CVE-2026-0259 MEDIUM

CVE-2026-0259: WildFire WF-500 and WF-500-B: Arbitrary File Read and Delete Vulnerability in WildFire Appliance (WF-500, WF-500-B)

Vendor Palo Alto Networks
Product WildFire WF-500 and WF-500-B
Weakness CWE-73
Published May 13, 2026
Last update May 13, 2026

CVSS base score

5.0/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/AU:Y/R:U/V:C/RE:M/U:Amber

What the vulnerability does

01Description

An arbitrary File Read and Delete Vulnerability in Palo Alto Networks WildFire® WF-500 and WF-500-B appliances enables users to read sensitive information and delete arbitrary files. This vulnerability affects WF-500 and WF-500-B appliances running in the default non-FIPS configuration mode. The WildFire Appliance (WF-500, WF-500-B) software update is now available to customers that use the WildFire Appliance (WF-500, WF-500-B) for on-premise sandboxing. Please note that customers using the WildFire Public cloud service are NOT impacted by this vulnerability.

Key dates

02Disclosure timeline

May 13, 2026 CVE published
May 13, 2026 Record updated