Palo Alto patches a worrying security issue which could crash your firewall without even logging in

News
By published

A high-severity flaw was found in GlobalProtect Gateway and Portal

Laptop with warning symbols over the keyboard
(Image credit: Shutterstock)
  • Palo Alto patched CVE-2026-0227, a DoS flaw in GlobalProtect Gateway and Portal
  • Vulnerability could force firewalls into maintenance mode; severity rated 7.7/10
  • Cloud NGFW unaffected; patches required as no workarounds exist, no abuse reported yet

Palo Alto says it has fixed a high-severity vulnerability in some of its products that allowed malicious actors to run Denial of Service (DoS) attacks and place the compromised instances in maintenance mode.

In a security advisory, the cybersecurity company said it discovered a denial-of-service vulnerability in GlobalProtect Gateway and Portal. GlobalProtect is the company’s remote access VPN system, with Portal and Gateway being its main two components.

The vulnerability is now tracked as CVE-2026-0227 and was given a severity score of 7.7/10 (high).

Vulnerable versions and workarounds

“A vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to cause a denial of service (DoS) to the firewall,” the advisory reads. “Repeated attempts to trigger this issue results in the firewall entering into maintenance mode.”

Here is the full list of all affected versions of the product:

PAN-OS 12.1 < 12.1.3-h3, < 12.1.4

PAN-OS 11.2 < 11.2.4-h15, < 11.2.7-h8, < 11.2.10-h2

PAN-OS 11.1 < 11.1.4-h27, < 11.1.6-h23, < 11.1.10-h9, < 11.1.13

PAN-OS 10.2 < 10.2.7-h32, < 10.2.10-h30, < 10.2.13-h18, < 10.2.16-h6, < 10.2.18-h1

PAN-OS 10.1 < 10.1.14-h20

Prisma Access 11.2 < 11.2.7-h8

Prisma Access 10.2 < 10.2.10-h29

Palo Alto also said that the vulnerability can only be exploited on PAN-OS NGFW or Prisma Access configurations, with an enabled GlobalProtect Gateway, or Portal.

Its Cloud Next-Generation Firewall (NGFW) is not impacted, and right now, there are no known workarounds to mitigate the flaw. The only way to address the issue is to apply the provided patch.

“We have successfully completed the Prisma Access upgrade for most of the customers, with the exception of few in progress due to conflicting upgrade schedules,” the company added. “Remaining customers are being promptly scheduled for an upgrade through our standard upgrade process.”

There is no evidence of abuse in the wild at this time.

Via The Hacker News

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.