CVE-2026-0227
published 2026-01-15CVE-2026-0227: A vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to cause a denial of service (DoS) to the firewall. Repeated attempts…
PriorityP345high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
0.67%
47.5th percentile
A vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to cause a denial of service (DoS) to the firewall. Repeated attempts to trigger this issue results in the firewall entering into maintenance mode.
Affected
37 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| palo_alto_networks | pan-os | >= 10.1.0 < 10.1.14-h20 | 10.1.14-h20 |
| palo_alto_networks | pan-os | >= 10.2.0 < 10.2.18-h1, 10.2.16-h6, 10.2.13-h18, 10.2.10-h30, 10.2.7-h32 | 10.2.18-h1, 10.2.16-h6, 10.2.13-h18, 10.2.10-h30, 10.2.7-h32 |
| palo_alto_networks | pan-os | >= 11.1.0 < 11.1.13, 11.1.10-h9, 11.1.6-h23, 11.1.4-h27 | 11.1.13, 11.1.10-h9, 11.1.6-h23, 11.1.4-h27 |
| palo_alto_networks | pan-os | >= 11.2.0 < 11.2.10-h2, 11.2.7-h8, 11.2.4-h15 | 11.2.10-h2, 11.2.7-h8, 11.2.4-h15 |
| palo_alto_networks | pan-os | >= 12.1.2 < 12.1.4, 12.1.3-h3 | 12.1.4, 12.1.3-h3 |
| palo_alto_networks | prisma_access | >= 10.2 < 10.2.10-h29, 10.2.4-h43 | 10.2.10-h29, 10.2.4-h43 |
| palo_alto_networks | prisma_access | >= 11.2 < 11.2.7-h8 | 11.2.7-h8 |
| paloalto | cloud_ngfw | — | — |
| paloalto | pan-os | — | — |
| paloalto | prisma_access | — | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv4.06.6MEDIUMCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:D/RE:M/U:Amber
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Palo Alto
PAN-OS: Firewall Denial of Service (DoS) in GlobalProtect Gateway and Portal
vendor_paloalto·CVSS 6.6
CVE-2026-0227 [MEDIUM] CWE-754 PAN-OS: Firewall Denial of Service (DoS) in GlobalProtect Gateway and Portal
PAN-OS: Firewall Denial of Service (DoS) in GlobalProtect Gateway and Portal
A vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to cause a denial of service (DoS) to the firewall. Repeated attempts to trigger this issue results in the firewall entering into maintenance mode.
Affected products: Cloud NGFW, PAN-OS, Prisma Access
Solution: VERSION MINOR VERSION SUGGESTED SOLUTION
Cloud NGFW All No action needed.
PAN-OS 12.1 12.1.2 through 12.1.3 Upgrade to 12.1.4 or later.
PAN-OS 11.2 11.2.8 through 11.2.10 Upgrade to 11.2.10-h2 or later.
11.2.5 through 11.2.7 Upgrade to 11.2.7-h8 or 11.2.10-h2 or later.
11.2.0 through 11.2.4 Upgrade to 11.2.4-h15 or 11.2.10-h2 or later.
PAN-OS 11.1 11.1.11 through 11.1.12 Upgrade to 11.1.13 or later.
11.1.7 through 1
GHSA
GHSA-5rqg-fqph-5w7w: A vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to cause a denial of service (DoS) to the firewall
ghsa_unreviewed·2026-01-15
CVE-2026-0227 [MEDIUM] CWE-754 GHSA-5rqg-fqph-5w7w: A vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to cause a denial of service (DoS) to the firewall
A vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to cause a denial of service (DoS) to the firewall. Repeated attempts to trigger this issue results in the firewall entering into maintenance mode.
No detection rules found.
No public exploits indexed.
Bleepingcomputer
Palo Alto Networks warns of DoS bug letting hackers disable firewalls
blogs_bleepingcomputer·2026-01-15·CVSS 6.6
CVE-2026-0227 [MEDIUM] Palo Alto Networks warns of DoS bug letting hackers disable firewalls
## Palo Alto Networks warns of DoS bug letting hackers disable firewalls
## Sergiu Gatlan
Palo Alto Networks patched a high-severity vulnerability that could allow unauthenticated attackers to disable firewall protections in denial-of-service (DoS) attacks.
Tracked as CVE-2026-0227, this security flaw affects next-generation firewalls (running PAN-OS 10.1 or later) and Palo Alto Networks' Prisma Access configurations when the GlobalProtect gateway or portal is enabled.
The cybersecurity company says that most cloud-based Prisma Access instances have already been patched, with those left to be secured already scheduled for an upgrade.
"A vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to cause a denial of service (DoS) to the firewall. Repeated a
Wiz
CVE-2026-0227 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.4
CVE-2026-0227 [HIGH] CVE-2026-0227 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-0227 :
PAN-OS vulnerability analysis and mitigation
A vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to cause a denial of service (DoS) to the firewall. Repeated attempts to trigger this issue results in the firewall entering into maintenance mode.
Source : NVD
## 6.6
Score
Published January 15, 2026
Severity MEDIUM
CNA Score 6.6
Affected Technologies
PAN-OS
Panorama Virtual Appliance
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 9.6
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:o:paloaltonetworks:pan-os
Sources
Linux Severity HIGH Has Fix Added at: Jan 15, 2026
## Get a CVE risk assessment
G
2026-01-15
Published