XSS in Palo Alto Networks Cloud Ngfw

CVE-2026-0279

Multiple cross site scripting vulnerabilities in the User-ID™ Authentication Portal (aka Captive Portal) service, GlobalProtect™ gateway/portal features and Clientless VPN of Palo Alto Networks PAN-OS® software enables a malicious unauthen…

Vulnerability class: XSS (Cross-Site Scripting)

Affected products

Weakness classification (CWE)

References