Home/Palo Alto/PAN-OS/PAN-OS 12.1

PAN-OS 12.1

SKU 12.1

Palo Alto Os Release · PAN-OS Series

High confidence Official Palo Alto notice ↗ Verified
PAN-OS 12.1 has an announced end-of-sale date. Palo Alto support continues until (+1136d).

Is PAN-OS 12.1 still maintained?

Yes. Palo Alto actively maintains PAN-OS 12.1. See Palo Alto's lifecycle bulletin.

When do security fixes for PAN-OS 12.1 stop?

Engineering fixes for PAN-OS 12.1 — including security patches — stop on 2029-08-28. After that date, a device on this release cannot be patched against newly disclosed vulnerabilities without upgrading, which is the point that matters for KEV exposure and compliance.

What should I upgrade PAN-OS 12.1 to?

Upgrade to a currently maintained Palo Alto release. Check the release-train table on the vendor page for the nearest supported version.

Vendor Security Advisories

Palo Alto's PSIRT lists 13 advisories affecting this release train. Matched to the train's version range from the vendor's own advisory data — a superset of KEV, since PSIRT publishes vulnerabilities before and whether or not they are exploited.

CVE Published Advisory Severity
CVE-2026-0288 CVE-2026-0288 PAN-OS: Buffer Overflow Vulnerabilities in User-ID Terminal Server Agent High
CVE-2026-0287 CVE-2026-0287 PAN-OS: Denial of Service Vulnerabilities in Network Traffic Processing Medium
CVE-2026-0286 CVE-2026-0286 PAN-OS: Authenticated Command Injection in CLI Medium
CVE-2026-0285 CVE-2026-0285 PAN-OS: Server-Side Request Forgery Vulnerability in Management Web Interface Medium
CVE-2026-0284 CVE-2026-0284 PAN-OS: XML Injection Vulnerability in Large Scale VPN (LSVPN) Medium
CVE-2026-0283 CVE-2026-0283 PAN-OS: Authentication Bypass Vulnerability in Large Scale VPN (LSVPN) Medium
CVE-2026-0282 CVE-2026-0282 PAN-OS: File Deletion Vulnerability in Management Web Interface Low
CVE-2026-0281 CVE-2026-0281 PAN-OS: Information Disclosure Vulnerability in Management Web Interface Low
CVE-2026-0280 CVE-2026-0280 PAN-OS: IPv6 Firewall Policy Bypass Low
CVE-2026-0279 CVE-2026-0279 PAN-OS: Multiple Cross-Site Scripting (XSS) Vulnerabilities Low
CVE-2026-0273 CVE-2026-0273 PAN-OS: Authenticated Admin Command Injection Vulnerability via CLI or Web UI Medium
CVE-2026-0272 CVE-2026-0272 PAN-OS: Privilege Escalation (PE) Vulnerability in the Command Line Interface (CLI) Medium
CVE-2026-0269 CVE-2026-0269 PAN-OS: Denial of Service (DoS) in Tunnel Traffic Processing Medium

Source: Palo Alto Security Advisories, version-matched to this release train. The RSS advisory window is recent, so this list grows over time and is not the vendor's full historical set — check the vendor PSIRT directly for older advisories.

PAN-OS 12.1 Release Lifecycle

PAN-OS 12.1 is a Palo Alto PAN-OS software release. Releases are maintained on a fixed schedule: Palo Alto ships fixes and security patches until the release reaches end of engineering, after which a device must be upgraded to a maintained release to stay patchable. The dates below are milestones for the software train, not for any specific appliance — hardware running this release has its own separate lifecycle. Vendor support will continue until .

Lifecycle Milestones

Lifecycle notice published 11mo ago
End of software maintenance in 2y 1mo
End of security vulnerability support in 3y 1mo
Last date of support in 3y 1mo

Additional Dates

Extended Support Until in 3y 1mo
Applicable Platforms
↑ Top