Exposures › CVE-2026-0284
Palo Alto Networks PAN-OS suffered a critical unauthenticated XML injection vulnerability in LSVPN that could corrupt satellite data.
CVE-2026-0284 allows an unauthenticated attacker with network access to inject malicious XML into Palo Alto Networks PAN-OS Large Scale VPN, potentially corrupting internal satellite data. DIB orgs must patch PAN-OS immediately to prevent data integrity failures in critical infrastructure, as this is a critical severity vulnerability that could disrupt secure communications.
Shame score — A critical unauthenticated vulnerability in a widely deployed security product that could corrupt satellite data, though not yet actively exploited or linked to ransomware.
An XML injection vulnerability in the Large Scale VPN (LSVPN) functionality of Palo Alto Networks PAN-OS® software enables an unauthenticated attacker with network access to inject malicious XML content, potentially leading to information disclosure or corruption of internal LSVPN satellite data. Panorama, Cloud NGFW, and Prisma® Access are not impacted by this vulnerability.
No correlated FedRAMP products.