What is CVE-2026-0265?

CVE-2026-0265 is a vulnerability in Palo Alto Networks Cloud Ngfw, classified under Improper Verification of Cryptographic Signature. Published 2026-05-13.

Is CVE-2026-0265 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Palo Alto Networks Cloud Ngfw

CVE-2026-0265

An authentication bypass vulnerability in Palo Alto Networks PAN-OS® software enables an unauthenticated attacker with network access to bypass authentication controls when Cloud Authentication Service (CAS) is enabled. The risk is high…

EPSS: 0.001 (15.8th percentile) — read the EPSS interpretation.

Affected products

Palo Alto Networks Cloud Ngfw — versions All
Palo Alto Networks Pan-os — versions 12.1.0, 11.2.0, 11.1.0
Palo Alto Networks Prisma Access — versions All

Weakness classification (CWE)

CWE-347 — Improper Verification of Cryptographic Signature

Public proof-of-concept exploits

References

psirt@paloaltonetworks.com (vendor-advisory)

Frequently asked questions

What is CVE-2026-0265?: CVE-2026-0265 is a vulnerability in Palo Alto Networks Cloud Ngfw, classified under Improper Verification of Cryptographic Signature. Published 2026-05-13.
Is CVE-2026-0265 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.