Palo Alto Networks has released a security advisory on a newly discovered denial-of-service (DoS) vulnerability. This vulnerability, tracked as CVE-2026-0227, affects its GlobalProtect PAN-OS software. This vulnerability has been assigned a CVSS 7.7 score, evidencing the high impact it could have on compromised systems. Find, develop, and report by an external researcher who wishes to remain unnamed, CVE-2026-0227 is a case of missing check for exceptional conditions.
The vulnerability is specifically found on multiple releases of PAN-OS and Prisma Access. The PAN-OS versions affected are 12.1, 11.2, 11.1, 10.2, and 10.1, with subversions detailed in the advisory. The same goes for Prisma Access versions 11.2 and 10.2 which are affected. On its blog, Palo Alto Networks stressed that this vulnerability is only applicable to configurations where a GlobalProtect gateway or a portal is enabled.
Details of the Vulnerability
CVE-2026-0227 is rated a denial-of-service issue, enabling an unauthenticated attacker to cause the firewall to become inoperable. Palo Alto Networks stated,
“A vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to cause a denial-of-service (DoS) to the firewall.”
This critical vulnerability has not been seen publicly exploited in the wild yet. In the last year, unprotected GlobalProtect gateways have been subject to a huge increase in scanning efforts. This huge bump indicates that malicious actors are still actively scanning for vulnerabilities.
Affected Versions and Recommendations
Palo Alto Networks advisory includes information on which specific versions of Pan-OS CVE-2026-0227 is affecting. For PAN-OS, the vulnerable versions include:
- 12.1 < 12.1.3-h3, < 12.1.4
- 11.2 < 11.2.4-h15, < 11.2.7-h8, < 11.2.10-h2
- 11.1 < 11.1.4-h27, < 11.1.6-h23, < 11.1.10-h9, < 11.1.13
- 10.2 < 10.2.7-h32, < 10.2.10-h30, < 10.2.13-h18, < 10.2.16-h6, < 10.2.18-h1
- 10.1 < 10.1.14-h20
Palo Alto Networks has recommended that users ensure their devices are always up-to-date in order to properly address this vulnerability.
- 11.2 < 11.2.7-h8
- 10.2 < 10.2.10-h29
Ensuring you are running the latest software versions is a key tenet in good cybersecurity hygiene and is your best defense against dangerous vulnerabilities such as CVE-2026-0227. Palo Alto Networks has since made it clear that this vulnerability is only applicable to configurations that use GlobalProtect gateways or GlobalProtect portals. This limitation goes for PAN-OS NGFW and Prisma Access deployments.
Importance of Security Updates
Keeping software up to date is crucial in maintaining cybersecurity hygiene and protecting against potential threats like CVE-2026-0227. Palo Alto Networks has clarified the limited scope of this vulnerability to configurations using GlobalProtect gateways or portals in PAN-OS NGFW or Prisma Access setups.