VDB
GCVE-110-NCSC-2026-227
GCVE-110-NCSC-2026-227
Advisory PublishedCVSS 7.5/10
An information disclosure vulnerability in Palo Alto Networks PAN-OS allows unauthenticated attackers with network access to the management web interface to obtain web session tokens if a legitimate user clicks a malicious link, affecting PA-Series, VM-Series firewalls, and Panorama.
Weaknesses (CWE)
CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')CWE-131Incorrect Calculation of Buffer SizeCWE-524Use of Cache Containing Sensitive InformationCWE-306Missing Authentication for Critical FunctionCWE-918Server-Side Request Forgery (SSRF)CWE-78Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')CWE-754Improper Check for Unusual or Exceptional ConditionsCWE-787Out-of-bounds Write
Risk Scores
CVSS 3.1
7.5/10
High · CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Palo Alto Networks | vers:unknown/* | — | — |
Browse GCVE Records
73,834 records in the GCVE database · Updated July 19, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.