XSS in PAN-OS User-ID Portal & GlobalProtect
CVE-2026-0279 Published on July 9, 2026

PAN-OS: Multiple Cross-Site Scripting (XSS) Vulnerabilities
Multiple cross site scripting vulnerabilities in the User-ID Authentication Portal (aka Captive Portal) service, GlobalProtect gateway/portal features and Clientless VPN of Palo Alto Networks PAN-OS® software enables a malicious unauthenticated user to store or execute malicious JavaScript payload. The security risk posed by this issue is minimized when the management interface and access to the User-ID Authentication Portal is restricted to only trusted internal IP addresses according to our recommended best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . This issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series). Cloud NGFW is not affected by this vulnerability.

Vendor Advisory NVD

Timeline

Updated the Unaffected version for Prisma Access.

Initial publication

Weakness Type

What is a XSS Vulnerability?

The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

CVE-2026-0279 has been classified to as a XSS vulnerability or weakness.


Products Associated with CVE-2026-0279

stack.watch emails you whenever new vulnerabilities are published in Palo Alto Networks PAN-OS or Palo Alto Networks Prisma Access. Just hit a watch button to start following.

 
 

Affected Versions

Palo Alto Networks Cloud NGFW: Palo Alto Networks PAN-OS: Palo Alto Networks Prisma Access: