Overview
- The vulnerability, tracked as CVE-2026-0227 with a CVSS score of 7.7, lets unauthenticated attackers trigger a denial of service that repeatedly pushes devices into maintenance mode.
- Only PAN-OS NGFW and Prisma Access setups with the GlobalProtect gateway or portal enabled are affected, and Cloud NGFW is not impacted.
- Palo Alto released fixes for all supported versions, with most Prisma Access cloud instances already upgraded and remaining customers scheduled through the standard process.
- The company reports no evidence of in-the-wild exploitation to date, though it confirms the availability of a proof-of-concept exploit.
- Security researchers note thousands of Palo Alto firewalls are exposed online, and prior campaigns have repeatedly targeted GlobalProtect and PAN-OS devices.