Arbitrary File Read/Deletion in Palo Alto Networks WildFire WF-500
CVE-2026-0259 Published on May 13, 2026
WildFire WF-500 and WF-500-B: Arbitrary File Read and Delete Vulnerability in WildFire Appliance (WF-500, WF-500-B)
An arbitrary File Read and Delete Vulnerability in Palo Alto Networks WildFire® WF-500 and WF-500-B appliances enables users to read sensitive information and delete arbitrary files. This vulnerability affects WF-500 and WF-500-B appliances running in the default non-FIPS configuration mode.
The WildFire Appliance (WF-500, WF-500-B) software update is now available to customers that use the WildFire Appliance (WF-500, WF-500-B) for on-premise sandboxing.
Please note that customers using the WildFire Public cloud service are NOT impacted by this vulnerability.
Timeline
Initial publication.
Weakness Type
External Control of File Name or Path
The software allows user input to control or influence paths or file names that are used in filesystem operations.
Products Associated with CVE-2026-0259
Want to know whenever a new CVE is published for Palo Alto Networks Wildfire Wf 500 And Wf 500 B? stack.watch will email you.
Affected Versions
Palo Alto Networks WildFire WF-500 and WF-500-B:- Version 12.1.0 and below 12.1.7, 12.1.4-h5 is affected.
- Version 11.2.0 and below 11.2.11,11.2.7-h7 is affected.
- Version 11.1.0 and below 11.1.13,11.1.10-h8 is affected.
- Version 10.2.0 and below 10.2.18-h6, 10.2.16-h7, 10.2.13-h21, 10.2.10-h36, 10.2.7-h34 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.