Palo Alto Networks has patched a critical denial-of-service vulnerability in its PAN-OS firewall software, tracked as CVE-2026-0227, which lets unauthenticated attackers disrupt GlobalProtect gateways and portals.
The flaw carries a CVSS v4.0 base score of 7.7 (HIGH severity), stemming from improper checks for unusual conditions that force firewalls into maintenance mode after repeated exploitation attempts.
Published on January 14, 2026, the issue affects multiple PAN-OS versions but spares Cloud NGFW entirely.
Palo Alto Networks Firewall Vulnerability
Attackers exploit this over the network with low complexity, no privileges, and no user interaction required, making it automatable and highly feasible.
The vulnerability aligns with CWE-754 (Improper Check for Unusual or Exceptional Conditions) and CAPEC-210 (Abuse Existing Functionality), impacting product availability severely while leaving confidentiality and integrity untouched.
Palo Alto notes proof-of-concept code exists (Exploit Maturity: POC), but no active malicious exploitation has surfaced. Exposure demands GlobalProtect gateway or portal activation on PAN-OS next-generation firewalls (NGFW) or Prisma Access, common in remote access setups.
The vulnerability hits legacy and current PAN-OS branches, with detailed affected and unaffected releases listed below.
ProductAffected VersionsUnaffected VersionsPAN-OS 12.1< 12.1.3-h3, < 12.1.4>= 12.1.3-h3, >= 12.1.4PAN-OS 11.2< 11.2.4-h15, < 11.2.7-h8, < 11.2.10-h2>= 11.2.4-h15 (ETA: 1/14/2026), >= 11.2.7-h8, >= 11.2.10-h2PAN-OS 11.1< 11.1.4-h27, < 11.1.6-h23, < 11.1.10-h9, < 11.1.13>= 11.1.4-h27, >= 11.1.6-h23, >= 11.1.10-h9, >= 11.1.13PAN-OS 10.2< 10.2.7-h32, < 10.2.10-h30, < 10.2.13-h18, < 10.2.16-h6, < 10.2.18-h1>= 10.2.7-h32, >= 10.2.10-h30, >= 10.2.13-h18, >= 10.2.16-h6, >= 10.2.18-h1PAN-OS 10.1< 10.1.14-h20>= 10.1.14-h20Prisma Access 11.2< 11.2.7-h8*>= 11.2.7-h8*Prisma Access 10.2< 10.2.10-h29*>= 10.2.10-h29*
Administrators must upgrade promptly, as no workarounds exist, and response effort rates moderate with user-led recovery. Suggested paths include jumping to the latest hotfixes like PAN-OS 12.1.4 or 11.2.10-h2.
An external researcher receives credit for disclosure. Community discussions highlight recent scanning activity potentially probing this flaw. Organizations should verify configurations via Palo Alto’s support portal and monitor for DoS attempts while the POC is available.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post Palo Alto Networks Firewall Vulnerability Allows Unauthenticated Attackers to Trigger Denial of Service appeared first on Cyber Security News.
