Palo Alto Networks has released security updates for a high-severity flaw impacting GlobalProtect Gateway and Portal. Notably, the company confirmed the existence of a proof-of-concept (PoC) exploit for the issue.
Vulnerability Details
Specifically, the vulnerability tracked as CVE-2026-0227 (CVSS score: 7.7) represents a denial-of-service (DoS) condition affecting GlobalProtect PAN-OS software. An improper check for exceptional conditions (CWE-754) causes the flaw.
“A vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to cause a denial-of-service (DoS) to the firewall,” the company said in an advisory released Wednesday. “Repeated attempts to trigger this issue result in the firewall entering into maintenance mode.”
Meanwhile, an unnamed external researcher discovered and reported the issue. The vulnerability affects the following versions:
- PAN-OS 12.1 < 12.1.3-h3, < 12.1.4
- PAN-OS 11.2 < 11.2.4-h15, < 11.2.7-h8, < 11.2.10-h2
- PAN-OS 11.1 < 11.1.4-h27, < 11.1.6-h23, < 11.1.10-h9, < 11.1.13
- PAN-OS 10.2 < 10.2.7-h32, < 10.2.10-h30, < 10.2.13-h18, < 10.2.16-h6, < 10.2.18-h1
- PAN-OS 10.1 < 10.1.14-h20
- Prisma Access 11.2 < 11.2.7-h8
- Prisma Access 10.2 < 10.2.10-h29
Scope and Mitigation
Additionally, Palo Alto Networks clarified that the vulnerability applies only to PAN-OS NGFW or Prisma Access deployments with an enabled GlobalProtect gateway or portal. In contrast, the company’s Cloud Next-Generation Firewall (NGFW) does not face any impact. Palo Alto Networks also confirmed that no workarounds currently mitigate the flaw.
Finally, although researchers have found no evidence of active exploitation in the wild, organizations should prioritize updates. This recommendation becomes especially important because exposed GlobalProtect gateways have experienced repeated scanning activity over the past year.
Source: TheHackerNews
Read more at Impreza News
