A file deletion vulnerability in Palo Alto Networks PAN-OS® software enables an unauthenticated attacker with network access to the management web interface to delete files from a temporary directory.

The security risk posed by this issue is minimized by restricting access to the management web interface to only trusted internal IP addresses according to our recommended best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .

This issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series).

Cloud NGFW and Prisma® Access are not impacted by this vulnerability.

Project Subscriptions

Vendors Products
Palo Alto Networks Subscribe
Cloud Ngfw Subscribe
Prisma Access Subscribe
Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Thu, 09 Jul 2026 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Palo Alto Networks cloud Ngfw
Palo Alto Networks prisma Access
Vendors & Products Palo Alto Networks cloud Ngfw
Palo Alto Networks prisma Access

Thu, 09 Jul 2026 20:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 09 Jul 2026 19:15:00 +0000

Type Values Removed Values Added
Description A file deletion vulnerability in Palo Alto Networks PAN-OS® software enables an unauthenticated attacker with network access to the management web interface to delete files from a temporary directory. The security risk posed by this issue is minimized by restricting access to the management web interface to only trusted internal IP addresses according to our recommended best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . This issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series). Cloud NGFW and Prisma® Access are not impacted by this vulnerability.
Title PAN-OS: File Deletion Vulnerability in Management Web Interface
First Time appeared Palo Alto Networks
Palo Alto Networks pan-os
Weaknesses CWE-20
CPEs cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*
cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*
cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:*:*:*:*:*:*:*
cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:*
cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:*
cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:*:*:*:*:*:*:*
cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:*
cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:*
cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:*:*:*:*:*:*:*
cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:*
cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:*:*:*:*:*:*:*
cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*
cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*
cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*
cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:*
cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*
cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*
cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:*:*:*:*:*:*:*
cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:*
cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:*
cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*
cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:*:*:*:*:*:*:*
cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:*
cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:*
cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:*:*:*:*:*:*:*
cpe:2.3:o:palo_alto_networks:pan-os:11.1.14:*:*:*:*:*:*:*
cpe:2.3:o:palo_alto_networks:pan-os:11.1.15:*:*:*:*:*:*:*
cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*
cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:*
cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:*
cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:*:*:*:*:*:*:*
cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:*
cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:*:*:*:*:*:*:*
cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:*
cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:*
cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*
cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:*:*:*:*:*:*:*
cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:*
cpe:2.3:o:palo_alto_networks:pan-os:11.2.12:*:*:*:*:*:*:*
cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*
cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:*
cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:*
cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:*:*:*:*:*:*:*
cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:*
cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:*
cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:*:*:*:*:*:*:*
cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:*
cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:*
cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:*
cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:*
cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:*:*:*:*:*:*:*
cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:*
cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:*
cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:*:*:*:*:*:*:*
Vendors & Products Palo Alto Networks
Palo Alto Networks pan-os
References
Metrics cvssV4_0

{'score': 1.2, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber'}


Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: palo_alto

Published:

Updated: 2026-07-09T19:24:40.688Z

Reserved: 2025-11-03T20:44:41.184Z

Link: CVE-2026-0282

cve-icon Vulnrichment

Updated: 2026-07-09T19:24:37.377Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-09T20:30:04Z

Weaknesses