CVE-2026-0259
WildFire WF-500 and WF-500-B: Arbitrary File Read and Delete Vulnerability in WildFire Appliance (WF-500, WF-500-B)
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
An arbitrary File Read and Delete Vulnerability in Palo Alto Networks WildFire® WF-500 and WF-500-B appliances enables users to read sensitive information and delete arbitrary files. This vulnerability affects WF-500 and WF-500-B appliances running in the default non-FIPS configuration mode. The WildFire Appliance (WF-500, WF-500-B) software update is now available to customers that use the WildFire Appliance (WF-500, WF-500-B) for on-premise sandboxing. Please note that customers using the WildFire Public cloud service are NOT impacted by this vulnerability.
| CWE | CWE-73 |
| Vendor | palo alto networks |
| Product | wildfire wf-500 and wf-500-b |
| Published | May 13, 2026 |
| Last Updated | May 13, 2026 |
Stay Ahead of the Next One
Get instant alerts for palo alto networks wildfire wf-500 and wf-500-b
Be the first to know when new unknown vulnerabilities affecting palo alto networks wildfire wf-500 and wf-500-b are published — delivered to Slack, Telegram or Discord.
Get Free Alerts →
Free · No credit card · 60 sec setup
Affected Versions
Palo Alto Networks / WildFire WF-500 and WF-500-B
12.1.0 < 12.1.7, 12.1.4-h5 11.2.0 < 11.2.11,11.2.7-h7 11.1.0 < 11.1.13,11.1.10-h8 10.2.0 < 10.2.18-h6, 10.2.16-h7, 10.2.13-h21, 10.2.10-h36, 10.2.7-h34
References
Credits
Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue.