Palo Alto Networks has issued patches for a high-severity denial-of-service vulnerability in its GlobalProtect software that could allow unauthenticated attackers to disable firewalls. Although no active exploitation has been reported, the company warns that a proof-of-concept exploit code already exists.

Palo Alto Networks recently distributed critical security patches to address a high-severity vulnerability within its PAN-OS software, specifically targeting the GlobalProtect Gateway and Portal components. The flaw, identified as CVE-2026-0227, carries a CVSS score of 7.7 and is classified as a denial-of-service condition. This security gap stems from an improper check for exceptional conditions, which can lead to system instability when triggered by an external source.

According to the company's official advisory, an unauthenticated attacker can exploit this weakness to disrupt firewall operations. If the exploit is triggered repeatedly, the firewall is forced into maintenance mode, effectively cutting off network protections and requiring manual intervention to restore services. This discovery was credited to an external researcher who identified the flaw in several versions of the software.

The vulnerability impacts a wide range of PAN-OS versions, including 10.1, 10.2, 11.1, 11.2, and 12.1, as well as specific versions of Prisma Access. However, the risk is limited to configurations where a GlobalProtect gateway or portal is actively enabled. Palo Alto Networks noted that its Cloud Next-Generation Firewall is not affected by this particular issue, providing some relief for users of that specific platform.

Because there are no known workarounds to mitigate this threat, administrators are urged to apply the official security updates immediately. The company emphasized that while the vulnerability is serious, it only manifests in specific software environments. The release of these updates is intended to close the gap before malicious actors can take advantage of the publicly available proof-of-concept code.

Security experts highlight the importance of timely patching, noting that GlobalProtect gateways are frequently targeted by scanning activity and automated exploitation attempts. While there is currently no evidence that CVE-2026-0227 has been used in real-world attacks, the existence of a functional exploit increases the likelihood of future incidents. Maintaining up-to-date software remains the most effective defense against such infrastructure-level threats.

Source: Palo Alto Fixes GlobalProtect DoS Flaw That Can Crash Firewalls