Palo Alto Networks has released a security update for a high-severity security flaw affecting GlobalProtect Gateway and Portal. It states that a proof-of-concept (PoC) exploit exists for this flaw.
This vulnerability is tracked as CVE-2026-0227 (CVSS score: 7.7) and is described as a denial of service (DoS) condition affecting GlobalProtect PAN-OS software that occurs as a result of improper checking for an exception condition (CWE-754).
“A vulnerability in Palo Alto Networks’ PAN-OS software could allow an unauthenticated attacker to cause a denial of service (DoS) to a firewall,” the company said in an advisory published Wednesday. “Repeated attempts to cause this issue will cause the firewall to enter maintenance mode.”
This issue was discovered and reported by an anonymous external researcher and affects the following versions:
PAN-OS 12.1 < 12.1.3-h3, < 12.1.4 PAN-OS 11.2 < 11.2.4-h15, < 11.2.7-h8, < 11.2.10-h2 PAN-OS 11.1 < 11.1.4-h27, < 11.1.6-h23, < 11.1.10-h9, < 11.1.13 PAN-OS 10.2 < 10.2.7-h32, < 10.2.10-h30, < 10.2.13-h18, < 10.2.16-h6, < 10.2.18-h1 PAN-OS 10.1 < 10.1.14-h20 Prisma Access 11.2 < 11.2.7-h8 Prisma Access 10.2 < 10.2.10-h29
Palo Alto Networks also clarified that this vulnerability only applies to PAN-OS NGFW or Prisma Access configurations with GlobalProtect Gateway or Portal enabled. The company’s cloud next-generation firewall (NGFW) is not affected. There are no workarounds to mitigate this flaw.
Although there is no evidence that this vulnerability has been exploited, it is important to keep your devices up to date, especially given the repeated scanning activity of the exposed GlobalProtect gateway over the past year.
Source link
