Home/Palo Alto/PAN-OS/PAN-OS 6.1

PAN-OS 6.1

SKU 6.1

Palo Alto Os Release · PAN-OS Series

High confidence Official Palo Alto notice ↗ Verified
PAN-OS 6.1 is dead. Palo Alto support ended (-2824d).

Is PAN-OS 6.1 still maintained?

No. Palo Alto no longer maintains PAN-OS 6.1; support ended 2018-10-25. It receives no fixes of any kind, including security patches. Devices running it are unpatched against any newer vulnerability — plan an upgrade to a maintained release. See Palo Alto's lifecycle bulletin.

When do security fixes for PAN-OS 6.1 stop?

Engineering fixes for PAN-OS 6.1 — including security patches — stop on 2018-10-25. After that date, a device on this release cannot be patched against newly disclosed vulnerabilities without upgrading, which is the point that matters for KEV exposure and compliance.

What should I upgrade PAN-OS 6.1 to?

Upgrade to a currently maintained Palo Alto release. Check the release-train table on the vendor page for the nearest supported version.

What known-exploited CVEs apply to the PAN-OS 6.1 past end of support?

4 CVEs in CISA's Known Exploited Vulnerabilities catalog affect Palo Alto PAN-OS. Because PAN-OS 6.1 is past end of engineering, it will not receive fixes for them — a device left on this release is exploitable with no patch available. Upgrade to a maintained release. See the Known Exploited Vulnerabilities table below for the full list.

Known Exploited Vulnerabilities

This device is past Palo Alto's security-support date. 4 CVEs in CISA's Known Exploited Vulnerabilities catalog apply to the platform it runs. Palo Alto is not issuing patches for this model. Isolate, compensate, or refresh.

CVE KEV added Vulnerability Flags
CVE-2026-0257 Palo Alto Networks PAN-OS Authentication Bypass Vulnerability
CVE-2026-0300 Palo Alto Networks PAN-OS Out-of-bounds Write Vulnerability
CVE-2017-15944 Palo Alto Networks PAN-OS Remote Code Execution Vulnerability
CVE-2019-1579 Palo Alto Networks PAN-OS Remote Code Execution Vulnerability Ransomware

Source: CISA Known Exploited Vulnerabilities catalog. The Ransomware flag reflects CISA's own knownRansomwareCampaignUse field, set when the CVE has been observed in ransomware campaigns per their threat intel. It's not a property of the vulnerability description itself.

Correlation is at the platform level, not per-OS-version. Not exhaustive: KEV only lists actively-exploited CVEs and many relevant unexploited vulnerabilities are not here. Verify against vendor security advisories (PSIRT, JSA, PAN-SA) and NVD before acting. See compensating controls if refresh isn't immediate.

PAN-OS 6.1 Release Lifecycle

PAN-OS 6.1 is a Palo Alto PAN-OS software release. Releases are maintained on a fixed schedule: Palo Alto ships fixes and security patches until the release reaches end of engineering, after which a device must be upgraded to a maintained release to stay patchable. The dates below are milestones for the software train, not for any specific appliance — hardware running this release has its own separate lifecycle. This product has reached end of life as of , meaning Palo Alto no longer provides technical support, software updates, or hardware replacement for this product. Organizations still running the PAN-OS 6.1 should plan a migration .

Lifecycle Milestones

Lifecycle notice published 11y 9mo ago
End of software maintenance 7y 9mo ago
End of security vulnerability support 7y 9mo ago
Last date of support 7y 9mo ago
Applicable Platforms
↑ Top