IsItPatchedInstant security status for any software version
← All products

Palo Alto PAN-OS

Palo Alto Networks · Network / Security
0/100 Critical · exploited

Summary iPlain-English security verdict for Palo Alto PAN-OS, generated from its current health score, actively-exploited vulnerabilities, and latest supported version.

Palo Alto PAN-OS currently scores 0/100 — critical, with active exploitation. 14 of its known vulnerabilities are being actively exploited in the wild (CISA KEV), including CVE-2024-3400. Upgrade immediately and review your exposure to the actively-exploited CVEs below.

Disclosure trend iNew CVEs published for Palo Alto PAN-OS each year (NVD). A higher bar means more disclosures that year — more scrutiny, not necessarily less safe.

'19
'20
'21
'22
'23
'24
'25
'26

⚠ 5 of its known vulnerabilities are linked to ransomware campaigns (CISA KEV).

Patch priority — what to act on iThe issues to fix first — actively exploited (CISA KEV) first, then by exploitation probability (EPSS), then severity. Each row's "→ fixed in" is the earliest version that patches it; "see advisory" means no fixed version is published.

Most urgent first — actively exploited, then likeliest to be exploited.

CVE-2024-3400 CRITICAL ● exploited ⚠ ransomware Improper input validation EPSS 94% → see advisory CVE-2024-0012 CRITICAL ● exploited ⚠ ransomware Missing authentication EPSS 94% → see advisory CVE-2024-9474 HIGH ● exploited ⚠ ransomware OS command injection EPSS 94% → fixed in 11.2.4 CVE-2025-0108 CRITICAL ● exploited Missing authentication EPSS 94% → fixed in 11.2.4 CVE-2017-15944 CRITICAL ● exploited Improper input validation EPSS 94% → fixed in 8.0.6 CVE-2016-5195 HIGH ● exploited CWE-362 EPSS 94% → fixed in 7.1.8 CVE-2019-1579 HIGH ● exploited ⚠ ransomware CWE-134 EPSS 93% → fixed in 8.1.3 CVE-2024-3393 HIGH ● exploited CWE-754 EPSS 80% → fixed in 11.2.3 CVE-2026-0257 CRITICAL ● exploited CWE-565 EPSS 59% → fixed in 10.2.7 CVE-2018-14634 HIGH ● exploited Integer overflow EPSS 21% → fixed in 8.1.7 CVE-2020-2021 CRITICAL ● exploited ⚠ ransomware CWE-347 EPSS 19% → fixed in 9.1.3 CVE-2026-0300 CRITICAL ● exploited Out-of-bounds write EPSS 5% → see advisory

ℹ lifecycle unknown — needs latest supported version

Last checked: Wed, 10 Jun 2026 22:18:30 UTC