Palo Alto Networks Firewalls Hit by Unauthenticated GlobalProtect DoS Flaw

Palo Alto Networks has issued a warning to network administrators worldwide after discovering a high-severity vulnerability in its PAN-OS software that could allow attackers to effectively shut down firewalls protecting enterprise networks.

The vulnerability, tracked as CVE-2026-0227, carries a CVSS score of 7.7 and affects the widely used GlobalProtect Gateway and Portal features.

The core of the issue lies in how the software handles specific requests. According to the security advisory, “A vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to cause a denial of service (DoS) to the firewall”.

Unlike typical crashes that might restart a service, this flaw forces the device into a state that requires manual intervention. “Repeated attempts to trigger this issue results in the firewall entering into maintenance mode,” the report states.

When a firewall enters maintenance mode, it stops processing traffic, severing the network connection it was meant to protect. This makes the vulnerability particularly dangerous for organizations relying on GlobalProtect for remote access, as an attacker can disrupt business operations without needing any credentials.

The vulnerability is specific to configurations where the GlobalProtect gateway or portal is enabled. If these features are not in use, the firewall is safe.

The flaw spans multiple versions of PAN-OS, including the newest releases:

• PAN-OS 12.1: Versions prior to 12.1.3-h3 and 12.1.4 are affected.
• PAN-OS 11.2: Versions prior to 11.2.7-h8 and 11.2.10-h2 are affected.
• PAN-OS 10.2: Various versions are impacted, requiring updates to 10.2.7-h32, 10.2.10-h30, or 10.2.13-h18 depending on the specific build.

Cloud NGFW deployments are reportedly not affected.

While Palo Alto Networks has confirmed that they are “not aware of any malicious exploitation of this issue” in the wild, the potential for disruption is significant.

Administrators are urged to upgrade to the fixed versions immediately.

• PAN-OS 12.1 users should upgrade to 12.1.4 or later.
• PAN-OS 11.2 users should upgrade to 11.2.10-h2 or later.
• PAN-OS 10.2 users have multiple target versions depending on their current patch level, such as 10.2.18-h1.

For those on older, unsupported versions of PAN-OS, the guidance is blunt: “Upgrade to a supported fixed version”.

Related Posts:

• Palo Alto Networks Warns of XSS Flaw with PoC Exploit Code
• Fake Palo Alto Tool Delivers Sophisticated Malware in Middle East Cyberattack
• Palo Alto Networks Investigates Potential Remote Code Execution Vulnerability in PAN-OS
• Root Access Unlocked: Public PoC Exposes GlobalProtect macOS Privilege Escalation Flaw
• Palo Alto Networks Raises Alarm on Firewall Vulnerability Following Active Exploitation