Volerion logoVolerion
Volerion logoVolerion

Palo Alto Networks WildFire WF-500 and WF-500-B Appliances Arbitrary File Read and Delete Vulnerability

Vulnerability

A vulnerability allowing arbitrary file read and delete actions has been identified in Palo Alto Networks WildFire WF-500 and WF-500-B appliances. This issue arises in the default non-FIPS configuration mode and enables users to access sensitive information and remove arbitrary files. Notably, this vulnerability does not affect customers using the WildFire Public cloud service.

Impact

Exploitation of this vulnerability allows users to read sensitive files and delete files at will on the affected WildFire appliances.

Remediation

Users can upgrade to WildFire WF-500 and WF-500-B version 12.1.7 or later, 11.2.12 or later, or 10.2.18-h6 or later, depending on their current version. For airgapped deployments, it is recommended to restrict access to trusted internal IP addresses. Customers with a Threat Prevention subscription can block attacks targeting this vulnerability by enabling Threat ID 510010, which requires SSL Decryption.

Added: May 13, 2026, 9:00 PM
Updated: May 13, 2026, 9:00 PM

Vulnerability Rating

Custom Algorithm
spread
0.3
impact
5.0
exploitability
4.9
remediation
8.3
relevance
8.2
threat
0.0
urgency
5.7
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.