Auth Bypass in Palo Alto PAN-OS LSVPN
CVE-2026-0283 Published on July 9, 2026
PAN-OS: Authentication Bypass Vulnerability in Large Scale VPN (LSVPN)
An authentication bypass vulnerability in Large Scale VPN ( LSVPN) functionality of Palo Alto Networks PAN-OS software allows an attacker with network access to bypass security restrictions and establish an unauthorized site-to-site VPN connection.
Panorama, Cloud NGFW, and Prisma® Access are not impacted by this vulnerability.
Timeline
Initial publication
Weakness Type
Missing Authentication for Critical Function
The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Products Associated with CVE-2026-0283
Want to know whenever a new CVE is published for Palo Alto Networks PAN-OS? stack.watch will email you.
Affected Versions
Palo Alto Networks Cloud NGFW:- Version All is unaffected.
- Version 12.1.0 and below 12.1.8 is affected.
- Version 11.2.0 and below 11.2.13 is affected.
- Version 11.1.0 and below 11.1.16 is affected.
- Version 10.2.0 and below 10.2.18-h8 is affected.
- Version All is unaffected.