A critical security flaw has been discovered in Palo Alto Networks' firewall software, PAN-OS, which could potentially disrupt the operations of many organizations. This vulnerability, tracked as CVE-2026-0227, allows unauthorized attackers to launch a denial-of-service (DoS) attack on GlobalProtect gateways and portals. With a high severity rating of 7.7 on the CVSS v4.0 scale, this issue is a serious concern for network administrators.
The flaw arises from the firewall's inability to properly handle unusual conditions, forcing it into maintenance mode after repeated attacks. This vulnerability is exploitable over the network with low complexity, requiring no special privileges or user interaction, making it an attractive target for automated attacks.
Published on January 14, 2026, this issue affects multiple versions of PAN-OS but not the Cloud NGFW. The vulnerability aligns with CWE-754 and CAPEC-210, impacting product availability but leaving confidentiality and integrity relatively untouched.
Palo Alto Networks has acknowledged the existence of proof-of-concept code (Exploit Maturity: POC) but has not detected any active malicious exploitation. However, organizations with GlobalProtect gateways or portals activated on PAN-OS next-generation firewalls (NGFW) or Prisma Access are at risk.
The vulnerability affects both legacy and current PAN-OS branches, with specific affected and unaffected versions listed below. Administrators are urged to upgrade immediately, as there are no known workarounds, and the recovery process is rated as moderate effort. Suggested upgrades include the latest hotfixes, such as PAN-OS 12.1.4 or 11.2.10-h2.
An external researcher is credited for disclosing this vulnerability, and community discussions suggest recent scanning activity may be probing for this flaw. Organizations are advised to verify their configurations through Palo Alto's support portal and monitor for DoS attempts while the proof-of-concept code is available.
Stay informed by following us on Google News, LinkedIn, and X for daily cybersecurity updates. We encourage you to share your stories and experiences with us via our contact form.
