CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2026-0288

highCVSS 7.5covered by 5 sourcesfirst seen 2026-07-08
Serial number: AV26-674 Date: July 8, 2026 On July 8, 2026, Palo Alto Networks published security advisories to address vulnerabilities in the following products: PAN-OS 12.1 – versions prior to 12.1.4-h8 PAN-OS 12.1 – versions prior to 12.1.7-h2 PAN-OS 12.1 – versions prior to 12.1.8 PAN-OS 11.2 – versions prior to 11.2.4-h20 PAN-OS 11.2 – versions prior to 11.2.7-h18 PAN-OS 11.2 – versions prior to 11.2.10-h12 PAN-OS 11.2 – versions prior to 11.2.13 PAN-OS 11.1 – versions prior to 11.1.4-h35 PAN-OS 11.1 – versions prior to 11.1.6-h35 PAN-OS 11.1 – versions prior to 11.1.7.h8 PAN-OS 11.1 – versions prior to 11.1.10-h30 PAN-OS 11.1 – versions prior to 11.1.13-h9 PAN-OS 11.1 – versions prior to 11.1.16 PAN-OS 10.2 – versions prior to 10.2.7-h36 PAN-OS 10.2 – versions prior to 10.2.10-h39 PAN-OS 10.2 – versions prior to 10.2.13-h23 PAN-OS 10.2 – versions prior to 10.2.16-h9 PAN-OS 10.2 – versions prior to 10.2.18-h8 Prisma Access 11.20.0 – versions prior to 11.2.7-h18 Prisma Access 10.2.0 – versions prior to 10.2.10-h39 Prisma Browser – versions prior to 149.10.3.53 The Cyber Centre encourages users and administrators to review the provided web links, perform the suggested mitigations, and apply the necessary updates. PAN-SA-2026-0010 Chromium: Monthly Vulnerability Update (July 2026) CVE-2026-0288 PAN-OS: Buffer Overflow Vulnerabilities in User-ID Terminal Server Agent Palo Alto Network Security Advisories

CSIRTS triage

What
Multiple vulnerabilities exist in Palo Alto products.
Who is affected
Deployments of Palo Alto products are affected.
Urgency
Remediation is necessary due to the potential for exploitation, though the severity is currently unknown.
Action
Consult Palo Alto's security advisories for patches or mitigations.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch CVE-2026-0288

Get an email if CVE-2026-0288 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.

Exploitation outlook

Advisory coverage (5)

External references

NVD record for CVE-2026-0288

CVE.org record

Embed the live status

CVE-2026-0288 live status badge — this badge updates automatically when the KEV or exploit status changes. How to embed it →

[![CVE-2026-0288 status](https://www.csirts.com/badge/CVE-2026-0288)](https://www.csirts.com/cve/CVE-2026-0288)