CVE-2026-0256EPSS p19.5%

CVE-2026-0256CVE-2026-0256

Description

A stored cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS® software enables a malicious authenticated administrator to store a JavaScript payload using the web interface. This issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series). Cloud NGFW and Prisma® Access are not impacted by this vulnerability.

Scoring

EPSS0.28% probability of exploitation · percentile 19.5% · 2026-06-19T12:03:05Z
Last modified2026-06-09

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-0266
CVE
Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability
CVE
Palo Alto Networks PAN-OS Authentication Bypass Vulnerability
CVE
CVE-2026-0261
CVE
CVE-2026-0273
CVE
CVE-2026-0264
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.