CVE-2026-0258

EUVD-2026-30105
A server-side request forgery (SSRF) vulnerability in the IKEv2 implementation of Palo Alto Networks PAN-OS® software allows an unauthenticated attacker to cause the firewall to send network requests to unintended destinations or cause a denial of service (DoS) condition.



Panorama, Cloud NGFW and Prisma® Access are not impacted by these vulnerabilities.
SSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
UNKNOWN
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 23%
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
SiemensRUGGEDCOM APE1808
𝑥
< *
ADP
Common Weakness Enumeration
References
https://security.paloaltonetworks.com/CVE-2026-0258
https://cert-portal.siemens.com/productcert/html/ssa-967325.html