Auth Bypass in Palo Alto PAN-OS LSVPN
CVE-2026-0283 Published on July 9, 2026

PAN-OS: Authentication Bypass Vulnerability in Large Scale VPN (LSVPN)
An authentication bypass vulnerability in Large Scale VPN ( LSVPN) functionality of Palo Alto Networks PAN-OS software allows an attacker with network access to bypass security restrictions and establish an unauthorized site-to-site VPN connection. Panorama, Cloud NGFW, and Prisma® Access are not impacted by this vulnerability.

Vendor Advisory NVD

Timeline

Initial publication

Weakness Type

Missing Authentication for Critical Function

The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.


Products Associated with CVE-2026-0283

Want to know whenever a new CVE is published for Palo Alto Networks PAN-OS? stack.watch will email you.

 

Affected Versions

Palo Alto Networks Cloud NGFW: Palo Alto Networks PAN-OS: Palo Alto Networks Prisma Access: