topic I have a question CVE-2026-0256 PAN-OS in VM-Series in the Public Cloud https://live.paloaltonetworks.com/t5/vm-series-in-the-public-cloud/i-have-a-question-cve-2026-0256-pan-os/m-p/1254138#M2454 <PRE id="tw-target-text" class="tw-data-text tw-text-large tw-ta" dir="ltr" tabindex="-1" role="text" aria-label="번역된 텍스트: Hello. I have a question regarding this vulnerability. The vulnerability description states that a malicious authenticated administrator could save a payload via XSS. If that is the case, wouldn't the vulnerability itself be fine as long as the Permitted IP is properly configured? However, I do not quite understand why the suggested solution involves changing the service root and resolving the issue through a TP license, so I am asking this question. To put it simply, I would like to ask if I do not need to update the OS if a Public IP is not assigned to the MGT and the Administrator ID is configured correctly." data-ved="2ahUKEwjmr9n16L-UAxVMV-sIHcIXExwQ3ewLegQIDRAV" data-placeholder="번역">&nbsp;</PRE> <P>Hello.</P> <P>I have a question regarding this vulnerability. The vulnerability description states that a malicious authenticated administrator could save a payload via XSS. If that is the case, wouldn't the vulnerability itself be fine as long as the Permitted IP is properly configured? However, I do not quite understand why the suggested solution involves changing the service root and resolving the issue through a TP license, so I am asking this question.</P> <P>To put it simply, I would like to ask if I do not need to update the OS if a Public IP is not assigned to the MGT and the Administrator ID is configured correctly.</P> Sun, 17 May 2026 07:43:28 GMT JiHwanHam 2026-05-17T07:43:28Z I have a question CVE-2026-0256 PAN-OS https://live.paloaltonetworks.com/t5/vm-series-in-the-public-cloud/i-have-a-question-cve-2026-0256-pan-os/m-p/1254138#M2454 <PRE id="tw-target-text" class="tw-data-text tw-text-large tw-ta" dir="ltr" tabindex="-1" role="text" aria-label="번역된 텍스트: Hello. I have a question regarding this vulnerability. The vulnerability description states that a malicious authenticated administrator could save a payload via XSS. If that is the case, wouldn't the vulnerability itself be fine as long as the Permitted IP is properly configured? However, I do not quite understand why the suggested solution involves changing the service root and resolving the issue through a TP license, so I am asking this question. To put it simply, I would like to ask if I do not need to update the OS if a Public IP is not assigned to the MGT and the Administrator ID is configured correctly." data-ved="2ahUKEwjmr9n16L-UAxVMV-sIHcIXExwQ3ewLegQIDRAV" data-placeholder="번역">&nbsp;</PRE> <P>Hello.</P> <P>I have a question regarding this vulnerability. The vulnerability description states that a malicious authenticated administrator could save a payload via XSS. If that is the case, wouldn't the vulnerability itself be fine as long as the Permitted IP is properly configured? However, I do not quite understand why the suggested solution involves changing the service root and resolving the issue through a TP license, so I am asking this question.</P> <P>To put it simply, I would like to ask if I do not need to update the OS if a Public IP is not assigned to the MGT and the Administrator ID is configured correctly.</P> Sun, 17 May 2026 07:43:28 GMT https://live.paloaltonetworks.com/t5/vm-series-in-the-public-cloud/i-have-a-question-cve-2026-0256-pan-os/m-p/1254138#M2454 JiHwanHam 2026-05-17T07:43:28Z