PAN-OS Tunnel MemCorrupt Reboot Exploit (Authenticated)
CVE-2026-0269 Published on June 10, 2026

PAN-OS: Denial of Service (DoS) in Tunnel Traffic Processing
A memory corruption vulnerability in the processing of tunnel traffic in Palo Alto Networks PAN-OS® software allows an authenticated user to initiate system reboots using a maliciously crafted packet. Repeated attempts to initiate a reboot causes the firewall to enter maintenance mode. Panorama, Cloud NGFW, and Prisma® Access are not impacted by this vulnerability.

Vendor Advisory NVD

Timeline

2026-06-10

Initial publication.

Weakness Type

Improper Check for Unusual or Exceptional Conditions

The software does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the software.

Products Associated with CVE-2026-0269

Want to know whenever a new CVE is published for Palo Alto Networks PAN-OS? stack.watch will email you.

Palo Alto Networks PAN-OS

Affected Versions

Palo Alto Networks Cloud NGFW:

Version All is unaffected.

Palo Alto Networks PAN-OS:

Version 12.1.0 and below 12.1.5 is affected.
Version 11.2.0 and below 11.2.10 is affected.
Version 11.1.0 and below 11.1.6-h21 is affected.
Version 10.2.0 and below 10.2.16-h6 is affected.

Palo Alto Networks Panorama:

Version All is unaffected.

Palo Alto Networks Prisma Access: