PAN-OS 11.2
11.2
Os Release
· PAN-OS Series
Is PAN-OS 11.2 still maintained?
For now. Palo Alto maintenance for PAN-OS 11.2 ends on 2027-05-02. Schedule the upgrade before then. See Palo Alto's lifecycle bulletin.
When do security fixes for PAN-OS 11.2 stop?
Engineering fixes for PAN-OS 11.2 — including security patches — stop on 2027-05-02. After that date, a device on this release cannot be patched against newly disclosed vulnerabilities without upgrading, which is the point that matters for KEV exposure and compliance.
What should I upgrade PAN-OS 11.2 to?
Upgrade to a currently maintained Palo Alto release. Check the release-train table on the vendor page for the nearest supported version.
Vendor Security Advisories
Palo Alto's PSIRT lists 13 advisories affecting this release train. Matched to the train's version range from the vendor's own advisory data — a superset of KEV, since PSIRT publishes vulnerabilities before and whether or not they are exploited.
| CVE | Published | Advisory | Severity |
|---|---|---|---|
CVE-2026-0288 |
CVE-2026-0288 PAN-OS: Buffer Overflow Vulnerabilities in User-ID Terminal Server Agent | High | |
CVE-2026-0287 |
CVE-2026-0287 PAN-OS: Denial of Service Vulnerabilities in Network Traffic Processing | Medium | |
CVE-2026-0286 |
CVE-2026-0286 PAN-OS: Authenticated Command Injection in CLI | Medium | |
CVE-2026-0285 |
CVE-2026-0285 PAN-OS: Server-Side Request Forgery Vulnerability in Management Web Interface | Medium | |
CVE-2026-0284 |
CVE-2026-0284 PAN-OS: XML Injection Vulnerability in Large Scale VPN (LSVPN) | Medium | |
CVE-2026-0283 |
CVE-2026-0283 PAN-OS: Authentication Bypass Vulnerability in Large Scale VPN (LSVPN) | Medium | |
CVE-2026-0282 |
CVE-2026-0282 PAN-OS: File Deletion Vulnerability in Management Web Interface | Low | |
CVE-2026-0281 |
CVE-2026-0281 PAN-OS: Information Disclosure Vulnerability in Management Web Interface | Low | |
CVE-2026-0280 |
CVE-2026-0280 PAN-OS: IPv6 Firewall Policy Bypass | Low | |
CVE-2026-0279 |
CVE-2026-0279 PAN-OS: Multiple Cross-Site Scripting (XSS) Vulnerabilities | Low | |
CVE-2026-0273 |
CVE-2026-0273 PAN-OS: Authenticated Admin Command Injection Vulnerability via CLI or Web UI | Medium | |
CVE-2026-0272 |
CVE-2026-0272 PAN-OS: Privilege Escalation (PE) Vulnerability in the Command Line Interface (CLI) | Medium | |
CVE-2026-0269 |
CVE-2026-0269 PAN-OS: Denial of Service (DoS) in Tunnel Traffic Processing | Medium |
Source: Palo Alto Security Advisories, version-matched to this release train. The RSS advisory window is recent, so this list grows over time and is not the vendor's full historical set — check the vendor PSIRT directly for older advisories.
PAN-OS 11.2 Release Lifecycle
PAN-OS 11.2 is a Palo Alto PAN-OS software release. Releases are maintained on a fixed schedule: Palo Alto ships fixes and security patches until the release reaches end of engineering, after which a device must be upgraded to a maintained release to stay patchable. The dates below are milestones for the software train, not for any specific appliance — hardware running this release has its own separate lifecycle. Palo Alto support for this product is ending soon. The last date of support is . After that date, no further software updates, security patches, or hardware replacements will be provided.
Lifecycle Milestones
| Lifecycle notice published | 2y 3mo ago | |
|---|---|---|
| End of software maintenance | in 9mo | |
| End of security vulnerability support | in 9mo | |
| Last date of support | in 9mo |