Description
A denial of service (DoS) vulnerability in Palo Alto Networks Prisma SD-WAN ION devices enables an unauthenticated attacker in a network adjacent to a Prisma SD-WAN ION device to cause a system disruption by sending a specially crafted IPv6 packet.
Published: 2026-05-13
Score: 4.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A denial of service vulnerability exists in Palo Alto Networks Prisma SD‑WAN ION that allows an unauthenticated attacker on an adjacent network to send a specially crafted IPv6 packet and trigger a system disruption. The flaw stems from unchecked input validation of IPv6 packet headers, which can cause an internal component to fail or restart without leading to code execution or data exposure. The impact is limited to service interruption and does not compromise confidentiality or integrity.

Affected Systems

The issue affects Prisma SD‑WAN ION devices running versions 6.5.1 through 6.5.3, 6.4.1 through 6.4.3, and 6.3.1 through 6.3.6. Versions 6.1 and 5.6 are not impacted. To remediate, users of the affected builds should upgrade to the specified patch levels (6.5.3‑b15 or later, 6.4.3‑b8 or later, or 6.3.6‑b10 or later).

Risk and Exploitability

The CVSS score of 4.9 indicates moderate severity. The EPSS score is not available, and the vulnerability is not listed in CISA's KEV catalog. The likely attack vector is an unauthenticated attacker in the local network adjacent to the SD‑WAN ION device. Exploitation requires only the ability to send malformed IPv6 packets and does not require elevated privileges or complex conditions, making it a moderate but realistic threat to availability.

Generated by OpenCVE AI on May 13, 2026 at 21:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Prisma SD‑WAN ION to the vendor‑recommended patch levels (6.5.3‑b15 or later, 6.4.3‑b8 or later, or 6.3.6‑b10 or later).
  • If upgrade is not possible, disable IPv6 functionality on the device to prevent the vulnerability from being accessed.
  • Limit the device’s exposure by segmenting it from untrusted networks and applying firewall rules to block malformed IPv6 traffic.

Generated by OpenCVE AI on May 13, 2026 at 21:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 14 May 2026 11:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 13 May 2026 20:00:00 +0000

Type Values Removed Values Added
Description A denial of service (DoS) vulnerability in Palo Alto Networks Prisma SD-WAN ION devices enables an unauthenticated attacker in a network adjacent to a Prisma SD-WAN ION device to cause a system disruption by sending a specially crafted IPv6 packet.
Title Prisma SD-WAN: Denial of Service (DoS) Vulnerability Through IPv6 Crafted Packet
First Time appeared Palo Alto Networks
Palo Alto Networks prisma Sd-wan Ion
Weaknesses CWE-606
CPEs cpe:2.3:h:palo_alto_networks:prisma_sd-wan_ion:*:*:*:*:*:*:*:*
Vendors & Products Palo Alto Networks
Palo Alto Networks prisma Sd-wan Ion
References
Metrics cvssV4_0

{'score': 4.9, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:U/AU:Y/R:U/V:D/RE:M/U:Amber'}

Subscriptions

Palo Alto Networks Prisma Sd-wan Ion
cve-icon MITRE

Status: PUBLISHED

Assigner: palo_alto

Published:

Updated: 2026-05-14T10:48:23.055Z

Reserved: 2025-11-03T20:44:03.984Z

Link: CVE-2026-0243

cve-icon Vulnrichment

Updated: 2026-05-14T10:48:17.919Z

cve-icon NVD

Status : Received

Published: 2026-05-13T20:16:18.043

Modified: 2026-05-13T20:16:18.043

Link: CVE-2026-0243

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-13T23:00:07Z

Weaknesses