Cloud ngfw

This hub aggregates every CVE we track for Cloud ngfw, a product in the security products space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Cloud ngfw.

• CVE-2026-0273PAN-OS: Authenticated Admin Command Injection Vulnerability via CLI or Web UI7.2Jun 10, 2026
• CVE-2026-0256PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the Web Interface5.2May 13, 2026
• CVE-2026-0257PAN-OS: GlobalProtect Authentication Bypass VulnerabilitiesKEV9.1May 13, 2026
• CVE-2026-0258PAN-OS: Server-Side Request Forgery (SSRF) in IKEv2 Certificate URL Fetching8.2May 13, 2026
• CVE-2026-0261PAN-OS: Authenticated Admin Command Injection Vulnerability7.2May 13, 2026
• CVE-2026-0262PAN-OS: Denial of Service Vulnerabilities in Network Traffic Parsing7.5May 13, 2026
• CVE-2026-0263PAN-OS: Remote Code Execution (RCE) in IKEv2 Processing9.0May 13, 2026
• CVE-2026-0264PAN-OS: Heap-Based Buffer Overflow in DNS Proxy and DNS Server Allows Unauthenticated Remote Code Execution9.0May 13, 2026
• CVE-2026-0265PAN-OS: Authentication Bypass with Cloud Authentication Service (CAS) enabled9.8May 13, 2026
• CVE-2026-0300PAN-OS: Unauthenticated user initiated Buffer Overflow Vulnerability in User-ID™ Authentication PortalKEV9.8May 6, 2026
• CVE-2026-0229PAN-OS: Denial of Service in Advanced DNS Security Feature7.5Feb 11, 2026
• CVE-2026-0228PAN-OS: Improper Validation of Terminal Server Agent Certificate4.3Feb 11, 2026
• CVE-2026-0227PAN-OS: Firewall Denial of Service (DoS) in GlobalProtect Gateway and Portal7.5Jan 15, 2026
• CVE-2025-4619PAN-OS: Firewall Denial of Service (DoS) Using Specially Crafted Packets4.3Nov 13, 2025
• CVE-2025-4615PAN-OS: Improper Neutralization of Input in the Management Web Interface7.2Oct 9, 2025