Published on January 15, 2026
CVE-2026-0227 – PAN-OS Firewall DoS in GlobalProtect Gateway and Portal
Severity:
High
Detail
Palo Alto Networks has issued patches to address a critical vulnerability affecting the GlobalProtect Gateway and Portal. Identified as CVE-2026-0227, the flaw impacts next-generation firewalls running PAN-OS 10.1 or newer, as well as Prisma Access deployments where the GlobalProtect gateway or portal is activated.
CVE-ID: CVE-2026-0227
CVSS Score (Severity): 7.7 (High)
Description: A vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to cause a denial of service (DoS) to the firewall. Repeated attempts to trigger this issue results in the firewall entering into maintenance mode.
Affected Version
| Versions | Affected | Unaffected |
| Cloud NGFW | None | All |
| PAN-OS 12.1 | < 12.1.3-h3 < 12.1.4 | >= 12.1.3-h3 >= 12.1.4 |
| PAN-OS 11.2 | < 11.2.4-h15 < 11.2.7-h8 < 11.2.10-h2 | >= 11.2.4-h15 (ETA: 1/14/2026) >= 11.2.7-h8 >= 11.2.10-h2 |
| PAN-OS 11.1 | < 11.1.4-h27 < 11.1.6-h23 < 11.1.10-h9 < 11.1.13 | >= 11.1.4-h27 >= 11.1.6-h23 >= 11.1.10-h9 >= 11.1.13 |
| PAN-OS 10.2 | < 10.2.7-h32 < 10.2.10-h30 < 10.2.13-h18 < 10.2.16-h6 < 10.2.18-h1 | >= 10.2.7-h32 >= 10.2.10-h30 >= 10.2.13-h18 >= 10.2.16-h6 >= 10.2.18-h1 |
| PAN-OS 10.1 | < 10.1.14-h20 | >= 10.1.14-h20 |
| Prisma Access 11.2 | < 11.2.7-h8* | >= 11.2.7-h8* |
| Prisma Access 10.2 | < 10.2.10-h29* | >= 10.2.10-h29* |
** Palo Alto Networks have successfully completed the Prisma Access upgrade for most of the customers, with the exception of few in progress due to conflicting upgrade schedules. Remaining customers are being promptly scheduled for an upgrade through our standard upgrade process.
Recommendation
Palo Alto Networks has rolled out security fixes for all impacted versions. While there is no evidence that the vulnerability has been exploited in the wild, Palo Alto Networks urging administrators to update to the latest release to safeguard their systems from potential exploits.
Source
https://security.paloaltonetworks.com/CVE-2026-0227
https://thehackernews.com/2026/01/palo-alto-fixes-globalprotect-dos-flaw.html