CVE-2026-0288 – Palo Alto Networks Cloud NGFW

CVSS 7.5 IMPORTANT High with EoP or RCE – Expedited Deployment

“A network service exposed beyond trusted boundaries can quickly become an attack path.”

This security update addresses a high-severity buffer overflow vulnerability affecting the User-ID Terminal Server Agent (TSA) component used with Palo Alto Networks Cloud NGFW. An unauthenticated attacker with network access could send specially crafted traffic to trigger a denial-of-service condition or potentially execute arbitrary code. The update eliminates this attack path and strengthens the security of the TSA component.

CVE-2026-0288 has a CVSS score of 7.2, which is High severity. No verified real-world exploitation or public proof-of-concept has been confirmed for this vulnerability. The security risk is significantly reduced when User-ID Terminal Server Agent connectivity is limited to trusted internal IP addresses. Panorama is not affected.

Key Details

Affected Product
Paloaltonetworks Pan-os
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
CWE Classification
CWE-787
Patch this CVE on all your endpoints in under 5 minutes. First 200 endpoints are free forever, scale as needed.