DoS via crafted IPv6 packet on Palo Alto Prisma SD-WAN ION
CVE-2026-0243 Published on May 13, 2026
Prisma SD-WAN: Denial of Service (DoS) Vulnerability Through IPv6 Crafted Packet
A denial of service (DoS) vulnerability in Palo Alto Networks Prisma SD-WAN ION devices enables an unauthenticated attacker in a network adjacent to a Prisma SD-WAN ION device to cause a system disruption by sending a specially crafted IPv6 packet.
Timeline
Initial publication.
Weakness Type
Unchecked Input for Loop Condition
The product does not properly check inputs that are used for loop conditions, potentially leading to a denial of service or other consequences because of excessive looping.
Products Associated with CVE-2026-0243
Want to know whenever a new CVE is published for Palo Alto Networks Prisma Sd Wan Ion? stack.watch will email you.
Affected Versions
Palo Alto Networks Prisma SD-WAN ION:- Version 6.5.0 and below 25.3.3 is affected.
- Version 6.4.0 and below 25.1.8 is affected.
- Version 6.3.0 and below 24.3.6 is affected.
- Version 6.1.0 is unaffected.
- Version 5.6.0 is unaffected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.