Palo Alto Networks has patched a vital denial-of-service vulnerability in its PAN-OS firewall software program, tracked as CVE-2026-0227, which lets unauthenticated attackers disrupt GlobalProtect gateways and portals.
The flaw carries a CVSS v4.0 base rating of seven.7 (HIGH severity), stemming from improper checks for uncommon situations that power firewalls into upkeep mode after repeated exploitation makes an attempt.
Revealed on January 14, 2026, the problem impacts a number of PAN-OS variations however spares Cloud NGFW totally.
Palo Alto Networks Firewall Vulnerability
Attackers exploit this over the community with low complexity, no privileges, and no consumer interplay required, making it automatable and extremely possible.
The vulnerability aligns with CWE-754 (Improper Test for Uncommon or Distinctive Situations) and CAPEC-210 (Abuse Current Performance), impacting product availability severely whereas leaving confidentiality and integrity untouched.
Palo Alto notes proof-of-concept code exists (Exploit Maturity: POC), however no energetic malicious exploitation has surfaced. Publicity calls for GlobalProtect gateway or portal activation on PAN-OS next-generation firewalls (NGFW) or Prisma Entry, widespread in distant entry setups.
The vulnerability hits legacy and present PAN-OS branches, with detailed affected and unaffected releases listed beneath.
ProductAffected VersionsUnaffected VersionsPAN-OS 12.1< 12.1.3-h3, < 12.1.4>= 12.1.3-h3, >= 12.1.4PAN-OS 11.2< 11.2.4-h15, < 11.2.7-h8, < 11.2.10-h2>= 11.2.4-h15 (ETA: 1/14/2026), >= 11.2.7-h8, >= 11.2.10-h2PAN-OS 11.1< 11.1.4-h27, < 11.1.6-h23, < 11.1.10-h9, < 11.1.13>= 11.1.4-h27, >= 11.1.6-h23, >= 11.1.10-h9, >= 11.1.13PAN-OS 10.2< 10.2.7-h32, < 10.2.10-h30, < 10.2.13-h18, < 10.2.16-h6, < 10.2.18-h1>= 10.2.7-h32, >= 10.2.10-h30, >= 10.2.13-h18, >= 10.2.16-h6, >= 10.2.18-h1PAN-OS 10.1< 10.1.14-h20>= 10.1.14-h20Prisma Entry 11.2< 11.2.7-h8*>= 11.2.7-h8*Prisma Entry 10.2< 10.2.10-h29*>= 10.2.10-h29*
Directors should improve promptly, as no workarounds exist, and response effort charges reasonable with user-led restoration. Advised paths embrace leaping to the newest hotfixes like PAN-OS 12.1.4 or 11.2.10-h2.
An exterior researcher receives credit score for disclosure. Group discussions spotlight current scanning exercise doubtlessly probing this flaw. Organizations ought to confirm configurations through Palo Alto’s assist portal and monitor for DoS makes an attempt whereas the POC is on the market.
Comply with us on Google Information, LinkedIn, and X for every day cybersecurity updates. Contact us to characteristic your tales.
