Palo Alto Networks Releases Security Advisory for an Authentication Bypass Vulnerability in PAN‑OS

Successful exploitation of CVE-2026-0265 could allow an unauthenticated attacker with network access to bypass authentication controls when Cloud Authentication Service (CAS) is enabled

Threat ID:: CC-4787
Threat Severity:: Medium
Published:: 20 May 2026 3:47 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Successful exploitation of CVE-2026-0265 could allow an unauthenticated attacker with network access to bypass authentication controls when Cloud Authentication Service (CAS) is enabled

Affected platforms

The following platforms are known to be affected:

Palo Alto Networks PAN-OS

PAN-OS 12.1

All prior to 12.1.4-h5
All prior to 12.1.7

PAN-OS 11.2

All prior to 11.2.4-h17
All prior to 11.2.7-h13
All prior to 11.2.10-h6
All prior to 11.2.12

PAN-OS 11.1

All prior to 11.1.4-h33
All prior to 11.1.6-h32
All prior to 11.1.7-h6
All prior to 11.1.10-h25
All prior to 11.1.13-h5
All prior to 11.1.15

PAN-OS 10.2

All prior to 10.2.7-h34
All prior to 10.2.10-h36
All prior to 10.2.13-h21
All prior to 10.2.16-h7
All prior to 10.2.18-h6

Note: PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series) are impacted by this vulnerability.

Note: Prisma Access and Cloud NGFW are not impacted by this vulnerability.

Threat details

Introduction

Palo Alto Networks has released a security advisory to address a vulnerability in the Palo Alto Networks PAN-OS software. Successful exploitation could allow an unauthenticated attacker with network access to bypass authentication controls when Cloud Authentication Service (CAS) is enabled.

CVE-2026-0265 - "Authentication Bypass" vulnerability.

Note: The risk is higher if CAS is enabled on the management interface and lower when any other login interfaces are used.

Technical write up for CVE‑2026‑0265 to follow

Security researchers are intending to release a technical writeup for CVE-2026-0265 in the coming days which is likely to contain a proof-of-concept exploit. The NHS England National CSOC assesses exploitation as highly likely following public disclosure of technical details.

Remediation advice

Affected organisations are encouraged to review the Palo Alto Networks security advisory and apply relevant patches as soon as possible.

Definitive source of threat updates

https://security.paloaltonetworks.com/CVE-2026-0265

CVE Vulnerabilities

Status Published

CVE-2026-0265

An authentication bypass vulnerability in Palo Alto Networks PAN-OS® software enables an unauthenticated attacker with network access to bypass authentication controls when Cloud Authentication Service (CAS) is enabled. The risk is higher if CAS is enabled on the management interface and lower when any other login interfaces are used. The risk of this issue is greatly reduced if you secure access to the management web interface by restricting access to only trusted internal IP addresses according to our recommended best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . This issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series). Cloud NGFW and Prisma Access® are not impacted by this vulnerability.

Last edited: 20 May 2026 3:47 pm