- Palo Alto Patched CVE-2026-0227, a DoS Vulnerability in GlobalProtect Gateway and Portal
- Vulnerability can force firewalls into maintenance mode; difficulty rated at 7.7/10
- Cloud NGFW unaffected; patches required as no workarounds exist and no exploits have been reported yet
Palo Alto says it has fixed a high-severity vulnerability in some of its products that allowed malicious actors to run Denial of Service (DoS) attacks and place the compromised instances in maintenance mode.
In a security advisory, the cybersecurity firm said it discovered a denial-of-service vulnerability in the GlobalProtect Gateway and Portal. GlobalProtect is the company’s VPN system with remote access, where Portal and Gateway are the two most important components.
The vulnerability is now tracked as CVE-2026-0227 and received a severity score of 7.7/10 (high).
Vulnerable versions and workarounds
“A vulnerability in Palo Alto Networks’ PAN-OS software allows an unauthorized attacker to cause a denial of service (DoS) attack to the firewall,” the advisory reads. “Repeated attempts to trigger this issue result in the firewall entering maintenance mode.”
Here is the full list of all affected versions of the product:
PAN-OS 12.1 < 12.1.3-h3, < 12.1.4
PAN-OS 11.2 < 11.2.4-t15, < 11.2.7-t8, < 11.2.10-t2
PAN-OS 11.1 < 11.1.4-h27, < 11.1.6-h23, < 11.1.10-h9, < 11.1.13
PAN-OS 10.2 < 10.2.7-t32, < 10.2.10-t30, < 10.2.13-t18, < 10.2.16-t6, < 10.2.18-t1
PAN-OS 10.1 < 10.1.14-h20
Prisma Access 11.2 < 11.2.7-h8
Prisma Access 10.2 < 10.2.10-t29
Palo Alto also said the vulnerability can only be exploited on PAN-OS NGFW or Prisma Access configurations with an enabled GlobalProtect Gateway or Portal.
Its Cloud Next-Generation Firewall (NGFW) is not affected, and right now there are no known solutions to fix the bug. The only way to fix the problem is to apply the supplied patch.
“We have successfully completed the Prisma Access upgrade for most of the customers, with the exception of a few due to conflicting upgrade schedules,” the company added. “Remaining customers will be immediately scheduled for an upgrade through our standard upgrade process.”
There is no evidence of abuse in the wild at this time.
Via Hacker News
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
