CVE-2026-0256

N/A Unknown

Published: May 13, 2026 Modified: June 09, 2026

Description

A stored cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS® software enables a malicious authenticated administrator to store a JavaScript payload using the web interface. This issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series). Cloud NGFW and Prisma® Access are not impacted by this vulnerability.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

https://security.paloaltonetworks.com/CVE-2026-0256

Source: psirt@paloaltonetworks.com

https://cert-portal.siemens.com/productcert/html/ssa-967325.html

Source: 0b142b55-0307-4c5a-b3c9-f314f3fb7c5e

2 reference(s) from NVD

Quick Stats

CVSS v3 Score

N/A / 10.0

EPSS (Exploit Probability)

0.3%

20th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-79

Related CVEs

CVE-2026-58000 8.8

CVE-2026-57999 8.8

CVE-2026-53428 N/A

CVE-2026-53427 N/A

CVE-2026-13757 6.2