CyberSecurity News

Palo Alto Firewall DoS Vulnerability Allows Attackers

Palo Alto Networks has patched a critical denial-of-service vulnerability in its PAN-OS firewall software. Tracked as CVE-2026-0227, the flaw allows unauthenticated attackers to disrupt GlobalProtect...

Emy Elsamnoudy
Emy Elsamnoudy
January 15, 2026 2 Min Read
2 0

Palo Alto Networks has patched a critical denial-of-service vulnerability in its PAN-OS firewall software. Tracked as CVE-2026-0227, the flaw allows unauthenticated attackers to disrupt GlobalProtect gateways and portals.

The flaw carries a CVSS v4.0 base score of 7.7 (HIGH severity), stemming from improper checks for unusual conditions that force firewalls into maintenance mode after repeated exploitation attempts.

Published on January 14, 2026, the issue affects multiple PAN-OS versions but spares Cloud NGFW entirely.​

Palo Alto Networks Firewall Vulnerability

Attackers exploit this over the network with low complexity, no privileges, and no user interaction required, making it automatable and highly feasible.

The vulnerability aligns with CWE-754 (Improper Check for Unusual or Exceptional Conditions) and CAPEC-210 (Abuse Existing Functionality), impacting product availability severely while leaving confidentiality and integrity untouched.

Palo Alto notes proof-of-concept code exists (Exploit Maturity: POC), but no active malicious exploitation has surfaced. Exposure demands GlobalProtect gateway or portal activation on PAN-OS next-generation firewalls (NGFW) or Prisma Access, common in remote access setups.​

The vulnerability hits legacy and current PAN-OS branches, with detailed affected and unaffected releases listed below.

Product Affected Versions Unaffected Versions
PAN-OS 12.1 < 12.1.3-h3, < 12.1.4 >= 12.1.3-h3, >= 12.1.4
PAN-OS 11.2 < 11.2.4-h15, < 11.2.7-h8, < 11.2.10-h2 >= 11.2.4-h15 (ETA: 1/14/2026), >= 11.2.7-h8, >= 11.2.10-h2
PAN-OS 11.1 < 11.1.4-h27, < 11.1.6-h23, < 11.1.10-h9, < 11.1.13 >= 11.1.4-h27, >= 11.1.6-h23, >= 11.1.10-h9, >= 11.1.13
PAN-OS 10.2 < 10.2.7-h32, < 10.2.10-h30, < 10.2.13-h18, < 10.2.16-h6, < 10.2.18-h1 >= 10.2.7-h32, >= 10.2.10-h30, >= 10.2.13-h18, >= 10.2.16-h6, >= 10.2.18-h1
PAN-OS 10.1 < 10.1.14-h20 >= 10.1.14-h20
Prisma Access 11.2 < 11.2.7-h8* >= 11.2.7-h8*
Prisma Access 10.2 < 10.2.10-h29* >= 10.2.10-h29*

Administrators must upgrade promptly, as no workarounds exist, and response effort rates moderate with user-led recovery. Suggested paths include jumping to the latest hotfixes like PAN-OS 12.1.4 or 11.2.10-h2.

An external researcher receives credit for disclosure. Community discussions highlight recent scanning activity potentially probing this flaw. Organizations should verify configurations via Palo Alto’s support portal and monitor for DoS attempts while the POC is available.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

AttackCVEExploitPatchVulnerability

Share Article

Emy Elsamnoudy

Emy Elsamnoudy

Emy is a cybersecurity analyst and reporter specializing in threat hunting, defense strategies, and industry trends. With expertise in proactive security measures, Emily covers the tools and techniques organizations use to detect and prevent cyber attacks. She is a regular speaker at security conferences and has contributed to industry reports on threat intelligence and security operations. Emily's reporting focuses on helping organizations improve their security posture through practical, actionable insights.

No Comment! Be the first one.

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts