05-13-2026 10:50 AM - edited 05-13-2026 10:54 AM
Edit: Palo just published the May 2026 Security Advisories (and an update 50min later) with 3 high severity CVEs. It appears that some of these were also addressed in the just released versions and those to be released on 5/28. Of particular note:
CVE-2026-0263 - Remote Code Execution in IKEv2 Processing
CVE-2026-0264 - Buffer Overflow in DNS Proxy
CVE-2026-0265 - Authentication Bypass with Cloud Authentication (no 10.2.x fixes yet)
05-13-2026 10:17 AM
Yeah, release notes on all the updates yesterday appear to just be that. Seems that documentation hasn't caught up with emergency patches yet. Patches released yesterday (along with more scheduled 5/28) are supposed to be to address critical vulnerability CVE-2026-0300, so guessing more detail wont be available until patches are out and well distributed and the vulnerability details are published.
05-13-2026 10:50 AM - edited 05-13-2026 10:54 AM
Edit: Palo just published the May 2026 Security Advisories (and an update 50min later) with 3 high severity CVEs. It appears that some of these were also addressed in the just released versions and those to be released on 5/28. Of particular note:
CVE-2026-0263 - Remote Code Execution in IKEv2 Processing
CVE-2026-0264 - Buffer Overflow in DNS Proxy
CVE-2026-0265 - Authentication Bypass with Cloud Authentication (no 10.2.x fixes yet)
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
