Home/Palo Alto/PAN-OS/PAN-OS 10.2

PAN-OS 10.2

SKU 10.2

Palo Alto Os Release · PAN-OS Series

High confidence Official Palo Alto notice ↗ Verified
PAN-OS 10.2 is at risk. Vendor support is ending soon. Palo Alto support ends (+255d).

Is PAN-OS 10.2 still maintained?

For now. Palo Alto maintenance for PAN-OS 10.2 ends on 2027-03-31. Schedule the upgrade before then. See Palo Alto's lifecycle bulletin.

When do security fixes for PAN-OS 10.2 stop?

Engineering fixes for PAN-OS 10.2 — including security patches — stop on 2027-03-31. After that date, a device on this release cannot be patched against newly disclosed vulnerabilities without upgrading, which is the point that matters for KEV exposure and compliance.

What should I upgrade PAN-OS 10.2 to?

Upgrade to a currently maintained Palo Alto release. Check the release-train table on the vendor page for the nearest supported version.

Vendor Security Advisories

Palo Alto's PSIRT lists 13 advisories affecting this release train. Matched to the train's version range from the vendor's own advisory data — a superset of KEV, since PSIRT publishes vulnerabilities before and whether or not they are exploited.

CVE Published Advisory Severity
CVE-2026-0288 CVE-2026-0288 PAN-OS: Buffer Overflow Vulnerabilities in User-ID Terminal Server Agent High
CVE-2026-0287 CVE-2026-0287 PAN-OS: Denial of Service Vulnerabilities in Network Traffic Processing Medium
CVE-2026-0286 CVE-2026-0286 PAN-OS: Authenticated Command Injection in CLI Medium
CVE-2026-0285 CVE-2026-0285 PAN-OS: Server-Side Request Forgery Vulnerability in Management Web Interface Medium
CVE-2026-0284 CVE-2026-0284 PAN-OS: XML Injection Vulnerability in Large Scale VPN (LSVPN) Medium
CVE-2026-0283 CVE-2026-0283 PAN-OS: Authentication Bypass Vulnerability in Large Scale VPN (LSVPN) Medium
CVE-2026-0282 CVE-2026-0282 PAN-OS: File Deletion Vulnerability in Management Web Interface Low
CVE-2026-0281 CVE-2026-0281 PAN-OS: Information Disclosure Vulnerability in Management Web Interface Low
CVE-2026-0280 CVE-2026-0280 PAN-OS: IPv6 Firewall Policy Bypass Low
CVE-2026-0279 CVE-2026-0279 PAN-OS: Multiple Cross-Site Scripting (XSS) Vulnerabilities Low
CVE-2026-0273 CVE-2026-0273 PAN-OS: Authenticated Admin Command Injection Vulnerability via CLI or Web UI Medium
CVE-2026-0272 CVE-2026-0272 PAN-OS: Privilege Escalation (PE) Vulnerability in the Command Line Interface (CLI) Medium
CVE-2026-0269 CVE-2026-0269 PAN-OS: Denial of Service (DoS) in Tunnel Traffic Processing Medium

Source: Palo Alto Security Advisories, version-matched to this release train. The RSS advisory window is recent, so this list grows over time and is not the vendor's full historical set — check the vendor PSIRT directly for older advisories.

PAN-OS 10.2 Release Lifecycle

PAN-OS 10.2 is a Palo Alto PAN-OS software release. Releases are maintained on a fixed schedule: Palo Alto ships fixes and security patches until the release reaches end of engineering, after which a device must be upgraded to a maintained release to stay patchable. The dates below are milestones for the software train, not for any specific appliance — hardware running this release has its own separate lifecycle. Palo Alto support for this product is ending soon. The last date of support is . After that date, no further software updates, security patches, or hardware replacements will be provided.

Lifecycle Milestones

Lifecycle notice published 4y 5mo ago
End of software maintenance 11mo ago
End of security vulnerability support in 8mo
Last date of support in 8mo

Additional Dates

Extended Support Until in 8mo
Applicable Platforms
↑ Top