Command Injection in Palo Alto Networks PAN-OS

Successful exploitation allows an authenticated administrator to escape intended management-plane restrictions and execute arbitrary operating system commands with root privileges on the affected device. This can result in full compromise of the firewall or Panorama appliance, including complete administrative control over the underlying system and any security, configuration, or operational functions managed by the platform.

Restrict PAN-OS CLI access to a limited group of administrators. Restrict access to the management web interface to trusted internal IP addresses only, consistent with Palo Alto Networks best-practice guidance. The content also recommends using a hardened jump box for firewall management access. Where management traffic is inspectable and decrypted and Threat Prevention is deployed, dedicated Threat IDs may help block exploit attempts.

Upgrade PAN-OS to a vendor-fixed release. Based on the provided content, fixes for CVE-2026-0273 include PAN-OS 12.1.4-h7 and 12.1.7 in the 12.1 train; 11.2.4-h18, 11.2.7-h16, 11.2.10-h9, and 11.2.12 in the 11.2 train; 11.1.4-h34, 11.1.6-h33, 11.1.7-h7, 11.1.10-h27, 11.1.13-h7, and 11.1.15 in the 11.1 train; and 10.2.7-h35, 10.2.10-h37, 10.2.13-h22, 10.2.16-h8, and 10.2.18-h7 in the 10.2 train. Systems on unsupported PAN-OS branches should be upgraded to a supported fixed release.