CVE-2026-0273: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in Palo Alto Networks Cloud NGFW
CVE-2026-0273 is a command injection vulnerability in Palo Alto Networks PAN-OS software that allows an authenticated administrator to execute arbitrary commands as root. Exploitation requires access to the PAN-OS CLI or Web UI. The vulnerability affects PA-Series and VM-Series firewalls and Panorama appliances but does not affect Cloud NGFW or Prisma Access. The risk is reduced by restricting CLI and management web interface access to trusted administrators and internal IPs. No patch or official remediation has been confirmed yet.
AI Analysis
Technical Summary
This vulnerability (CVE-2026-0273) involves improper neutralization of special elements in OS commands (CWE-78) within Palo Alto Networks PAN-OS software. An authenticated administrator with access to the CLI or Web UI can bypass system restrictions and execute arbitrary commands with root privileges. The issue affects physical and virtual PA-Series and VM-Series firewalls and Panorama (virtual and M-Series), but not the Cloud NGFW or Prisma Access services. The vulnerability has a CVSS 4.0 score of 6.1 (medium severity). No vendor advisory or patch information is currently available, and the remediation level is unknown.
Potential Impact
An authenticated administrator can execute arbitrary OS commands as root, potentially compromising the entire system. This could lead to full system control, data compromise, or disruption of firewall operations. However, the vulnerability requires authenticated access to management interfaces, limiting exposure to trusted administrators. Cloud NGFW and Prisma Access are not affected.
Mitigation Recommendations
No official patch or remediation has been confirmed. The vendor recommends minimizing risk by restricting CLI access to a limited group of administrators and limiting management web interface access to trusted internal IP addresses following Palo Alto Networks' best practice deployment guidelines. Monitor the vendor advisory for updates on patch availability and apply official fixes once released.
CVE-2026-0273: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in Palo Alto Networks Cloud NGFW
Description
CVE-2026-0273 is a command injection vulnerability in Palo Alto Networks PAN-OS software that allows an authenticated administrator to execute arbitrary commands as root. Exploitation requires access to the PAN-OS CLI or Web UI. The vulnerability affects PA-Series and VM-Series firewalls and Panorama appliances but does not affect Cloud NGFW or Prisma Access. The risk is reduced by restricting CLI and management web interface access to trusted administrators and internal IPs. No patch or official remediation has been confirmed yet.
CVSS v4.0
Score 6.1medium
Affected software
cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:*cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:*cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h6:*:*:*:*:*:*cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h5:*:*:*:*:*:*cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h3:*:*:*:*:*:*cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h2:*:*:*:*:*:*Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability (CVE-2026-0273) involves improper neutralization of special elements in OS commands (CWE-78) within Palo Alto Networks PAN-OS software. An authenticated administrator with access to the CLI or Web UI can bypass system restrictions and execute arbitrary commands with root privileges. The issue affects physical and virtual PA-Series and VM-Series firewalls and Panorama (virtual and M-Series), but not the Cloud NGFW or Prisma Access services. The vulnerability has a CVSS 4.0 score of 6.1 (medium severity). No vendor advisory or patch information is currently available, and the remediation level is unknown.
Potential Impact
An authenticated administrator can execute arbitrary OS commands as root, potentially compromising the entire system. This could lead to full system control, data compromise, or disruption of firewall operations. However, the vulnerability requires authenticated access to management interfaces, limiting exposure to trusted administrators. Cloud NGFW and Prisma Access are not affected.
Mitigation Recommendations
No official patch or remediation has been confirmed. The vendor recommends minimizing risk by restricting CLI access to a limited group of administrators and limiting management web interface access to trusted internal IP addresses following Palo Alto Networks' best practice deployment guidelines. Monitor the vendor advisory for updates on patch availability and apply official fixes once released.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- palo_alto
- Date Reserved
- 2025-11-03T20:44:32.837Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a29dafc3187570649959422
Added to database: 6/10/2026, 9:45:32 PM
Last enriched: 6/10/2026, 10:00:58 PM
Last updated: 6/10/2026, 10:52:32 PM
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.