PALO ALTO PAN-OS CLI PrivEsc (CVE-2026-0272)
CVE-2026-0272 Published on June 10, 2026
PAN-OS: Privilege Escalation (PE) Vulnerability in the Command Line Interface (CLI)
A privilege escalation vulnerability in Palo Alto Networks PAN-OS® software allows an authenticated administrator with access to the Command Line Interface (CLI) to perform actions on the device with root privileges.
The security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators and by restricting access to the management interface to only trusted internal IP addresses according to our recommended best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .
This issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series).
Cloud NGFW, and Prisma® Access are not impacted by this vulnerability.
Timeline
Initial publication.
Weakness Type
What is an AuthZ Vulnerability?
The software does not perform an authorization check when an actor attempts to access a resource or perform an action.
CVE-2026-0272 has been classified to as an AuthZ vulnerability or weakness.
Products Associated with CVE-2026-0272
Want to know whenever a new CVE is published for Palo Alto Networks PAN-OS? stack.watch will email you.
Affected Versions
Palo Alto Networks Cloud NGFW:- Version All is unaffected.
- Version 12.1.0 and below 12.1.4-h7 is affected.
- Version 11.2.0 and below 11.2.4-h18 is affected.
- Version 11.1.0 and below 11.1.4-h34 is affected.
- Version 10.2.0 and below 10.2.7-h35 is affected.
- Version All is unaffected.