PAN-OS IPv6 Stack Bypass in Dataplane Enables Policy Evasion
CVE-2026-0280 Published on July 9, 2026

PAN-OS: IPv6 Firewall Policy Bypass
An IPv6 packet processing vulnerability in the dataplane of Palo Alto Networks PAN-OS® software enables an unauthenticated attacker to bypass firewall security policy enforcement, allowing network traffic that should be blocked to reach protected services. Cloud NGFW and Panorama are not impacted by this vulnerability.

Vendor Advisory NVD

Timeline

Initial Publication

Weakness Type

Incorrect Calculation of Buffer Size

The software does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow.


Products Associated with CVE-2026-0280

stack.watch emails you whenever new vulnerabilities are published in Palo Alto Networks PAN-OS or Palo Alto Networks Prisma Access. Just hit a watch button to start following.

 
 

Affected Versions

Palo Alto Networks Cloud NGFW: Palo Alto Networks PAN-OS: Palo Alto Networks Panorama: Palo Alto Networks Prisma Access: