PAN-OS: Heap-Based Buffer Overflow in DNS Proxy and DNS Server Allows Unauthenticated Remote Code Execution

Description

A buffer overflow vulnerability in the DNS proxy and DNS Server features of Palo Alto Networks PAN-OS® Software allows an unauthenticated attacker with network access to cause a denial of service (DoS) condition (all PAN-OS platforms except Cloud NGFW and Prisma Access) or potentially execute arbitrary code by sending specially crafted network traffic (PA-Series hardware only). Panorama, Cloud NGFW, and Prisma® Access are not impacted by this vulnerability.

Affected Products

Vendor	Product	Versions
Palo Alto Networks	Cloud NGFW	12.1.0, 11.2.0, 11.1.0, 10.2.0

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
palo alto networks	pan-os	mitre_affected	90%
palo alto networks	prisma access	mitre_affected	90%

References

https://security.paloaltonetworks.com/CVE-2026-0264(vendor-advisory)

Related News (4 articles)

Tier B

BSI Advisories20d ago

[NEU] [hoch] Palo Alto Networks PAN-OS: Mehrere Schwachstellen

→ No new info (linked only)

Tier B

CERT-FR20d ago

Multiples vulnérabilités dans les produits Palo Alto Networks (15 mai 2026)

→ No new info (linked only)

Tier C

VulDB22d ago

CVE-2026-0264 | Palo Alto Cloud NGFW/PAN-OS/Prisma Access DNS Proxy/DNS Server heap-based overflow

→ No new info (linked only)

Tier B

CCCS Canada22d ago

Palo Alto Networks security advisory (AV26-462)

→ No new info (linked only)

CVSS 3.17.5 NONE

CISA KEV❌ No

Actively exploited❌ No

Patch available

All12.1.712.1.4-h511.2.1211.2.10-h611.2.7-h1311.2.4-h1711.1.1511.1.13-h511.1.10-h2511.1.7-h611.1.6-h3211.1.4-h3310.2.18-h610.2.16-h710.2.13-h2110.2.10-h3610.2.7-h34

CWECWE-122

PublishedMay 13, 2026

Last enriched22d agov2

Trending Score5

Source articles4

Independent4

Info Completeness9/14

Missing: epss, kev, exploit, iocs, mitre_attack