Palo Alto PAN-OS Buffer Overflow Flaws Could Let Attackers Execute Code
Palo Alto Networks has disclosed multiple buffer overflow vulnerabilities in the User-ID Terminal Server Agent (TSA) component of PAN-OS. Tracked as CVE-2026-0288, it could allow unauthenticated attac

Palo Alto Networks has disclosed multiple buffer overflow vulnerabilities in the User-ID Terminal Server Agent (TSA) component of PAN-OS. Tracked as CVE-2026-0288, it could allow unauthenticated attackers to trigger denial-of-service conditions or potentially execute arbitrary code. The vendor has assigned this flaw its HIGHEST urgency rating with a CVSS-B score of 9.2 (CVSS-BT: 7.2, HIGH). […] The post Palo Alto PAN-OS Buffer Overflow Flaws Could Let Attackers Execute Code appeared first on Cyber Security News.
Palo Alto Networks has disclosed multiple buffer overflow vulnerabilities in the User-ID Terminal Server Agent (TSA) component of PAN-OS. Tracked as CVE-2026-0288, it could allow unauthenticated attackers to trigger denial-of-service conditions or potentially execute arbitrary code. The vendor has assigned this flaw its HIGHEST urgency rating with a CVSS-B score of 9.2 (CVSS-BT: 7.2, HIGH). The flaw stems from a CWE-787 Out-of-bounds Write weakness in how the TSA processes network traffic. An attacker with network access to the TSA IP and port can send specially crafted packets to corrupt memory, without requiring authentication or user interaction. Palo Alto PAN-OS Buffer Overflow Flaws Palo Alto Networks confirmed that Panorama is not impacted, and the issue only affects devices with at least one Terminal Server Agent entry configured under Device > User Identification > Terminal Server Agents. The severity escalates sharply when TSA access is exposed to the internet or untrusted networks (CVSS-B 9.2) versus when restricted to trusted internal segments (CVSS-B 7.7). Prisma Access deployments carry comparatively lower risk since exploitation requires an authenticated user and external TSA access is already restricted. Affected Versions The vulnerability affects PAN-OS 10.2, 11.1, 11.2, and 12.1 branches, as well as Prisma Access 10.2 and 11.2 (rated medium severity for Prisma Access). Cloud NGFW on Azure may be affected unless customers have been directly contacted by Palo Alto Networks; Cloud NGFW on AWS is unaffected. Fixed versions include: PAN-OS 12.1: 12.1.4-h8, 12.1.7-h2, or 12.1.8 and later PAN-OS 11.2: 11.2.4-h20, 11.2.7-h18, 11.2.10-h12, or 11.2.13 and later PAN-OS 11.1: 11.1.4-h35, 11.1.6-h35, 11.1.7-h8, 11.1.10-h30, 11.1.13-h9, or 11.1.16 and later PAN-OS 10.2: 10.2.7-h36, 10.2.10-h39, 10.2.13-h23, 10.2.16-h9, or 10.2.18-h8 and later Prisma Access 11.2/10.2: 11.2.7-h18 or 10.2.10-h39 (via scheduled or on-demand maintenance) Palo Alto Networks states it is not aware of any active exploitation of this vulnerability, and exploit maturity remains unreported. However, given the network attack vector, low complexity, and the lack of required privileges, organizations should prioritize patching. As an interim mitigation, the vendor strongly recommends restricting TSA connectivity to trusted internal IP addresses only, in accordance with its published best-practice deployment guidelines, rather than exposing the TSA IP address and port to untrusted or internet-facing networks. This significantly reduces the attack surface until patches are applied. The vulnerability was discovered and reported externally by security researcher Liang Zhu. Organizations running affected PAN-OS or Prisma Access versions should upgrade immediately, especially where TSA is configured with broader network exposure. Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google. The post Palo Alto PAN-OS Buffer Overflow Flaws Could Let Attackers Execute Code appeared first on Cyber Security News.
Join the Discussion
Comments coming soon. Follow us on social media for real-time discussions.


