PAN-OS DoS via Maintenance Mode Trigger
CVE-2026-0227 Published on January 15, 2026
PAN-OS: Firewall Denial of Service (DoS) in GlobalProtect Gateway and Portal
A vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to cause a denial of service (DoS) to the firewall. Repeated attempts to trigger this issue results in the firewall entering into maintenance mode.
Timeline
Added 10.2.4-h43 to Prisma Access Fix Versions.
Changed recommended fix version from 11.2.4-h14 to 11.2.4-h15.
Initial Publication
Fixed a broken link and updated the Solutions table. 16 days later.
Weakness Type
Improper Check for Unusual or Exceptional Conditions
The software does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the software.
Products Associated with CVE-2026-0227
stack.watch emails you whenever new vulnerabilities are published in Palo Alto Networks PAN-OS or Palo Alto Networks Prisma Access. Just hit a watch button to start following.
Affected Versions
Palo Alto Networks Cloud NGFW:- Version All is unaffected.
- Version 12.1.2 and below 12.1.4, 12.1.3-h3 is affected.
- Version 11.2.0 and below 11.2.10-h2, 11.2.7-h8, 11.2.4-h15 is affected.
- Version 11.1.0 and below 11.1.13, 11.1.10-h9, 11.1.6-h23, 11.1.4-h27 is affected.
- Version 10.2.0 and below 10.2.18-h1, 10.2.16-h6, 10.2.13-h18, 10.2.10-h30, 10.2.7-h32 is affected.
- Version 10.1.0 and below 10.1.14-h20 is affected.
- Version 11.2 and below 11.2.7-h8 is affected.
- Version 10.2 and below 10.2.10-h29, 10.2.4-h43 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.