Palo Alto Firewall Flaw Lets Hackers Trigger DoS Attacks
▼ Summary
– Palo Alto Networks patched a high-severity vulnerability (CVE-2026-0227) that allows unauthenticated attackers to cause a denial-of-service, forcing affected firewalls into maintenance mode.
– The flaw impacts next-generation firewalls running PAN-OS 10.1 or later and Prisma Access configurations when GlobalProtect is enabled, with most cloud instances already updated.
– The company has released security updates for all affected versions and advises administrators to upgrade their systems immediately.
– While nearly 6,000 firewalls are exposed online, there is no evidence this specific vulnerability is currently being exploited in attacks.
– Palo Alto Networks firewalls are frequent targets, with several other critical vulnerabilities having been exploited in recent months, including zero-days and flaws chained in attacks.
A critical security vulnerability in Palo Alto Networks firewalls could allow attackers to remotely disable these devices, leaving networks unprotected. The company has issued patches for this high-severity flaw, identified as CVE-2026-0227, which impacts next-generation firewalls running PAN-OS 10.1 or later. The issue specifically affects systems where the GlobalProtect gateway or portal feature is enabled, including certain Prisma Access configurations. An unauthenticated attacker could exploit this weakness to trigger a denial-of-service condition, forcing the firewall into a maintenance mode that strips away its protective capabilities.
According to the vendor, repeated attempts to trigger this vulnerability result in the firewall entering maintenance mode. While most cloud-based Prisma Access instances have already received the necessary update, a small number remain due to conflicting upgrade schedules. Those remaining systems are being prioritized for immediate patching through the standard upgrade process. Security researchers currently observe nearly 6,000 Palo Alto firewalls exposed on the public internet, though it is unclear how many run a vulnerable configuration or have been secured. The company stated it has not seen evidence of active exploitation in the wild as of the advisory’s publication.
Administrators are urged to apply security updates immediately to protect their infrastructure. The following upgrade paths are recommended for affected versions: PAN-OS 12.1 – Upgrade to 12.1.4 or a later release.
This incident is part of a concerning pattern where Palo Alto’s firewall products are frequently targeted. In late 2024, the company addressed two actively exploited zero-day flaws that granted attackers root privileges, leading to compromises of thousands of devices according to external researchers. Shortly after, another denial-of-service vulnerability was weaponized to force firewalls to reboot. Early this year, attackers were observed chaining three separate flaws to breach PAN-OS systems.
Adding to the threat landscape, a recent automated campaign has been targeting GlobalProtect portals with brute-force login attempts originating from over 7,000 IP addresses. Given that Palo Alto Networks secures over 70,000 organizations globally, including a majority of large U.S. financial institutions and 90% of Fortune 10 companies, the widespread impact of such vulnerabilities is significant. Proactive patch management remains the most effective defense against these evolving threats.
(Source: Bleeping Computer)
