CVE-2026-0227

Palo Alto Networks PAN-OS and Prisma Access versions prior to 12.1.3-h3, prior to 12.1.4, prior to 11.2.4-h15, prior to 11.2.7-h8, prior to 11.2.10-h2, prior to 11.1.4-h27, prior to 11.1.6-h23, prior to 11.1.10-h9, prior to 11.1.13, prior to 10.2.7-h32, prior to 10.2.10-h30, prior to 10.2.13-h18, prior to 10.2.16-h6, prior to 10.2.18-h1, prior to 10.1.14-h20, and Prisma Access versions prior to 11.2.7-h8, prior to 10.2.10-h29.

Description A flaw exists in Palo Alto Networks PAN-OS software and Prisma Access that allows an unauthenticated attacker to cause a denial of service (DoS) condition. Repeated attempts to exploit this issue can force the firewall into maintenance mode, disrupting remote access and perimeter defenses. The vulnerability specifically impacts GlobalProtect gateway and portal configurations and does not affect Cloud Next-Generation Firewalls (NGFW). Proof-of-concept (PoC) exploit code is publicly available. There is no evidence of widespread exploitation at this time, but increased scanning activity targeting exposed GlobalProtect gateways has been observed.

Recommendations Apply the latest security updates released by Palo Alto Networks to all affected PAN-OS and Prisma Access deployments.