- Palo Alto patched CVE-2026-0227, a DoS flaw in GlobalProtect Gateway and Portal
- A vulnerability could force firewalls into maintenance mode; severity rated 7.7/10
- Cloud NGFW not affected; fixes required as no workaround exists, no abuse reported yet
Palo Alto says it has fixed a high-severity vulnerability in some of its products that allowed malicious actors to launch denial of service (DoS) attacks and place compromised instances in maintenance mode.
In a security advisory, the cybersecurity company said it discovered a denial of service vulnerability in GlobalProtect Gateway and Portal. GlobalProtect is the company’s remote access VPN system, with Portal and Gateway being its two main components.
The vulnerability is now tracked as CVE-2026-0227 and has received a severity score of 7.7/10 (high).
Vulnerable versions and workarounds
“A vulnerability in Palo Alto Networks PAN-OS software allows an unauthenticated attacker to cause a denial of service (DoS) on the firewall,” the advisory states. “Repeated attempts to trigger this issue cause the firewall to enter maintenance mode.”
Here is the complete list of all affected versions of the product:
PAN-OS 12.1 < 12.1.3-h3, < 12.1.4
PAN-OS 11.2 < 11.2.4-h15, < 11.2.7-h8, < 11.2.10-h2
PAN-OS 11.1 < 11.1.4-h27, < 11.1.6-h23, < 11.1.10-h9, < 11.1.13
PAN-OS 10.2 < 10.2.7-h32, < 10.2.10-h30, < 10.2.13-h18, < 10.2.16-h6, < 10.2.18-h1
PAN-OS 10.1 < 10.1.14-h20
Prisma Access 11.2 < 11.2.7-h8
Prisma Access 10.2 < 10.2.10-h29
Palo Alto also stated that the vulnerability can only be exploited on PAN-OS NGFW or Prisma Access configurations, with a GlobalProtect gateway or portal enabled.
Its Cloud Next-Generation Firewall (NGFW) is not impacted and, at this time, there are no known workarounds to mitigate the flaw. The only way to resolve the issue is to apply the provided fix.
“We have successfully completed the Prisma Access upgrade for most customers, with the exception of a few in progress due to conflicting upgrade schedules,” the company added. “Remaining customers are quickly scheduled for an upgrade through our standard upgrade process. »
There is currently no evidence of abuse in the wild.
Via Hacker news
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
