Palo Alto Networks has issued security updates to address a high-severity denial-of-service (DoS) vulnerability affecting its GlobalProtect Gateway and Portal products, warning that the flaw can be exploited without authentication to disrupt firewall operations.
The vulnerability, tracked as CVE-2026-0227 and assigned a CVSS score of 7.7, stems from an improper handling of exceptional conditions in PAN-OS software. According to the company, a remote attacker can repeatedly trigger the flaw to force a firewall into maintenance mode, effectively rendering it unavailable.
In a security advisory released this week, Palo Alto Networks confirmed that the issue impacts systems where GlobalProtect is enabled. The flaw was discovered and responsibly disclosed by an external security researcher, and a proof-of-concept exploit is known to exist.
Affected Products and Versions
The vulnerability affects multiple supported releases of PAN-OS and Prisma Access, including:
- PAN-OS 12.1: versions earlier than 12.1.3-h3 and 12.1.4
- PAN-OS 11.2: versions earlier than 11.2.4-h15, 11.2.7-h8, and 11.2.10-h2
- PAN-OS 11.1: versions earlier than 11.1.4-h27, 11.1.6-h23, and 11.1.10-h9
- PAN-OS 10.2: versions earlier than 10.2.7-h32, 10.2.10-h30, 10.2.13-h18, and 10.2.16-h6
- PAN-OS 10.1: versions earlier than 10.1.14-h20
- Prisma Access 11.2: versions earlier than 11.2.7-h8
- Prisma Access 10.2: versions earlier than 10.2.10-h29
Palo Alto Networks emphasized that its Cloud Next-Generation Firewall (NGFW) offerings are not affected. The issue applies only to on-premises PAN-OS NGFW and Prisma Access environments with an active GlobalProtect gateway or portal.
No Workarounds Available
At present, Palo Alto Networks has not identified any configuration-based mitigations or workarounds. Applying the relevant security updates is the only effective way to remediate the vulnerability.
While the company stated there is no evidence of active exploitation in real-world attacks, the disclosure comes amid ongoing scanning activity targeting exposed GlobalProtect gateways. Security teams are therefore urged to prioritize patching to reduce potential risk.
Organizations using affected versions of PAN-OS or Prisma Access should review their deployments promptly and apply the recommended updates to maintain service availability and resilience against denial-of-service attacks.
