Summary
Key Points:
- CVE-2026-0264 is a heap-based buffer overflow vulnerability in the DNS proxy and DNS Server features of Palo Alto Networks PAN-OS, allowing unauthenticated remote code execution on PA-Series hardware.
- The vulnerability can lead to denial of service (DoS) for all PAN-OS platforms except Cloud NGFW and Prisma Access, with a higher risk of arbitrary code execution if the interface is exposed to untrusted networks.
- To mitigate this risk, customers should enable Threat ID 510027 from Applications and Threats content version 9100-10044 and later.
Technical Details: This vulnerability has a CVSS score of 9.2, indicating high severity. Attackers can exploit it by sending specially crafted network traffic to affected PAN-OS firewalls.
MITRE ATT&CK Techniques: None mentioned
IOCs Mentioned: None mentioned
Join the discussion — sign up to comment, upvote, and save articles.