2.7

CVE-2026-0282

PAN-OS: File Deletion Vulnerability in Management Web Interface

A file deletion vulnerability in Palo Alto Networks PAN-OS® software enables an unauthenticated attacker with network access to the management web interface to delete files from a temporary directory.

The security risk posed by this issue is minimized by restricting access to the management web interface to only trusted internal IP addresses according to our recommended  best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .

This issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series).

Cloud NGFW and Prisma® Access are not impacted by this vulnerability.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerPalo Alto Networks
Produkt Cloud NGFW
Default Statusunaffected
Version All
Status unaffected
HerstellerPalo Alto Networks
Produkt PAN-OS
Default Statusunaffected
Version 12.1.0
Version < 12.1.8
Status affected
Version 11.2.0
Version < 11.2.13
Status affected
Version 11.1.0
Version < 11.1.16
Status affected
Version 10.2.0
Version < 10.2.18-h8
Status affected
HerstellerPalo Alto Networks
Produkt Prisma Access
Default Statusunaffected
Version All
Status unaffected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.36% 0.278
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
psirt@paloaltonetworks.com 2.7 0 0
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.