SSRF in Palo Alto Networks Cloud Ngfw

CVE-2026-0258

A server-side request forgery (SSRF) vulnerability in the IKEv2 implementation of Palo Alto Networks PAN-OS® software allows an unauthenticated attacker to cause the firewall to send network requests to unintended destinations or cause a d…

Vulnerability class: SSRF (Server-Side Request Forgery)

EPSS: 0.001 (20.4th percentile) — read the EPSS interpretation.

Affected products

Palo Alto Networks Cloud Ngfw — versions All
Palo Alto Networks Pan-os — versions 12.1.0, 11.2.0, 11.1.0
Palo Alto Networks Prisma Access — versions All

Weakness classification (CWE)

CWE-918 — Server-Side Request Forgery (SSRF)

References

psirt@paloaltonetworks.com (vendor-advisory)