PAN-OS IPv6 Stack Bypass in Dataplane Enables Policy Evasion
CVE-2026-0280 Published on July 9, 2026
PAN-OS: IPv6 Firewall Policy Bypass
An IPv6 packet processing vulnerability in the dataplane of Palo Alto Networks PAN-OS® software enables an unauthenticated attacker to bypass firewall security policy enforcement, allowing network traffic that should be blocked to reach protected services.
Cloud NGFW and Panorama are not impacted by this vulnerability.
Timeline
Initial Publication
Weakness Type
Incorrect Calculation of Buffer Size
The software does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow.
Products Associated with CVE-2026-0280
stack.watch emails you whenever new vulnerabilities are published in Palo Alto Networks PAN-OS or Palo Alto Networks Prisma Access. Just hit a watch button to start following.
Affected Versions
Palo Alto Networks Cloud NGFW:- Version All is unaffected.
- Version 12.1.0 and below 12.1.8 is affected.
- Version 11.2.0 and below 11.2.13 is affected.
- Version 11.1.0 and below 11.1.16 is affected.
- Version 10.2.0 and below 10.2.18-h8 is affected.
- Version All is unaffected.
- Version 11.2.0 and below 11.2.7-h18 is affected.
- Version 10.2.0 and below 10.2.10-h39 is affected.