CVE-2026-0288 – Palo Alto Networks Cloud NGFW
“A network service exposed beyond trusted boundaries can quickly become an attack path.”
This security update addresses a high-severity buffer overflow vulnerability affecting the User-ID Terminal Server Agent (TSA) component used with Palo Alto Networks Cloud NGFW. An unauthenticated attacker with network access could send specially crafted traffic to trigger a denial-of-service condition or potentially execute arbitrary code. The update eliminates this attack path and strengthens the security of the TSA component.
CVE-2026-0288 has a CVSS score of 7.2, which is High severity. No verified real-world exploitation or public proof-of-concept has been confirmed for this vulnerability. The security risk is significantly reduced when User-ID Terminal Server Agent connectivity is limited to trusted internal IP addresses. Panorama is not affected.
Key Details
- Affected Product
- Paloaltonetworks Pan-os
- Attack Vector
- Network
- Attack Complexity
- Low
- Privileges Required
- None
- User Interaction
- None
- CWE Classification
- CWE-787