PAN-OS Improper Cert Validation Lets Windows TS Agents Use Expired Certs
CVE-2026-0228 Published on February 11, 2026
PAN-OS: Improper Validation of Terminal Server Agent Certificate
An improper certificate validation vulnerability in PAN-OS allows users to connect Terminal Server Agents on Windows to PAN-OS using expired certificates even if the PAN-OS configuration would not normally permit them to do so.
Timeline
Initial Publication
Weakness Type
Improper Certificate Validation
The software does not validate, or incorrectly validates, a certificate. When a certificate is invalid or malicious, it might allow an attacker to spoof a trusted entity by interfering in the communication path between the host and client. The software might connect to a malicious host while believing it is a trusted host, or the software might be deceived into accepting spoofed data that appears to originate from a trusted host.
Products Associated with CVE-2026-0228
stack.watch emails you whenever new vulnerabilities are published in Palo Alto Networks PAN-OS or Palo Alto Networks Prisma Access. Just hit a watch button to start following.
Affected Versions
Palo Alto Networks Cloud NGFW:- Version All is unaffected.
- Version 12.1.0 and below 11.2.8 is unaffected.
- Version 11.2.0 and below 11.2.8 is affected.
- Version 11.1.0 and below 11.1.11 is affected.
- Version 10.2.0 and below 10.2.17 is affected.
- Version 10.2.0 and below 10.2.10-h28 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.