PAN-OS DNS Buffer Overflow DoS / Remote Code Exec: CVE-2026-0264 May 2026

PAN-OS DNS Buffer Overflow DoS / Remote Code Exec
CVE-2026-0264 Published on May 13, 2026

PAN-OS: Heap-Based Buffer Overflow in DNS Proxy and DNS Server Allows Unauthenticated Remote Code Execution
A buffer overflow vulnerability in the DNS proxy and DNS Server features of Palo Alto Networks PAN-OS® Software allows an unauthenticated attacker with network access to cause a denial of service (DoS) condition (all PAN-OS platforms except Cloud NGFW and Prisma Access) or potentially execute arbitrary code by sending specially crafted network traffic (PA-Series hardware only). Panorama, Cloud NGFW, and Prisma® Access are not impacted by this vulnerability.

Timeline

2026-05-13

Initial Publication.

Weakness Type

Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

Products Associated with CVE-2026-0264

Want to know whenever a new CVE is published for Palo Alto Networks PAN-OS? stack.watch will email you.

Affected Versions

Version All is unaffected.

Version 12.1.0 and below 12.1.7, 12.1.4-h5 is affected.

Version 11.2.0 and below 11.2.12, 11.2.10-h6, 11.2.7-h13, 11.2.4-h17 is affected.

Version 11.1.0 and below 11.1.15, 11.1.13-h5, 11.1.10-h25, 11.1.7-h6, 11.1.6-h32, 11.1.4-h33 is affected.

Version 10.2.0 and below 10.2.18-h6, 10.2.16-h7, 10.2.13-h21, 10.2.10-h36, 10.2.7-h34 is affected.