Vulnerability Details CVE-2026-0279
Multiple cross site scripting vulnerabilities in the User-ID™ Authentication Portal (aka Captive Portal) service, GlobalProtect™ gateway/portal features and Clientless VPN of Palo Alto Networks PAN-OS® software enables a malicious unauthenticated user to store or execute malicious JavaScript payload.
The security risk posed by this issue is minimized when the management interface and access to the User-ID™ Authentication Portal is restricted to only trusted internal IP addresses according to our recommended best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .
This issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series).
Cloud NGFW is not affected by this vulnerability.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.012
EPSS Ranking 63.8%
CVSS Severity
CVSS v3 Score 6.1
Products affected by CVE-2026-0279
-
cpe:2.3:o:paloaltonetworks:pan-os:11.2.0
-
cpe:2.3:o:paloaltonetworks:pan-os:11.2.1
-
cpe:2.3:o:paloaltonetworks:pan-os:11.2.10
-
cpe:2.3:o:paloaltonetworks:pan-os:11.2.11
-
cpe:2.3:o:paloaltonetworks:pan-os:11.2.2
-
cpe:2.3:o:paloaltonetworks:pan-os:11.2.3
-
cpe:2.3:o:paloaltonetworks:pan-os:11.2.4
-
cpe:2.3:o:paloaltonetworks:pan-os:11.2.5
-
cpe:2.3:o:paloaltonetworks:pan-os:11.2.6
-
cpe:2.3:o:paloaltonetworks:pan-os:11.2.7
-
cpe:2.3:o:paloaltonetworks:pan-os:11.2.8
-
cpe:2.3:o:paloaltonetworks:pan-os:11.2.9