Palo Alto Networks has issued an urgent security advisory and released critical updates to address a high-severity denial-of-service (DoS) vulnerability impacting its widely used GlobalProtect Gateway and Portal. The flaw, identified as CVE-2026-0227 with a CVSS score of 7.7, poses a significant risk as it can allow an unauthenticated attacker to crash affected firewalls, rendering them inoperable.
Understanding the GlobalProtect DoS Flaw
The vulnerability stems from an “improper check for exceptional conditions” (CWE-754) within the GlobalProtect PAN-OS software. This oversight creates a scenario where a malicious actor can repeatedly trigger the issue without needing any authentication, forcing the firewall into a maintenance mode. Such an attack could severely disrupt network operations and compromise security posture.
In its official advisory, Palo Alto Networks stated: “A vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to cause a denial-of-service (DoS) to the firewall. Repeated attempts to trigger this issue result in the firewall entering into maintenance mode.”
Affected Products and Versions
The critical flaw impacts specific versions of PAN-OS software and Prisma Access configurations. Users are strongly advised to review their systems against the following affected versions:
- PAN-OS 12.1: Versions prior to 12.1.3-h3 and 12.1.4
- PAN-OS 11.2: Versions prior to 11.2.4-h15, 11.2.7-h8, and 11.2.10-h2
- PAN-OS 11.1: Versions prior to 11.1.4-h27, 11.1.6-h23, 11.1.10-h9, and 11.1.13
- PAN-OS 10.2: Versions prior to 10.2.7-h32, 10.2.10-h30, 10.2.13-h18, 10.2.16-h6, and 10.2.18-h1
- PAN-OS 10.1: Versions prior to 10.1.14-h20
- Prisma Access 11.2: Versions prior to 11.2.7-h8
- Prisma Access 10.2: Versions prior to 10.2.10-h29
It is crucial to note that this vulnerability specifically applies to PAN-OS Next-Generation Firewalls (NGFW) or Prisma Access configurations where a GlobalProtect gateway or portal is enabled. Palo Alto Networks has confirmed that its Cloud Next-Generation Firewall (NGFW) offerings are not affected by this particular flaw.
Immediate Action Required: Patch Your Systems
While there is currently no evidence of this vulnerability being exploited in the wild, the existence of a proof-of-concept (PoC) exploit underscores the immediate threat. Furthermore, Palo Alto Networks has stated that there are no known workarounds to mitigate the flaw, making patching the only effective solution.
The urgency is amplified by the fact that exposed GlobalProtect gateways have been a frequent target of scanning activity by malicious actors over the past year. This historical context suggests that attackers are actively looking for weaknesses in these systems, making prompt patching an absolute necessity to prevent potential disruptions.
Organizations utilizing affected Palo Alto Networks GlobalProtect configurations should prioritize applying the latest security updates without delay to safeguard their networks against potential denial-of-service attacks.
For more details, visit our website.
Source: Link
Leave a comment