Unauthenticated Attacker Can Trap Palo Alto Firewalls in Maintenance Mode Loop (CVE-2026-0229)
Ddos 
Palo Alto Networks has issued a security advisory for a denial-of-service (DoS) vulnerability affecting its PAN-OS software, specifically within the Advanced DNS Security (ADNS) feature. The flaw, tracked as CVE-2026-0229, carries a CVSSv4 score of 6.6 and could allow an unauthenticated attacker to force firewalls into a reboot loop, eventually pushing them into maintenance mode.
The vulnerability highlights the fragility of specialized security features when faced with malformed data. By sending a “maliciously crafted packet,” an attacker can trigger a system crash without ever logging in.
The vulnerability is rooted in how the ADNS feature processes specific network packets. The advisory explains the mechanism of the attack simply: “A denial-of-service (DoS) vulnerability in the Advanced DNS Security (ADNS) feature of Palo Alto Networks PAN-OS® software enables an unauthenticated attacker to initiate system reboots using a maliciously crafted packet.”.
While a single reboot might be a nuisance, a persistent attack can lead to a more severe operational failure. “Repeated attempts to initiate a reboot causes the firewall to enter maintenance mode,” the report warns. Once in maintenance mode, the firewall stops processing traffic entirely, effectively severing the network connection it was meant to protect.
Not every Palo Alto Networks firewall is at risk. The vulnerability requires a specific configuration to be exploitable.
- ADNS Enabled: The firewall must have the Advanced DNS Security feature turned on.
- Spyware Profile: It must also have a spyware profile configured with actions set to “block, sinkhole, or alert (i.e., any non-allow value)”.
If these conditions are met, the system is vulnerable. Fortunately, Cloud NGFW and Prisma Access are not impacted by this issue.
Palo Alto Networks has released patches for the affected versions of PAN-OS. Administrators should check their software version and apply the following updates:
- PAN-OS 12.1: Upgrade to 12.1.4 or later (Affected: < 12.1.4).
- PAN-OS 11.2: Upgrade to 11.2.10 or later (Affected: < 11.2.10).
Versions 11.1, 10.2, and Prisma Access are completely unaffected.
Related Posts:
- Palo Alto Networks Investigates Potential Remote Code Execution Vulnerability in PAN-OS
- Palo Alto Networks Warns of XSS Flaw with PoC Exploit Code
- Google lays off its Python team
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
