https://live.paloaltonetworks.com/t5/general-topics/upgrading-from-10-2-9-h1/m-p/1256305#M126594 <P>Hello,</P> <P class="isSelectedEnd"><SPAN>We currently have two PA-3410 firewalls configured in HA, running PAN-OS 10.2.9-h1.</SPAN></P> <P class="isSelectedEnd"><SPAN>We are planning to upgrade to the preferred release PAN-OS 10.2.16-h6. However, after reviewing the security advisories, it appears that this version does not fully mitigate some vulnerabilities, including CVE-2026-0257.</SPAN></P> <P class="isSelectedEnd"><SPAN>Would it be advisable to upgrade directly to PAN-OS 10.2.16-h8 instead of 10.2.16-h6 to ensure all known CVEs are addressed? Has anyone encountered any issues or concerns with 10.2.16-h8 in a production HA environment?</SPAN></P> <P><SPAN>Any recommendations would be appreciated.</SPAN></P> <P>&nbsp;</P> <P><SPAN>Thanks</SPAN></P> Sun, 14 Jun 2026 11:52:04 GMT mmarie 2026-06-14T11:52:04Z https://live.paloaltonetworks.com/t5/general-topics/upgrading-from-10-2-9-h1/m-p/1256305#M126594 <P>Hello,</P> <P class="isSelectedEnd"><SPAN>We currently have two PA-3410 firewalls configured in HA, running PAN-OS 10.2.9-h1.</SPAN></P> <P class="isSelectedEnd"><SPAN>We are planning to upgrade to the preferred release PAN-OS 10.2.16-h6. However, after reviewing the security advisories, it appears that this version does not fully mitigate some vulnerabilities, including CVE-2026-0257.</SPAN></P> <P class="isSelectedEnd"><SPAN>Would it be advisable to upgrade directly to PAN-OS 10.2.16-h8 instead of 10.2.16-h6 to ensure all known CVEs are addressed? Has anyone encountered any issues or concerns with 10.2.16-h8 in a production HA environment?</SPAN></P> <P><SPAN>Any recommendations would be appreciated.</SPAN></P> <P>&nbsp;</P> <P><SPAN>Thanks</SPAN></P> Sun, 14 Jun 2026 11:52:04 GMT https://live.paloaltonetworks.com/t5/general-topics/upgrading-from-10-2-9-h1/m-p/1256305#M126594 mmarie 2026-06-14T11:52:04Z