Palo Alto Networks PAN-OS
Easy fix19 remedies
cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*
Easy fix19 remedies
- >= 12.1.4, < 12.1.4-h5
- >= 11.2.4, < 11.2.4-h17
- >= 11.1.4, < 11.1.4-h33
- >= 10.2.4, < 10.2.4-h44
Palo Alto Networks PAN-OS Authentication Bypass Vulnerability with Cloud Authentication Service Enabled
Vulnerability
Patched
A vulnerability allowing authentication bypass has been identified in Palo Alto Networks PAN-OS software. This issue arises when Cloud Authentication Service (CAS) is enabled, allowing an unauthenticated attacker with network access to bypass authentication controls. The vulnerability is more critical if CAS is active on the management interface, and less so on other login interfaces. Firewalls and Panorama versions prior to 12.1.4-h5, 11.2.4-h17, 11.1.4-h33, and 10.2.4 are affected. Cloud NGFW and Prisma Access are not impacted.
Impact
Exploitation of this vulnerability allows for authentication bypass, enabling unauthorized access to systems or services that rely on the affected authentication mechanisms.
Remediation
Users can upgrade to PAN-OS 12.1.7 or later, 11.2.12 or later, 11.1.15 or later, or 10.2.18-h6 or later, depending on their current version. For those with a Threat Prevention subscription, Threat ID 510008 can be activated to block potential exploitation.
Added: May 13, 2026, 7:55 PM
Updated: May 13, 2026, 7:55 PM
Vulnerability Rating
Custom Algorithm
spread
5.7impact
5.0exploitability
6.3remediation
8.3relevance
8.2threat
0.0urgency
10.0incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.