Feature/panos CVE 2026 0265 scanner#21610
Open
percx wants to merge 2 commits into
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
This PR adds a new Metasploit auxiliary scanner module for safely detecting
CVE-2026-0265 affecting PAN-OS GlobalProtect portals when Clientless
Application Services (CAS) authentication is enabled.
The module performs a single anonymous request to the GlobalProtect
prelogin endpoint and determines whether a target is affected without
attempting exploitation, authentication bypass, session creation, or
modification of the target.
Detection is based on the public Palo Alto Networks security advisory and
the Bishop Fox CVE-2026-0265 detection utility. The module:
report_vulnThis module is intended as a safe vulnerability detection utility and does
not exploit the vulnerability.
Related Issue:
None
Breaking Changes
None
Reviewer Notes
The module was tested against real PAN-OS systems representing vulnerable,
patched, and non-applicable configurations.
The implementation follows the public vendor advisory decision logic and
the Bishop Fox reference implementation while adapting it to Metasploit's
Auxiliary::Scanner framework.
Verification Steps
Load the module:
Configure the target:
Execute:
Verify expected results:
Vulnerable systems report:
Patched systems report:
Systems with CAS disabled report:
Vulnerable targets are recorded in the Metasploit database.
Test Evidence
Successfully tested against:
Validation completed:
ruby -c)msftidyreport_vuln)Environment
AI Usage Disclosure
OpenAI ChatGPT was used as a development assistant to discuss implementation approaches, review Ruby code, improve documentation, and refine module formatting. The module logic, testing, validation, and final code review were performed by the submitter.
Pre-Submission Checklist
documentation/modules(new modules only)