VDB

GCVE-110-NCSC-2026-227

GCVE-110-NCSC-2026-227
Advisory PublishedCVSS 7.5/10
Vulnetix · Advisory published July 13, 2026
An information disclosure vulnerability in Palo Alto Networks PAN-OS allows unauthenticated attackers with network access to the management web interface to obtain web session tokens if a legitimate user clicks a malicious link, affecting PA-Series, VM-Series firewalls, and Panorama.

Weaknesses (CWE)

CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')CWE-131Incorrect Calculation of Buffer SizeCWE-524Use of Cache Containing Sensitive InformationCWE-306Missing Authentication for Critical FunctionCWE-918Server-Side Request Forgery (SSRF)CWE-78Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')CWE-754Improper Check for Unusual or Exceptional ConditionsCWE-787Out-of-bounds Write

Risk Scores

CVSS 3.1
7.5/10
High · CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

VendorProductVersionsPlatforms
Palo Alto Networksvers:unknown/*

References

advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory

Browse GCVE Records

73,834 records in the GCVE database · Updated July 19, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›