Palo Alto Networks patched a high-severity vulnerability that would enable unauthenticated attackers to disable firewall protections in denial-of-service (DoS) assaults.
Tracked as CVE-2026-0227, this security flaw impacts next-generation firewalls (working PAN-OS 10.1 or later) and Palo Alto Networks’ Prisma Entry configurations when the GlobalProtect gateway or portal is enabled.
The cybersecurity firm says that almost all cloud-based Prisma Entry situations have already been patched, with these left to be secured already scheduled for an improve.
“A vulnerability in Palo Alto Networks PAN-OS software program permits an unauthenticated attacker to trigger a denial of service (DoS) to the firewall. Repeated makes an attempt to set off this subject leads to the firewall getting into into upkeep mode,” Palo Alto Networks defined.
“We now have efficiently accomplished the Prisma Entry improve for many of the clients, except for few in progress because of conflicting improve schedules. Remaining clients are being promptly scheduled for an improve by means of our normal improve course of.”
Web security watchdog Shadowserver at the moment tracks almost 6,000 Palo Alto Networks firewalls uncovered on-line, although there is no such thing as a data on what number of have susceptible configurations or have already been patched.
When the security advisory was revealed on Wednesday, the corporate mentioned it had but to search out proof that this vulnerability was being exploited in assaults.
Palo Alto Networks has launched security updates for all affected variations, and admins are suggested to improve to the most recent launch to safe their programs towards potential assaults.
| Model | Minor Model | Prompt Answer |
|---|---|---|
| Cloud NGFW All | No motion wanted. | |
| PAN-OS 12.1 | 12.1.0 by means of 12.1.3 | Improve to 12.1.4 or later. |
| PAN-OS 11.2 | 11.2.8 by means of 11.2.10 | Improve to 11.2.10-h2 or later. |
| 11.2.5 by means of 11.2.7 | Improve to 11.2.7-h8 or 11.2.10-h2 or later. | |
| 11.2.0 by means of 11.2.4 | Improve to 11.2.4-h15 or 11.2.10-h2 or later. | |
| PAN-OS 11.1 | 11.1.11 by means of 11.1.12 | Improve to 11.1.13 or later. |
| 11.1.7 by means of 11.1.10 | Improve to 11.1.10-h9 or 11.1.13 later. | |
| 11.1.5 by means of 11.1.6 | Improve to 11.1.6-h23 or 11.1.13 or later. | |
| 11.1.0 by means of 11.1.4 | Improve to 11.1.4-h27 or 11.1.13 or later. | |
| PAN-OS 10.2 | 10.2.17 by means of 10.2.18 | Improve to 10.2.18-h1 or later. |
| 10.2.14 by means of 10.2.16 | Improve to 10.2.16-h6 or 10.2.18-h1 or later. | |
| 10.2.11 by means of 10.2.13 | Improve to 10.2.13-h18 or 10.2.18-h1 or later. | |
| 10.2.8 by means of 10.2.10 | Improve to 10.2.10-h30 or 10.2.18-h1 or later. | |
| 10.2.0 by means of 10.2.7 | Improve to 10.2.7-h32 or 10.2.18-h1 or later. | |
| Unsupported PAN-OS | Improve to a supported mounted model. | |
| Prisma Entry 11.2 | 11.2 by means of | Improve to 11.2.7-h8 or later. |
| Prisma Entry 10.2 | 10.2 by means of | Improve to 10.2.10-h29 or later. |
Palo Alto Networks firewalls are sometimes focused in assaults, incessantly utilizing zero-day vulnerabilities that have not been disclosed or patched.
In November 2024, Palo Alto Networks patched two actively exploited PAN-OS firewall zero-days that enabled attackers to realize root privileges. Shadowserver revealed days later that hundreds of firewalls had been compromised within the marketing campaign (though the corporate mentioned the assaults impacted solely “a really small quantity”), whereas CISA ordered federal companies to safe their units inside 3 weeks.
One month later, in December 2024, the cybersecurity agency warned clients that hackers had been exploiting one other PAN-OS DoS vulnerability (CVE-2024-3393) to focus on PA-Sequence, VM-Sequence, and CN-Sequence firewalls with DNS Safety logging enabled, forcing them to reboot and disable firewall protections.
Quickly after, in February, it mentioned three different flaws (CVE-2025-0111, CVE-2025-0108, and CVE-2024-9474) had been being chained in assaults to compromise PAN-OS firewalls.
Extra not too long ago, menace intelligence firm GreyNoise warned of an automatic marketing campaign concentrating on Palo Alto GlobalProtect portals with brute-force and login makes an attempt from greater than 7,000 IP addresses. GlobalProtect is the VPN and distant entry part of PAN-OS firewalls, utilized by many authorities companies, service suppliers, and enormous enterprises.
Palo Alto Networks’ services are utilized by over 70,000 clients worldwide, together with many of the largest U.S. banks and 90% of Fortune 10 corporations.
It is funds season! Over 300 CISOs and security leaders have shared how they’re planning, spending, and prioritizing for the yr forward. This report compiles their insights, permitting readers to benchmark methods, establish rising developments, and examine their priorities as they head into 2026.
Find out how high leaders are turning funding into measurable impression.
