CVE-2026-0259: CWE-73 External Control of File Name or Path in Palo Alto Networks WildFire WF-500 and WF-500-B
An arbitrary File Read and Delete Vulnerability in Palo Alto Networks WildFire® WF-500 and WF-500-B appliances enables users to read sensitive information and delete arbitrary files. This vulnerability affects WF-500 and WF-500-B appliances running in the default non-FIPS configuration mode. The WildFire Appliance (WF-500, WF-500-B) software update is now available to customers that use the WildFire Appliance (WF-500, WF-500-B) for on-premise sandboxing. Please note that customers using the WildFire Public cloud service are NOT impacted by this vulnerability.
AI Analysis
Technical Summary
This vulnerability (CWE-73: External Control of File Name or Path) in Palo Alto Networks WildFire WF-500 and WF-500-B appliances enables users with limited privileges to arbitrarily read and delete files on the system. It affects specific software versions (10.2.0, 11.1.0, 11.2.0, 12.1.0) running in default non-FIPS configuration. The issue is limited to on-premise appliances; the cloud service is not impacted. The CVSS 4.0 base score is 5.0, reflecting a medium severity with network attack vector, low attack complexity, no user interaction, and partial impact on confidentiality and integrity. No known exploits in the wild have been reported. A software update is available from Palo Alto Networks for affected appliances.
Potential Impact
An attacker with limited privileges can exploit this vulnerability to read sensitive information and delete arbitrary files on the affected WildFire appliances. This could lead to information disclosure and potential disruption of appliance functionality. The impact is limited to on-premise WF-500 and WF-500-B appliances running non-FIPS mode software versions listed. The WildFire Public cloud service is not affected.
Mitigation Recommendations
A software update addressing this vulnerability is available from Palo Alto Networks for the affected WildFire WF-500 and WF-500-B appliances. Customers using the WildFire Public cloud service are not impacted and require no action. Users of on-premise appliances should apply the vendor-provided update to remediate this vulnerability. Patch status is not explicitly confirmed in the advisory text; verify the vendor advisory for the latest remediation guidance.
CVE-2026-0259: CWE-73 External Control of File Name or Path in Palo Alto Networks WildFire WF-500 and WF-500-B
Description
An arbitrary File Read and Delete Vulnerability in Palo Alto Networks WildFire® WF-500 and WF-500-B appliances enables users to read sensitive information and delete arbitrary files. This vulnerability affects WF-500 and WF-500-B appliances running in the default non-FIPS configuration mode. The WildFire Appliance (WF-500, WF-500-B) software update is now available to customers that use the WildFire Appliance (WF-500, WF-500-B) for on-premise sandboxing. Please note that customers using the WildFire Public cloud service are NOT impacted by this vulnerability.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability (CWE-73: External Control of File Name or Path) in Palo Alto Networks WildFire WF-500 and WF-500-B appliances enables users with limited privileges to arbitrarily read and delete files on the system. It affects specific software versions (10.2.0, 11.1.0, 11.2.0, 12.1.0) running in default non-FIPS configuration. The issue is limited to on-premise appliances; the cloud service is not impacted. The CVSS 4.0 base score is 5.0, reflecting a medium severity with network attack vector, low attack complexity, no user interaction, and partial impact on confidentiality and integrity. No known exploits in the wild have been reported. A software update is available from Palo Alto Networks for affected appliances.
Potential Impact
An attacker with limited privileges can exploit this vulnerability to read sensitive information and delete arbitrary files on the affected WildFire appliances. This could lead to information disclosure and potential disruption of appliance functionality. The impact is limited to on-premise WF-500 and WF-500-B appliances running non-FIPS mode software versions listed. The WildFire Public cloud service is not affected.
Mitigation Recommendations
A software update addressing this vulnerability is available from Palo Alto Networks for the affected WildFire WF-500 and WF-500-B appliances. Customers using the WildFire Public cloud service are not impacted and require no action. Users of on-premise appliances should apply the vendor-provided update to remediate this vulnerability. Patch status is not explicitly confirmed in the advisory text; verify the vendor advisory for the latest remediation guidance.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- palo_alto
- Date Reserved
- 2025-11-03T20:44:19.922Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a04c4b4cbff5d8610fad29d
Added to database: 5/13/2026, 6:36:36 PM
Last enriched: 5/13/2026, 6:52:11 PM
Last updated: 5/13/2026, 9:47:31 PM
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.