top of page
Search

Palo Alto Networks Fixes GlobalProtect Flaw Allowing Unauthenticated Denial of Service

  • Jan 15
  • 2 min read

Key Findings


  • Palo Alto Networks addressed a high-severity vulnerability, tracked as CVE-2026-0227 (CVSS score: 7.7), affecting GlobalProtect Gateway and Portal.

  • A proof-of-concept (PoC) exploit for the vulnerability exists.

  • The flaw allows an unauthenticated attacker to cause a denial-of-service (DoS) condition that can force the firewall into maintenance mode, disrupting network traffic and firewall protection.

  • The vulnerability affects multiple versions of Palo Alto Networks' PAN-OS software, including versions across 12.1, 11.2, 11.1, 10.2, and 10.1.

  • Prisma Access 11.2 < 11.2.7-h8 and Prisma Access 10.2 < 10.2.10-h29 are also impacted.

  • The vulnerability does not affect Palo Alto Networks' Cloud Next-Generation Firewall (NGFW).

  • Palo Alto Networks is not aware of any attacks exploiting this vulnerability in the wild at the time of writing.


Background


GlobalProtect is Palo Alto Networks' VPN and secure remote-access solution. It gives users a protected connection to their organization's network by routing their traffic through a Palo Alto firewall, which applies the same security controls used inside the corporate environment.


Vulnerability Details


The vulnerability, described as an improper check for exceptional conditions (CWE-754), allows an unauthenticated attacker to cause a denial-of-service (DoS) condition on the Palo Alto firewall. Repeated attempts to trigger the issue can force the firewall into maintenance mode, disrupting network traffic and firewall protection until administrators intervene.


Affected Versions


The following versions of Palo Alto Networks' PAN-OS software and Prisma Access are affected by the vulnerability:


  • PAN-OS 12.1 < 12.1.3-h3, < 12.1.4

  • PAN-OS 11.2 < 11.2.4-h15, < 11.2.7-h8, < 11.2.10-h2

  • PAN-OS 11.1 < 11.1.4-h27, < 11.1.6-h23, < 11.1.10-h9, < 11.1.13

  • PAN-OS 10.2 < 10.2.7-h32, < 10.2.10-h30, < 10.2.13-h18, < 10.2.16-h6, < 10.2.18-h1

  • PAN-OS 10.1 < 10.1.14-h20

  • Prisma Access 11.2 < 11.2.7-h8

  • Prisma Access 10.2 < 10.2.10-h29


Mitigation and Recommendations


Palo Alto Networks has released security updates to address the vulnerability. Network administrators are advised to update their systems as soon as possible to the patched versions. Since there is a PoC exploit available, it is essential to apply the fixes promptly to prevent potential attacks.


Sources


  • https://securityaffairs.com/186948/hacking/palo-alto-networks-addressed-a-globalprotect-flaw-poc-exists.html

  • https://thehackernews.com/2026/01/palo-alto-fixes-globalprotect-dos-flaw.html

  • https://securityonline.info/palo-alto-networks-firewalls-hit-by-unauthenticated-globalprotect-dos-flaw/

Recent Posts

See All
Defeating AI with AI

Key Findings Generative AI and agentic AI are increasingly used by threat actors to conduct faster and more targeted attacks. One capability that AI improves for threat actors is the ability to profil

 
 
 

Comments

  • Youtube

© 2025 by Explain IT Again. Powered and secured by Wix

bottom of page