PAN-OS ADNS DoS via Malicious Packet Causing System Reboot
CVE-2026-0229 Published on February 11, 2026
PAN-OS: Denial of Service in Advanced DNS Security Feature
A denial-of-service (DoS) vulnerability in the Advanced DNS Security (ADNS) feature of Palo Alto Networks PAN-OS® software enables an unauthenticated attacker to initiate system reboots using a maliciously crafted packet. Repeated attempts to initiate a reboot causes the firewall to enter maintenance mode.
Cloud NGFW and Prisma Access® are not impacted by this vulnerability.
Timeline
Initial Publication
Weakness Type
Improper Check for Unusual or Exceptional Conditions
The software does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the software.
Products Associated with CVE-2026-0229
Want to know whenever a new CVE is published for Palo Alto Networks PAN-OS? stack.watch will email you.
Affected Versions
Palo Alto Networks Cloud NGFW:- Version All is unaffected.
- Version 12.1.0 and below 12.1.4 is affected.
- Version 11.2.0 and below 11.2.10 is affected.
- Version 11.1.0 and below 11.1.11 is unaffected.
- Version 10.2.0 and below 10.2.17 is unaffected.
- Version All and below 10.2.10-h28 is unaffected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.