Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
Critical GhostApproval Flaw in Amazon Q, Claude, Cursor Exposes AI Agents
July 9, 2026
Palo Alto Networks Patches Critical PAN-OS Vulnerability CVE-2024-3400 for RCE
July 9, 2026
Accenture Confirms Data Breach, Stolen Source Code
July 9, 2026
Home/CyberSecurity News/Palo Alto Networks Patches Critical PAN-OS Vulnerability CVE-2024-3400 for RCE
CyberSecurity News

Palo Alto Networks Patches Critical PAN-OS Vulnerability CVE-2024-3400 for RCE

Key Takeaways Palo Alto Networks has addressed a critical vulnerability, CVE-2026-0288, in its PAN-OS. The flaw, rated 9.2 CVSS-B, could enable unauthenticated remote code execution or...

Emy Elsamnoudy
Emy Elsamnoudy
July 9, 2026 3 Min Read
3 0

Key Takeaways

  • Palo Alto Networks has addressed a critical vulnerability, CVE-2026-0288, in its PAN-OS.
  • The flaw, rated 9.2 CVSS-B, could enable unauthenticated remote code execution or denial-of-service.
  • Affected systems include various PAN-OS branches and specific Prisma Access versions, but only if the User-ID Terminal Server Agent (TSA) is configured.
  • Patches are available across multiple hotfix branches, and immediate application is strongly recommended.
  • No active exploitation has been observed to date, but the vendor has assigned the highest urgency rating.

Palo Alto Networks PAN-OS Vulnerability Addressed

Palo Alto Networks has issued a critical security advisory concerning a severe vulnerability within its PAN-OS software. The flaw, identified as CVE-2026-0288, has the potential to allow threat actors to execute arbitrary code remotely or trigger a denial-of-service condition without requiring authentication, simply by sending specially crafted network traffic to susceptible devices.

Table Of Content

  • Key Takeaways
  • Palo Alto Networks PAN-OS Vulnerability Addressed
  • Technical Details and Impact
  • Affected Versions
  • Remediation and Mitigation
  • What You Should Do

This high-severity issue has been assigned a CVSS-B score of 9.2 (HIGH, CVSS-BT: 7.2) and has received the highest urgency rating from the vendor. The core problem lies in multiple buffer overflow vulnerabilities within the User-ID Terminal Server Agent (TSA) component of PAN-OS.

Technical Details and Impact

Exploitation of CVE-2026-0288 is possible for an attacker with network access to the TSA IP address and port. No authentication or user interaction is required. Successful exploitation could lead to memory corruption, potentially resulting in remote code execution or a crash of the affected service. It is crucial to note that only devices with at least one Terminal Server Agent entry configured under Device > User Identification > Terminal Server Agents are vulnerable. Panorama appliances are not affected, nor is Cloud NGFW on AWS.

Affected Versions

The vulnerability impacts several PAN-OS branches, including:

  • PAN-OS 12.1: versions prior to 12.1.4-h8, 12.1.7-h2, or 12.1.8
  • PAN-OS 11.2: versions prior to 11.2.4-h20, 11.2.7-h18, 11.2.10-h12, or 11.2.13
  • PAN-OS 11.1: versions prior to 11.1.4-h35 through 11.1.16 (encompassing multiple hotfix branches)
  • PAN-OS 10.2: versions prior to 10.2.7-h36 through 10.2.18-h8
  • Prisma Access 11.2.0 and 10.2.0 (rated MEDIUM severity for Prisma Access due to additional authentication requirements)

Palo Alto Networks notes that the overall risk severity depends significantly on exposure. Devices with TSA exposed to the internet or untrusted networks face the highest severity (CVSS-B 9.2). Conversely, systems where TSA access is restricted to trusted internal IP addresses experience a reduced risk, with a CVSS-B score of 7.7. The vendor has stated that, as of their advisory, they are unaware of any active exploitation attempts targeting this vulnerability.

Remediation and Mitigation

Palo Alto Networks strongly advises organizations to apply patches immediately across all affected branches. Specific fixed versions vary by minor release, and a comprehensive solution table is available in the official advisory. For Prisma Access customers, upgrades will be deployed during scheduled maintenance cycles, though on-demand upgrades can be requested via support channels.

As an immediate interim mitigation strategy, organizations should restrict User-ID Terminal Server Agent connectivity to only trusted internal IP addresses. This aligns with Palo Alto Networks’ best-practice deployment guidelines and significantly reduces the attack surface even before patches are fully applied.

The discovery of this vulnerability is credited to security researcher Liang Zhu. Given the unauthenticated, network-based attack vector, low complexity, and lack of required privileges, organizations with exposed TSA configurations must prioritize patching without delay.

What You Should Do

  • Apply Patches Immediately: Upgrade all affected PAN-OS devices to the specified patched versions as soon as possible. Refer to the official Palo Alto Networks advisory for a complete list of fixed releases.
  • Restrict TSA Access: Ensure that User-ID Terminal Server Agent connectivity is strictly limited to trusted internal IP addresses, adhering to Palo Alto Networks’ best practices.
  • Monitor for Updates: Stay informed on any further advisories or updates from Palo Alto Networks regarding this vulnerability.
  • Review Network Segmentation: Evaluate network segmentation strategies to minimize exposure of critical services like TSA to untrusted networks.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

AttackCVEExploitPatchSecurityVulnerability

Share Article

Emy Elsamnoudy

Emy Elsamnoudy

Emy is a cybersecurity analyst and reporter specializing in threat hunting, defense strategies, and industry trends. With expertise in proactive security measures, Emily covers the tools and techniques organizations use to detect and prevent cyber attacks. She is a regular speaker at security conferences and has contributed to industry reports on threat intelligence and security operations. Emily's reporting focuses on helping organizations improve their security posture through practical, actionable insights.

Previous Post

Accenture Confirms Data Breach, Stolen Source Code

Next Post

Critical GhostApproval Flaw in Amazon Q, Claude, Cursor Exposes AI Agents

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
PromptSpy Android Malware Leverages Google Gemini for Adaptive Attacks
July 8, 2026
ClickFix Phishing Campaign Targets Mexican Bank Customers With Fake Google Verification
July 8, 2026
Lurking Lizard Malware Creates Proxy Nodes via Fake 7-Zip Installers
July 8, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Jennifer sherman
Jennifer sherman
David kimber
David kimber
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Attacks

ClickFix Attack Hides Malicious Code via Stegan Security

January 1, 2026
Sarah simpson
By Sarah simpson
Vulnerabilities

MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Breaches

Conti Ransomware Gang Leaders & Infrastructure Exposed

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us