Palo Alto Firewall Flaw: Attacker Forces Reboot Loop

A critical denial-of-service (DoS) flaw has been identified in Palo Alto Networks’ PAN-OS software. Unauthenticated attackers can exploit this vulnerability to crash firewalls, triggering endless reboot cycles that could cripple enterprise networks.

Dubbed CVE-2026-0229, the vulnerability lurks in the Advanced DNS Security (ADNS) feature. An attacker sends a maliciously crafted packet to trigger a system reboot.

Repeated exploitation forces the firewall into maintenance mode, halting traffic inspection and exposing organizations to outages. Cloud NGFW and Prisma Access remain unaffected.

Palo Alto Networks detailed the issue in a security advisory, confirming that it affects only specific PAN-OS versions when ADNS is enabled alongside a spyware profile set to block, sinkhole, or alert traffic.

Affected Versions and Fixes

The company urges admins to upgrade vulnerable systems immediately. Older, unsupported PAN-OS versions should migrate to a patched release. No workarounds exist, and Threat Prevention signatures can’t detect exploits due to the vulnerability’s design.

Palo Alto reports no known exploitation in the wild. Still, security experts warn of risks in high-traffic environments. “DoS flaws like this can cascade into major disruptions, especially if chained with other attacks. Organizations relying on Palo Alto for perimeter defense must prioritize patching.

Firewalls with ADNS form a key line of defense against DNS-based threats, making this exposure particularly concerning for enterprises blocking malicious domains. Admins should verify configurations and scan for unpatched systems via Palo Alto’s support portal.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.