10.2.11-h5", "PAN-OS 10.2.11-h4", "PAN-OS 10.2.11-h3", "PAN-OS 10.2.11-h2", "PAN-OS 10.2.11-h1", "PAN-OS 10.2.11", "PAN-OS 10.2.10-h31", "PAN-OS 10.2.10-h30", "PAN-OS 10.2.10-h27", "PAN-OS 10.2.10-h26", "PAN-OS 10.2.10-h23", "PAN-OS 10.2.10-h21", "PAN-OS 10.2.10-h18", "PAN-OS 10.2.10-h17", "PAN-OS 10.2.10-h14", "PAN-OS 10.2.10-h13", "PAN-OS 10.2.10-h12", "PAN-OS 10.2.10-h11", "PAN-OS 10.2.10-h10", "PAN-OS 10.2.10-h9", "PAN-OS 10.2.10-h8", "PAN-OS 10.2.10-h7", "PAN-OS 10.2.10-h6", "PAN-OS 10.2.10-h5", "PAN-OS 10.2.10-h4", "PAN-OS 10.2.10-h3", "PAN-OS 10.2.10-h2", "PAN-OS 10.2.10-h1", "PAN-OS 10.2.10", "PAN-OS 10.2.9-h21", "PAN-OS 10.2.9-h20", "PAN-OS 10.2.9-h19", "PAN-OS 10.2.9-h18", "PAN-OS 10.2.9-h17", "PAN-OS 10.2.9-h16", "PAN-OS 10.2.9-h15", "PAN-OS 10.2.9-h14", "PAN-OS 10.2.9-h13", "PAN-OS 10.2.9-h12", "PAN-OS 10.2.9-h11", "PAN-OS 10.2.9-h10", "PAN-OS 10.2.9-h9", "PAN-OS 10.2.9-h8", "PAN-OS 10.2.9-h7", "PAN-OS 10.2.9-h6", "PAN-OS 10.2.9-h5", "PAN-OS 10.2.9-h4", "PAN-OS 10.2.9-h3", "PAN-OS 10.2.9-h2", "PAN-OS 10.2.9-h1", "PAN-OS 10.2.9", "PAN-OS 10.2.8-h21", "PAN-OS 10.2.8-h20", "PAN-OS 10.2.8-h19", "PAN-OS 10.2.8-h18", "PAN-OS 10.2.8-h17", "PAN-OS 10.2.8-h16", "PAN-OS 10.2.8-h15", "PAN-OS 10.2.8-h14", "PAN-OS 10.2.8-h13", "PAN-OS 10.2.8-h12", "PAN-OS 10.2.8-h11", "PAN-OS 10.2.8-h10", "PAN-OS 10.2.8-h9", "PAN-OS 10.2.8-h8", "PAN-OS 10.2.8-h7", "PAN-OS 10.2.8-h6", "PAN-OS 10.2.8-h5", "PAN-OS 10.2.8-h4", "PAN-OS 10.2.8-h3", "PAN-OS 10.2.8-h2", "PAN-OS 10.2.8-h1", "PAN-OS 10.2.8", "PAN-OS 10.2.7-h32", "PAN-OS 10.2.7-h24", "PAN-OS 10.2.7-h23", "PAN-OS 10.2.7-h22", "PAN-OS 10.2.7-h21", "PAN-OS 10.2.7-h20", "PAN-OS 10.2.7-h19", "PAN-OS 10.2.7-h18", "PAN-OS 10.2.7-h17", "PAN-OS 10.2.7-h16", "PAN-OS 10.2.7-h15", "PAN-OS 10.2.7-h14", "PAN-OS 10.2.7-h13", "PAN-OS 10.2.7-h12", "PAN-OS 10.2.7-h11", "PAN-OS 10.2.7-h10", "PAN-OS 10.2.7-h9", "PAN-OS 10.2.7-h8", "PAN-OS 10.2.7-h7", "PAN-OS 10.2.7-h6", "PAN-OS 10.2.7-h5", "PAN-OS 10.2.7-h4", "PAN-OS 10.2.7-h3", "PAN-OS 10.2.7-h2", "PAN-OS 10.2.7-h1", "PAN-OS 10.2.7", "PAN-OS 10.2.6-h6", "PAN-OS 10.2.6-h5", "PAN-OS 10.2.6-h4", "PAN-OS 10.2.6-h3", "PAN-OS 10.2.6-h2", "PAN-OS 10.2.6-h1", "PAN-OS 10.2.6", "PAN-OS 10.2.5-h9", "PAN-OS 10.2.5-h8", "PAN-OS 10.2.5-h7", "PAN-OS 10.2.5-h6", "PAN-OS 10.2.5-h5", "PAN-OS 10.2.5-h4", "PAN-OS 10.2.5-h3", "PAN-OS 10.2.5-h2", "PAN-OS 10.2.5-h1", "PAN-OS 10.2.5", "PAN-OS 10.2.4-h32", "PAN-OS 10.2.4-h31", "PAN-OS 10.2.4-h30", "PAN-OS 10.2.4-h29", "PAN-OS 10.2.4-h28", "PAN-OS 10.2.4-h27", "PAN-OS 10.2.4-h26", "PAN-OS 10.2.4-h25", "PAN-OS 10.2.4-h24", "PAN-OS 10.2.4-h23", "PAN-OS 10.2.4-h22", "PAN-OS 10.2.4-h21", "PAN-OS 10.2.4-h20", "PAN-OS 10.2.4-h19", "PAN-OS 10.2.4-h18", "PAN-OS 10.2.4-h17", "PAN-OS 10.2.4-h16", "PAN-OS 10.2.4-h15", "PAN-OS 10.2.4-h14", "PAN-OS 10.2.4-h13", "PAN-OS 10.2.4-h12", "PAN-OS 10.2.4-h11", "PAN-OS 10.2.4-h10", "PAN-OS 10.2.4-h9", "PAN-OS 10.2.4-h8", "PAN-OS 10.2.4-h7", "PAN-OS 10.2.4-h6", "PAN-OS 10.2.4-h5", "PAN-OS 10.2.4-h4", "PAN-OS 10.2.4-h3", "PAN-OS 10.2.4-h2", "PAN-OS 10.2.4-h1", "PAN-OS 10.2.4", "PAN-OS 10.2.3-h14", "PAN-OS 10.2.3-h13", "PAN-OS 10.2.3-h12", "PAN-OS 10.2.3-h11", "PAN-OS 10.2.3-h10", "PAN-OS 10.2.3-h9", "PAN-OS 10.2.3-h8", "PAN-OS 10.2.3-h7", "PAN-OS 10.2.3-h6", "PAN-OS 10.2.3-h5", "PAN-OS 10.2.3-h4", "PAN-OS 10.2.3-h3", "PAN-OS 10.2.3-h2", "PAN-OS 10.2.3-h1", "PAN-OS 10.2.3", "PAN-OS 10.2.2-h6", "PAN-OS 10.2.2-h5", "PAN-OS 10.2.2-h4", "PAN-OS 10.2.2-h3", "PAN-OS 10.2.2-h2", "PAN-OS 10.2.2-h1", "PAN-OS 10.2.2", "PAN-OS 10.2.1-h3", "PAN-OS 10.2.1-h2", "PAN-OS 10.2.1-h1", "PAN-OS 10.2.1", "PAN-OS 10.2.0-h4", "PAN-OS 10.2.0-h3", "PAN-OS 10.2.0-h2", "PAN-OS 10.2.0-h1", "PAN-OS 10.2.0"]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-05-13T18:57:40.745966Z", "id": "CVE-2026-0258", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-13T18:58:00.878Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-0258", "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "state": "PUBLISHED", "assignerShortName": "palo_alto", "dateReserved": "2025-11-03T20:44:18.750Z", "datePublished": "2026-05-13T18:08:36.338Z", "dateUpdated": "2026-05-13T18:58:00.878Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "shortName": "palo_alto", "dateUpdated": "2026-05-13T18:08:36.338Z"}, "title": "PAN-OS: Server-Side Request Forgery (SSRF) in IKEv2 Certificate URL Fetching", "datePublic": "2026-05-13T16:00:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-918", "description": "CWE-918 Server-Side Request Forgery (SSRF)", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-664", "descriptions": [{"lang": "en", "value": "CAPEC-664 Server-Side Request Forgery"}]}], "affected": [{"vendor": "Palo Alto Networks", "product": "Cloud NGFW", "versions": [{"status": "unaffected", "version": "All", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Palo Alto Networks", "product": "PAN-OS", "versions": [{"status": "affected", "version": "12.1.0", "lessThan": "12.1.7, 12.1.4-h5", "changes": [{"at": "12.1.4-h5", "status": "unaffected"}, {"at": "12.1.7", "status": "unaffected"}], "versionType": "custom"}, {"status": "affected", "version": "11.2.0", "lessThan": "11.2.12, 11.2.10-h6, 11.2.7-h13, 11.2.4-h17", "changes": [{"at": "11.2.4-h17", "status": "unaffected"}, {"at": "11.2.7-h13", "status": "unaffected"}, {"at": "11.2.10-h6", "status": "unaffected"}, {"at": "11.2.12", "status": "unaffected"}], "versionType": "custom"}, {"status": "affected", "version": "11.1.0", "lessThan": "11.1.15, 11.1.13-h5, 11.1.10-h25, 11.1.7-h6, 11.1.6-h32, 11.1.4-h33", "changes": [{"at": "11.1.4-h33", "status": "unaffected"}, {"at": "11.1.6-h32", "status": "unaffected"}, {"at": "11.1.7-h6", "status": "unaffected"}, {"at": "11.1.10-h25", "status": "unaffected"}, {"at": "11.1.13-h5", "status": "unaffected"}, {"at": "11.1.15", "status": "unaffected"}], "versionType": "custom"}, {"status": "affected", "version": "10.2.0", "lessThan": "10.2.18-h6, 10.2.16-h7, 10.2.13-h21, 10.2.10-h36, 10.2.7-h34", "changes": [{"at": "10.2.7-h34", "status": "unaffected"}, {"at": "10.2.10-h36", "status": "unaffected"}, {"at": "10.2.13-h21", "status": "unaffected"}, {"at": "10.2.16-h7", "status": "unaffected"}, {"at": "10.2.18-h6", "status": "unaffected"}], "versionType": "custom"}], "defaultStatus": "unaffected", "cpes": ["cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h3:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h2:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h5:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h4:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h3:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h2:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h1:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h12:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h11:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h10:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h8:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h7:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h4:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h3:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h2:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h1:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h15:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h14:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h12:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h11:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h10:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h9:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h8:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h7:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h6:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h5:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h4:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h3:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h2:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h1:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.14:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h3:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h2:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h1:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h21:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h12:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h10:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h9:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h7:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h5:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h4:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h1:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h29:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h25:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h23:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h22:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h21:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h20:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h19:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h18:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h17:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h14:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h10:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h7:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h6:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h4:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h3:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h2:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h1:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h32:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h27:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h25:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h18:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h17:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h15:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h13:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h12:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h11:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h10:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h9:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h8:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h7:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h6:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h5:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h4:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h3:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h2:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h1:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h5:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h1:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h6:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h4:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h1:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h18:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h16:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h15:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h10:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h7:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h5:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h4:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h3:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h2:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h1:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h31:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h30:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h27:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h26:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h23:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h21:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h18:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h17:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h14:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h13:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h12:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h11:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h10:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h9:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h8:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h7:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h6:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h5:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h4:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h3:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h2:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h1:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h32:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h24:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h23:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h22:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h21:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h20:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h19:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h18:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h17:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h16:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h15:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h14:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h13:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h12:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h11:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h10:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h9:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h8:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h7:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h6:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h5:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h4:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h3:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h2:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h1:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*"]}, {"vendor": "Palo Alto Networks", "product": "Prisma Access", "versions": [{"status": "unaffected", "version": "All", "versionType": "custom"}], "defaultStatus": "unaffected"}], "cpeApplicability": [{"operator": "OR", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:a:palo_alto_networks:cloud_ngfw:all:*:*:*:*:*:*:*"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.1.0", "versionEndExcluding": "12.1.7_12.1.4-h5"}, {"vulnerable": true, "criteria": "cpe:2.3:a:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*", "versionStartIncluding": "11.2.0", "versionEndExcluding": "11.2.12_11.2.10-h6_11.2.7-h13_11.2.4-h17"}, {"vulnerable": true, "criteria": "cpe:2.3:a:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*", "versionStartIncluding": "11.1.0", "versionEndExcluding": "11.1.15_11.1.13-h5_11.1.10-h25_11.1.7-h6_11.1.6-h32_11.1.4-h33"}, {"vulnerable": true, "criteria": "cpe:2.3:a:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*", "versionStartIncluding": "10.2.0", "versionEndExcluding": "10.2.18-h6_10.2.16-h7_10.2.13-h21_10.2.10-h36_10.2.7-h34"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:a:palo_alto_networks:prisma_access:all:*:*:*:*:*:*:*"}]}]}], "descriptions": [{"lang": "en", "value": "A server-side request forgery (SSRF) vulnerability in the IKEv2 implementation of Palo Alto Networks PAN-OS\u00ae software allows an unauthenticated attacker to cause the firewall to send network requests to unintended destinations or cause a denial of service (DoS) condition.\n\n\n\nPanorama, Cloud NGFW and Prisma\u00ae Access are not impacted by these vulnerabilities.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>A server-side request forgery (SSRF) vulnerability in the IKEv2 implementation of Palo Alto Networks PAN-OS\u00ae software allows an unauthenticated attacker to cause the firewall to send network requests to unintended destinations or cause a denial of service (DoS) condition.</p><p>Panorama, Cloud NGFW and Prisma<span>\u00ae</span> Access are not impacted by these vulnerabilities.</p>"}]}], "references": [{"url": "https://security.paloaltonetworks.com/CVE-2026-0258", "tags": ["vendor-advisory"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subAvailabilityImpact": "NONE", "exploitMaturity": "UNREPORTED", "Safety": "NOT_DEFINED", "Automatable": "YES", "Recovery": "USER", "valueDensity": "CONCENTRATED", "vulnerabilityResponseEffort": "HIGH", "providerUrgency": "AMBER", "version": "4.0", "baseSeverity": "MEDIUM", "baseScore": 4.8, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/AU:Y/R:U/V:C/RE:H/U:Amber"}}], "configurations": [{"lang": "eng", "value": "This issue is applicable only to PAN-OS configurations with a PAN-OS Site-to-Site VPN Gateway with IKEv2 configured.\n\nTo verify if you have Site-to-Site VPN Gateway that is configured with IKEv2 on a device please refer to our documentation (https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClGkCAK).", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>This issue is applicable only to PAN-OS configurations with a PAN-OS Site-to-Site VPN Gateway with IKEv2 configured.</p><p>To verify if you have Site-to-Site VPN Gateway that is configured with IKEv2 on a device please&nbsp;<a target=\"_blank\" rel=\"nofollow\" href=\"https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClGkCAK\">refer to our documentation</a>.</p>"}]}], "workarounds": [{"lang": "eng", "value": "Customers who do not require IKEv2 VPN can mitigate this issue by removing all IKEv2 VPN gateway configurations.\n\nCustomers with a Threat Prevention subscription can block attacks for this vulnerability by enabling Threat ID 510014 (from Applications and Threats content version 9100-10044).", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>Customers who do not require IKEv2 VPN can mitigate this issue by removing all IKEv2 VPN gateway configurations.</p><p>Customers with a Threat Prevention subscription can block attacks for this vulnerability by enabling Threat ID 510014 (from Applications and Threats content version 9100-10044).<br></p>"}]}], "solutions": [{"lang": "eng", "value": "VERSION MINOR VERSION SUGGESTED SOLUTION\nCloud NGFW No action needed\nPAN-OS 12.1 12.1.5 through 12.1.6 Upgrade to 12.1.7 or later.\n 12.1.2 through 12.1.4-h* Upgrade to 12.1.4-h5 or 12.1.7 or later.\nPAN-OS 11.2 11.2.11 or later Upgrade to 11.2.12 or later.\n 11.2.8 through 11.2.10-h* Upgrade to 11.2.10-h6 or 11.2.12 or later.\n 11.2.5 through 11.2.7-h* Upgrade to 11.2.7-h13 or 11.2.12 or later.\n 11.2.0 through 11.2.4-h* Upgrade to 11.2.4-h17 or 11.2.12 or later.\nPAN-OS 11.1 11.1.14 or later Upgrade to 11.1.15 or later.\n 11.1.11 through 11.1.13-h* Upgrade to 11.1.13-h5 or 11.1.15 or later.\n 11.1.8 through 11.1.10-h* Upgrade to 11.1.10-h25 or 11.1.15 or later.\n 11.1.7 through 11.1.7-h* Upgrade to 11.1.7-h6 or 11.1.15 or later.\n 11.1.5 through 11.1.6-h* Upgrade to 11.1.6-h32 or 11.1.15 or later.\n 11.1.0 through 11.1.4-h* Upgrade to 11.1.4-h33 or 11.1.15 or later.\nPAN-OS 10.2 10.2.17 through 10.2.18-h* Upgrade to 10.2.18-h6 or later.\n 10.2.14 through 10.2.16-h* Upgrade to 10.2.16-h7 or 10.2.18-h6 or later.\n 10.2.11 through 10.2.13-h* Upgrade to 10.2.13-h21 or 10.2.18-h6 or later.\n 10.2.8 through 10.2.10-h* Upgrade to 10.2.10-h36 or 10.2.18-h6 or later.\n 10.2.0 through 10.2.7-h* Upgrade to 10.2.7-h34 or 10.2.18-h6 or later\nPrisma Access No action needed. \nAll older unsupported PAN-OS versions Upgrade to a supported fixed version.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<table class=\"tbl\"><thead><tr><th>Version</th><th>Minor Version</th><th>Suggested Solution</th></tr></thead><tbody><tr><td> Cloud NGFW</td><td>&nbsp;</td><td>No action needed</td></tr><tr><td>PAN-OS 12.1</td><td>12.1.5 through 12.1.6</td><td>Upgrade to 12.1.7 or later.</td></tr><tr><td><br></td><td>12.1.2 through 12.1.4-h*</td><td>Upgrade to 12.1.4-h5 or 12.1.7 or later.</td></tr><tr><td>PAN-OS 11.2</td><td>11.2.11 or later</td><td>Upgrade to 11.2.12 or later.</td></tr><tr><td><br></td><td>11.2.8 through 11.2.10-h*</td><td>Upgrade to 11.2.10-h6 or 11.2.12 or later.</td></tr><tr><td><br></td><td>11.2.5 through 11.2.7-h*</td><td>Upgrade to 11.2.7-h13 or 11.2.12 or later.</td></tr><tr><td><br></td><td>11.2.0 through 11.2.4-h*</td><td>Upgrade to 11.2.4-h17 or 11.2.12 or later.</td></tr><tr><td>PAN-OS 11.1</td><td>11.1.14 or later</td><td>Upgrade to 11.1.15 or later.</td></tr><tr><td><br></td><td>11.1.11 through 11.1.13-h*</td><td>Upgrade to 11.1.13-h5 or 11.1.15 or later.</td></tr><tr><td><br></td><td>11.1.8 through 11.1.10-h*</td><td>Upgrade to 11.1.10-h25 or 11.1.15 or later.</td></tr><tr><td><br></td><td>11.1.7 through 11.1.7-h*</td><td>Upgrade to 11.1.7-h6 or 11.1.15 or later.</td></tr><tr><td><br></td><td>11.1.5 through 11.1.6-h*</td><td>Upgrade to 11.1.6-h32 or 11.1.15 or later.</td></tr><tr><td><br></td><td>11.1.0 through 11.1.4-h*</td><td>Upgrade to 11.1.4-h33 or 11.1.15 or later.</td></tr><tr><td>PAN-OS 10.2</td><td>10.2.17 through 10.2.18-h*</td><td>Upgrade to 10.2.18-h6 or later.</td></tr><tr><td>&nbsp;</td><td>10.2.14 through 10.2.16-h*</td><td>Upgrade to 10.2.16-h7 or 10.2.18-h6 or later.</td></tr><tr><td><br></td><td>10.2.11 through 10.2.13-h*</td><td>Upgrade to 10.2.13-h21 or 10.2.18-h6 or later.</td></tr><tr><td><br></td><td>10.2.8 through 10.2.10-h*</td><td>Upgrade to 10.2.10-h36 or 10.2.18-h6 or later.</td></tr><tr><td>&nbsp;</td><td>10.2.0 through 10.2.7-h*</td><td>Upgrade to 10.2.7-h34 or 10.2.18-h6 or later</td></tr><tr><td>Prisma Access&nbsp;</td><td><br></td><td>No action needed.&nbsp;</td></tr><tr><td> All older unsupported PAN-OS versions</td><td>&nbsp;</td><td> Upgrade to a supported fixed version.</td></tr></tbody></table>"}]}], "exploits": [{"lang": "en", "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>Palo Alto Networks is not aware of any malicious exploitation of this issue.</p>"}]}], "timeline": [{"time": "2026-05-13T16:00:00.000Z", "lang": "en", "value": "Initial publication."}], "credits": [{"lang": "en", "value": "Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue.", "type": "other"}], "source": {"discovery": "INTERNAL"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "x_affectedList": ["PAN-OS 12.1.6", "PAN-OS 12.1.5", "PAN-OS 12.1.4-h3", "PAN-OS 12.1.4-h2", "PAN-OS 12.1.4", "PAN-OS 12.1.3-h3", "PAN-OS 12.1.3-h1", "PAN-OS 12.1.3", "PAN-OS 12.1.2", "PAN-OS 11.2.11", "PAN-OS 11.2.10-h5", "PAN-OS 11.2.10-h4", "PAN-OS 11.2.10-h3", "PAN-OS 11.2.10-h2", "PAN-OS 11.2.10-h1", "PAN-OS 11.2.10", "PAN-OS 11.2.9", "PAN-OS 11.2.8", "PAN-OS 11.2.7-h12", "PAN-OS 11.2.7-h11", "PAN-OS 11.2.7-h10", "PAN-OS 11.2.7-h8", "PAN-OS 11.2.7-h7", "PAN-OS 11.2.7-h4", "PAN-OS 11.2.7-h3", "PAN-OS 11.2.7-h2", "PAN-OS 11.2.7-h1", "PAN-OS 11.2.7", "PAN-OS 11.2.6", "PAN-OS 11.2.5", "PAN-OS 11.2.4-h15", "PAN-OS 11.2.4-h14", "PAN-OS 11.2.4-h12", "PAN-OS 11.2.4-h11", "PAN-OS 11.2.4-h10", "PAN-OS 11.2.4-h9", "PAN-OS 11.2.4-h8", "PAN-OS 11.2.4-h7", "PAN-OS 11.2.4-h6", "PAN-OS 11.2.4-h5", "PAN-OS 11.2.4-h4", "PAN-OS 11.2.4-h3", "PAN-OS 11.2.4-h2", "PAN-OS 11.2.4-h1", "PAN-OS 11.2.4", "PAN-OS 11.2.3-h5", "PAN-OS 11.2.3-h4", "PAN-OS 11.2.3-h3", "PAN-OS 11.2.3-h2", "PAN-OS 11.2.3-h1", "PAN-OS 11.2.3", "PAN-OS 11.2.2-h2", "PAN-OS 11.2.2-h1", "PAN-OS 11.2.1-h1", "PAN-OS 11.2.1", "PAN-OS 11.2.0-h1", "PAN-OS 11.2.0", "PAN-OS 11.1.14", "PAN-OS 11.1.13-h3", "PAN-OS 11.1.13-h2", "PAN-OS 11.1.13-h1", "PAN-OS 11.1.13", "PAN-OS 11.1.12", "PAN-OS 11.1.11", "PAN-OS 11.1.10-h21", "PAN-OS 11.1.10-h12", "PAN-OS 11.1.10-h10", "PAN-OS 11.1.10-h9", "PAN-OS 11.1.10-h7", "PAN-OS 11.1.10-h5", "PAN-OS 11.1.10-h4", "PAN-OS 11.1.10-h1", "PAN-OS 11.1.10", "PAN-OS 11.1.9", "PAN-OS 11.1.8", "PAN-OS 11.1.6-h29", "PAN-OS 11.1.6-h25", "PAN-OS 11.1.6-h23", "PAN-OS 11.1.6-h22", "PAN-OS 11.1.6-h21", "PAN-OS 11.1.6-h20", "PAN-OS 11.1.6-h19", "PAN-OS 11.1.6-h18", "PAN-OS 11.1.6-h17", "PAN-OS 11.1.6-h14", "PAN-OS 11.1.6-h10", "PAN-OS 11.1.6-h7", "PAN-OS 11.1.6-h6", "PAN-OS 11.1.6-h4", "PAN-OS 11.1.6-h3", "PAN-OS 11.1.6-h2", "PAN-OS 11.1.6-h1", "PAN-OS 11.1.6", "PAN-OS 11.1.5-h1", "PAN-OS 11.1.5", "PAN-OS 11.1.4-h32", "PAN-OS 11.1.4-h27", "PAN-OS 11.1.4-h25", "PAN-OS 11.1.4-h18", "PAN-OS 11.1.4-h17", "PAN-OS 11.1.4-h15", "PAN-OS 11.1.4-h13", "PAN-OS 11.1.4-h12", "PAN-OS 11.1.4-h11", "PAN-OS 11.1.4-h10", "PAN-OS 11.1.4-h9", "PAN-OS 11.1.4-h8", "PAN-OS 11.1.4-h7", "PAN-OS 11.1.4-h6", "PAN-OS 11.1.4-h5", "PAN-OS 11.1.4-h4", "PAN-OS 11.1.4-h3", "PAN-OS 11.1.4-h2", "PAN-OS 11.1.4-h1", "PAN-OS 11.1.4", "PAN-OS 11.1.3-h13", "PAN-OS 11.1.3-h12", "PAN-OS 11.1.3-h11", "PAN-OS 11.1.3-h10", "PAN-OS 11.1.3-h9", "PAN-OS 11.1.3-h8", "PAN-OS 11.1.3-h7", "PAN-OS 11.1.3-h6", "PAN-OS 11.1.3-h5", "PAN-OS 11.1.3-h4", "PAN-OS 11.1.3-h3", "PAN-OS 11.1.3-h2", "PAN-OS 11.1.3-h1", "PAN-OS 11.1.3", "PAN-OS 11.1.2-h18", "PAN-OS 11.1.2-h17", "PAN-OS 11.1.2-h16", "PAN-OS 11.1.2-h15", "PAN-OS 11.1.2-h14", "PAN-OS 11.1.2-h13", "PAN-OS 11.1.2-h12", "PAN-OS 11.1.2-h11", "PAN-OS 11.1.2-h10", "PAN-OS 11.1.2-h9", "PAN-OS 11.1.2-h8", "PAN-OS 11.1.2-h7", "PAN-OS 11.1.2-h6", "PAN-OS 11.1.2-h5", "PAN-OS 11.1.2-h4", "PAN-OS 11.1.2-h3", "PAN-OS 11.1.2-h2", "PAN-OS 11.1.2-h1", "PAN-OS 11.1.2", "PAN-OS 11.1.1-h2", "PAN-OS 11.1.1-h1", "PAN-OS 11.1.1", "PAN-OS 11.1.0-h4", "PAN-OS 11.1.0-h3", "PAN-OS 11.1.0-h2", "PAN-OS 11.1.0-h1", "PAN-OS 11.1.0", "PAN-OS 10.2.18-h5", "PAN-OS 10.2.18-h1", "PAN-OS 10.2.18", "PAN-OS 10.2.17", "PAN-OS 10.2.16-h6", "PAN-OS 10.2.16-h4", "PAN-OS 10.2.16-h1", "PAN-OS 10.2.16", "PAN-OS 10.2.15", "PAN-OS 10.2.14-h1", "PAN-OS 10.2.14", "PAN-OS 10.2.13-h18", "PAN-OS 10.2.13-h16", "PAN-OS 10.2.13-h15", "PAN-OS 10.2.13-h10", "PAN-OS 10.2.13-h7", "PAN-OS 10.2.13-h5", "PAN-OS 10.2.13-h4", "PAN-OS 10.2.13-h3", "PAN-OS 10.2.13-h2", "PAN-OS 10.2.13-h1", "PAN-OS 10.2.13", "PAN-OS 10.2.12-h6", "PAN-OS 10.2.12-h5", "PAN-OS 10.2.12-h4", "PAN-OS 10.2.12-h3", "PAN-OS 10.2.12-h2", "PAN-OS 10.2.12-h1", "PAN-OS 10.2.12", "PAN-OS 10.2.11-h13", "PAN-OS 10.2.11-h12", "PAN-OS 10.2.11-h11", "PAN-OS 10.2.11-h10", "PAN-OS 10.2.11-h9", "PAN-OS 10.2.11-h8", "PAN-OS 10.2.11-h7", "PAN-OS 10.2.11-h6", "PAN-OS 10.2.11-h5", "PAN-OS 10.2.11-h4", "PAN-OS 10.2.11-h3", "PAN-OS 10.2.11-h2", "PAN-OS 10.2.11-h1", "PAN-OS 10.2.11", "PAN-OS 10.2.10-h31", "PAN-OS 10.2.10-h30", "PAN-OS 10.2.10-h27", "PAN-OS 10.2.10-h26", "PAN-OS 10.2.10-h23", "PAN-OS 10.2.10-h21", "PAN-OS 10.2.10-h18", "PAN-OS 10.2.10-h17", "PAN-OS 10.2.10-h14", "PAN-OS 10.2.10-h13", "PAN-OS 10.2.10-h12", "PAN-OS 10.2.10-h11", "PAN-OS 10.2.10-h10", "PAN-OS 10.2.10-h9", "PAN-OS 10.2.10-h8", "PAN-OS 10.2.10-h7", "PAN-OS 10.2.10-h6", "PAN-OS 10.2.10-h5", "PAN-OS 10.2.10-h4", "PAN-OS 10.2.10-h3", "PAN-OS 10.2.10-h2", "PAN-OS 10.2.10-h1", "PAN-OS 10.2.10", "PAN-OS 10.2.9-h21", "PAN-OS 10.2.9-h20", "PAN-OS 10.2.9-h19", "PAN-OS 10.2.9-h18", "PAN-OS 10.2.9-h17", "PAN-OS 10.2.9-h16", "PAN-OS 10.2.9-h15", "PAN-OS 10.2.9-h14", "PAN-OS 10.2.9-h13", "PAN-OS 10.2.9-h12", "PAN-OS 10.2.9-h11", "PAN-OS 10.2.9-h10", "PAN-OS 10.2.9-h9", "PAN-OS 10.2.9-h8", "PAN-OS 10.2.9-h7", "PAN-OS 10.2.9-h6", "PAN-OS 10.2.9-h5", "PAN-OS 10.2.9-h4", "PAN-OS 10.2.9-h3", "PAN-OS 10.2.9-h2", "PAN-OS 10.2.9-h1", "PAN-OS 10.2.9", "PAN-OS 10.2.8-h21", "PAN-OS 10.2.8-h20", "PAN-OS 10.2.8-h19", "PAN-OS 10.2.8-h18", "PAN-OS 10.2.8-h17", "PAN-OS 10.2.8-h16", "PAN-OS 10.2.8-h15", "PAN-OS 10.2.8-h14", "PAN-OS 10.2.8-h13", "PAN-OS 10.2.8-h12", "PAN-OS 10.2.8-h11", "PAN-OS 10.2.8-h10", "PAN-OS 10.2.8-h9", "PAN-OS 10.2.8-h8", "PAN-OS 10.2.8-h7", "PAN-OS 10.2.8-h6", "PAN-OS 10.2.8-h5", "PAN-OS 10.2.8-h4", "PAN-OS 10.2.8-h3", "PAN-OS 10.2.8-h2", "PAN-OS 10.2.8-h1", "PAN-OS 10.2.8", "PAN-OS 10.2.7-h32", "PAN-OS 10.2.7-h24", "PAN-OS 10.2.7-h23", "PAN-OS 10.2.7-h22", "PAN-OS 10.2.7-h21", "PAN-OS 10.2.7-h20", "PAN-OS 10.2.7-h19", "PAN-OS 10.2.7-h18", "PAN-OS 10.2.7-h17", "PAN-OS 10.2.7-h16", "PAN-OS 10.2.7-h15", "PAN-OS 10.2.7-h14", "PAN-OS 10.2.7-h13", "PAN-OS 10.2.7-h12", "PAN-OS 10.2.7-h11", "PAN-OS 10.2.7-h10", "PAN-OS 10.2.7-h9", "PAN-OS 10.2.7-h8", "PAN-OS 10.2.7-h7", "PAN-OS 10.2.7-h6", "PAN-OS 10.2.7-h5", "PAN-OS 10.2.7-h4", "PAN-OS 10.2.7-h3", "PAN-OS 10.2.7-h2", "PAN-OS 10.2.7-h1", "PAN-OS 10.2.7", "PAN-OS 10.2.6-h6", "PAN-OS 10.2.6-h5", "PAN-OS 10.2.6-h4", "PAN-OS 10.2.6-h3", "PAN-OS 10.2.6-h2", "PAN-OS 10.2.6-h1", "PAN-OS 10.2.6", "PAN-OS 10.2.5-h9", "PAN-OS 10.2.5-h8", "PAN-OS 10.2.5-h7", "PAN-OS 10.2.5-h6", "PAN-OS 10.2.5-h5", "PAN-OS 10.2.5-h4", "PAN-OS 10.2.5-h3", "PAN-OS 10.2.5-h2", "PAN-OS 10.2.5-h1", "PAN-OS 10.2.5", "PAN-OS 10.2.4-h32", "PAN-OS 10.2.4-h31", "PAN-OS 10.2.4-h30", "PAN-OS 10.2.4-h29", "PAN-OS 10.2.4-h28", "PAN-OS 10.2.4-h27", "PAN-OS 10.2.4-h26", "PAN-OS 10.2.4-h25", "PAN-OS 10.2.4-h24", "PAN-OS 10.2.4-h23", "PAN-OS 10.2.4-h22", "PAN-OS 10.2.4-h21", "PAN-OS 10.2.4-h20", "PAN-OS 10.2.4-h19", "PAN-OS 10.2.4-h18", "PAN-OS 10.2.4-h17", "PAN-OS 10.2.4-h16", "PAN-OS 10.2.4-h15", "PAN-OS 10.2.4-h14", "PAN-OS 10.2.4-h13", "PAN-OS 10.2.4-h12", "PAN-OS 10.2.4-h11", "PAN-OS 10.2.4-h10", "PAN-OS 10.2.4-h9", "PAN-OS 10.2.4-h8", "PAN-OS 10.2.4-h7", "PAN-OS 10.2.4-h6", "PAN-OS 10.2.4-h5", "PAN-OS 10.2.4-h4", "PAN-OS 10.2.4-h3", "PAN-OS 10.2.4-h2", "PAN-OS 10.2.4-h1", "PAN-OS 10.2.4", "PAN-OS 10.2.3-h14", "PAN-OS 10.2.3-h13", "PAN-OS 10.2.3-h12", "PAN-OS 10.2.3-h11", "PAN-OS 10.2.3-h10", "PAN-OS 10.2.3-h9", "PAN-OS 10.2.3-h8", "PAN-OS 10.2.3-h7", "PAN-OS 10.2.3-h6", "PAN-OS 10.2.3-h5", "PAN-OS 10.2.3-h4", "PAN-OS 10.2.3-h3", "PAN-OS 10.2.3-h2", "PAN-OS 10.2.3-h1", "PAN-OS 10.2.3", "PAN-OS 10.2.2-h6", "PAN-OS 10.2.2-h5", "PAN-OS 10.2.2-h4", "PAN-OS 10.2.2-h3", "PAN-OS 10.2.2-h2", "PAN-OS 10.2.2-h1", "PAN-OS 10.2.2", "PAN-OS 10.2.1-h3", "PAN-OS 10.2.1-h2", "PAN-OS 10.2.1-h1", "PAN-OS 10.2.1", "PAN-OS 10.2.0-h4", "PAN-OS 10.2.0-h3", "PAN-OS 10.2.0-h2", "PAN-OS 10.2.0-h1", "PAN-OS 10.2.0"]}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-0258", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-05-13T18:57:40.745966Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-13T18:57:57.010Z"}}]}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A server-side request forgery (SSRF) vulnerability in the IKEv2 implementation of Palo Alto Networks PAN-OS\u00ae software allows an unauthenticated attacker to cause the firewall to send network requests to unintended destinations or cause a denial of service (DoS) condition.\n\n\n\nPanorama, Cloud NGFW and Prisma\u00ae Access are not impacted by these vulnerabilities."}], "id": "CVE-2026-0258", "lastModified": "2026-05-13T19:17:01.483", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "YES", "Recovery": "USER", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "UNREPORTED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "AMBER", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:C/RE:H/U:Amber", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "HIGH"}, "source": "psirt@paloaltonetworks.com", "type": "Secondary"}]}, "published": "2026-05-13T19:17:01.483", "references": [{"source": "psirt@paloaltonetworks.com", "url": "https://security.paloaltonetworks.com/CVE-2026-0258"}], "sourceIdentifier": "psirt@paloaltonetworks.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "psirt@paloaltonetworks.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[0,*]"}}], "enrichment": {"confidence": 90.0, "confidence_source": "inferred", "scores": [{"score": 90.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Cloud NGFW", "source": "cna", "vendor": "Palo Alto Networks"}, "product": "cloud_ngfw", "vendor": "palo_alto_networks"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[12.1.0,12.1.4-h5)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[11.2.0,11.2.4-h17)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[11.1.0,11.1.4-h33)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[10.2.0,10.2.7-h34)"}}], "enrichment": {"confidence": 90.0, "confidence_source": "inferred", "scores": [{"score": 90.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "PAN-OS", "source": "cna", "vendor": "Palo Alto Networks"}, "product": "pan-os", "vendor": "palo_alto_networks"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[0,*]"}}], "enrichment": {"confidence": 90.0, "confidence_source": "inferred", "scores": [{"score": 90.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Prisma Access", "source": "cna", "vendor": "Palo Alto Networks"}, "product": "prisma_access", "vendor": "palo_alto_networks"}], "created": "2026-05-13T19:45:03.825477+00:00", "updated": "2026-05-13T20:15:04.029212+00:00", "vendors": ["palo_alto_networks", "palo_alto_networks$PRODUCT$cloud_ngfw", "palo_alto_networks$PRODUCT$pan-os", "palo_alto_networks$PRODUCT$prisma_access"]}