Critical PAN-OS IKEv2 Buffer Overflow Allows Unauthenticated Remote Code Execution (CVE-2026-0263)

Palo Alto Networks disclosed CVE-2026-0263, a high-severity buffer overflow in PAN-OS IKEv2 processing that allows unauthenticated network-based attackers to execute arbitrary code with elevated privileges on affected firewalls. The vulnerability affects PAN-OS versions 11.1, 11.2, and 12.1 when IKEv2 VPN tunnels are configured with non-NIST-approved Post Quantum Cryptography ciphers. CVSS v4.0 base score is 7.2 (HIGH). Cloud NGFW, Prisma Access, and PAN-OS 10.2 are not affected. Patches are available with ETA May 28 for some versions. The advisory was published May 13, 2026 with no known active exploitation.