OTPulse

PAN-OS: Privilege Escalation (PE) Vulnerability in the Command Line Interface (CLI)

Plan PatchCVSS 8.5CVE-2026-0272Jun 10, 2026
Palo Alto Networks
IT in OT - Palo Alto firewalls are commonly deployed at IT/OT network boundaries
Summary

A privilege escalation vulnerability in PAN-OS and Prisma Access allows an authenticated administrator with CLI access to execute commands with root privileges, bypassing normal role-based access controls. The vulnerability affects PAN-OS on PA-Series and VM-Series firewalls and Panorama systems. Cloud NGFW and Prisma Access cloud platform are not impacted. The risk is minimized when CLI access is restricted to a limited group of administrators and management interface access is limited to trusted internal IP addresses.

What this means
What could happen
An authenticated administrator with CLI access could escalate their privileges to root and perform unrestricted actions on the firewall, potentially altering security policies, routing, or blocking legitimate traffic that the device is protecting.
Who's at risk
Palo Alto Networks firewall administrators managing PA-Series, VM-Series, or Panorama devices. Organizations using PAN-OS or Prisma Access for network security should review their management access controls to limit exposure, particularly for utilities and critical infrastructure where firewall misconfigurations could disrupt network segmentation protecting operational systems.
How it could be exploited
An attacker with valid administrator credentials and access to the CLI interface could issue commands that execute with root-level privileges, bypassing normal administrative role-based access controls.
Prerequisites
  • Valid administrator credentials for the firewall
  • Network access to the firewall management interface (typically port 443 or SSH port 22)
  • Ability to authenticate to the CLI
Requires valid administrator credentials (internal threat)Access to management interface neededLow complexity exploitationAffects security appliance with access to critical network segments
Exploitability
Unlikely to be exploited — EPSS score 0.2%
Affected products (6)
6 with fix
ProductAffected VersionsFix Status
PAN-OSBelow 12.1.4-h712.1.4-h7+
PAN-OSBelow 12.1.512.1.5+
Prisma AccessBelow 11.2.4-h1811.2.4-h18+
Prisma AccessBelow 11.2.7-h1611.2.7-h16+
Prisma AccessBelow 11.2.10-h911.2.10-h9+
Prisma AccessBelow 11.2.1111.2.11+
Remediation & Mitigation
0/5
Do now
0/2
HARDENINGRestrict management interface access to trusted internal IP addresses only using access control rules or firewall rules on upstream network devices
HARDENINGLimit CLI access to a minimal set of trusted administrators and review administrator accounts regularly
Schedule — requires maintenance window
0/2

Patching may require device reboot — plan for process interruption

PAN-OS
HOTFIXUpdate PAN-OS to version 12.1.4-h7 or later (12.1.x branch) or version 12.1.5 or later (newer branches)
Prisma Access
HOTFIXUpdate Prisma Access to version 11.2.4-h18 or later, 11.2.7-h16 or later, 11.2.10-h9 or later, or 11.2.11 or later depending on your current branch
Long-term hardening
0/1
HARDENINGImplement multi-factor authentication for management interface access if available
View full vendor advisory
API: /api/v1/advisories/d37fb0a5-8c60-4746-bb55-a54d74468634

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.