Palo Alto Networks has released a security update to fix a serious vulnerability in its PAN-OS firewall software. The issue affects systems that use the GlobalProtect gateway or portal feature. If left unpatched, the flaw could allow attackers to disrupt firewall operations. The company has confirmed the issue through an official security advisory.
The vulnerability is identified as CVE-2026-0227 and has been rated high severity with a CVSS score of 7.7. This score indicates that the flaw poses a significant risk to affected organizations. The issue allows a denial-of-service condition to occur. Importantly, attackers do not need login credentials to exploit it.
According to Palo Alto, an attacker could send specially crafted network requests to a vulnerable firewall. If these requests are repeated, the firewall may be forced into maintenance mode. In this state, the firewall stops performing its normal security functions. This can cause serious network disruption and loss of protection.
The flaw only affects devices where the GlobalProtect gateway or portal is enabled. Systems that do not use these features are not impacted. Palo Alto also clarified that its Cloud NGFW service is not affected. Prisma Access deployments using GlobalProtect may be vulnerable depending on their version.
Multiple PAN-OS versions are impacted, including several builds across the 10.x, 11.x, and 12.x release branches. Palo Alto has provided fixed versions for each affected branch. Organizations must upgrade to the recommended patched versions. There are currently no alternative mitigation steps available.
Palo Alto stated that there is no evidence of active exploitation at the time of disclosure. However, proof-of-concept techniques exist that demonstrate how the flaw could be abused. Security researchers have observed increased scanning activity targeting GlobalProtect services. This increases the risk for unpatched systems exposed to the internet.
Because Palo Alto firewalls are widely used by enterprises and government organizations, the impact of this vulnerability could be large. Many companies rely on GlobalProtect for secure remote access. A firewall entering maintenance mode could interrupt business operations. This makes timely patching especially important.
Palo Alto Networks strongly recommends that all affected customers apply the security updates as soon as possible. Administrators should review their configurations and confirm whether GlobalProtect is enabled. Keeping firewall software up to date is critical. Prompt action can prevent service disruption and reduce security risks.
Stay alert, and keep your security measures updated!
Source: Follow cybersecurity88 on X and LinkedIn for the latest cybersecurity news
