- Palo Alto patched CVE-2026-0227, a DoS flaw in GlobalProtect Gateway and Portal
- The vulnerability could force firewalls into maintenance mode; severity rated 7.7/10
- Cloud NGFW is not affected; Patches are required as there are no workarounds and no abuse has been reported yet.
Palo Alto says it has fixed a high severity vulnerability in some of its products that allowed malicious actors to execute denial of service (DoS) attacks and place compromised instances into maintenance mode.
In a security advisory, the cybersecurity company said it discovered a denial of service vulnerability in GlobalProtect Gateway and Portal. GlobalProtect is the company’s remote access VPN system, with Portal and Gateway being its two main components.
The vulnerability is now tracked as CVE-2026-0227 and has been assigned a severity score of 7.7/10 (High).
Vulnerable versions and solutions
“A vulnerability in Palo Alto Networks’ PAN-OS software allows an unauthenticated attacker to cause a denial of service (DoS) in the firewall,” the advisory reads. “Repeated attempts to trigger this issue cause the firewall to go into maintenance mode.”
Here is the complete list of all affected versions of the product:
PAN-OS 12.1 < 12.1.3-h3, < 12.1.4
PAN-OS 11.2 < 11.2.4-h15, < 11.2.7-h8, < 11.2.10-h2
PAN-OS 11.1 < 11.1.4-h27, < 11.1.6-h23, < 11.1.10-h9, < 11.1.13
PAN-OS 10.2 < 10.2.7-h32, < 10.2.10-h30, < 10.2.13-h18, < 10.2.16-h6, < 10.2.18-h1
PAN-OS 10.1 < 10.1.14-h20
Prism Access 11.2 < 11.2.7-h8
Prism Access 10.2 < 10.2.10-h29
Palo Alto also said that the vulnerability can only be exploited in PAN-OS NGFW or Prisma Access configurations, with a GlobalProtect gateway or portal enabled.
Your next-generation cloud firewall (NGFW) is not affected, and at this time, there are no known solutions to mitigate the failure. The only way to fix the issue is to apply the provided patch.
“We have successfully completed the Prisma Access upgrade for most customers, with the exception of a few in progress due to conflicting upgrade schedules,” the company added. “An upgrade is being immediately scheduled for remaining customers through our standard upgrade process.”
There is no evidence of abuse in the wild at this time.
Through Hacker News
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
