PALO ALTO Security Advisory
Published Date: May 16, 2026
CVE: CVE-2026-0258
Advisory Summary
⬢ Medium Severity SSRF Vulnerability in PAN-OS IKEv2 Certificate URL Fetching
Palo Alto Networks has disclosed a Medium severity Server-Side Request Forgery (SSRF) vulnerability identified as CVE-2026-0258 affecting PAN-OS. The flaw resides in the IKEv2 certificate URL fetching process, allowing attackers to potentially manipulate internal requests via crafted server responses. This can enable unauthorized access to internal resources or metadata exposure within the security appliance’s network environment.
IT security teams managing Palo Alto firewalls or VPN gateways utilizing IKEv2 certificate authentication should prioritize applying the released patches. Ignoring this vulnerability may expose critical infrastructure to internal network reconnaissance or indirect exploitation paths via trusted components.
- Review the official advisory for impacted PAN-OS versions.
- Deploy the latest security patches released by Palo Alto Networks immediately.
- Monitor firewall logs for unusual internal request patterns.
- Assess internal network segmentation to mitigate lateral movement risks.
Maintaining prompt patching practices for infrastructure firmware like PAN-OS is essential to ensuring robust security and safeguarding enterprise environments against evolving attack vectors.
🔗
Reference: Vendor Advisory