Ethical Hacking News
Palo Alto Networks has warned of a critical vulnerability that could allow hackers to disable firewall protections in denial-of-service (DoS) attacks. With thousands of firewalls exposed online, this raises significant concerns about the potential for widespread exploitation and compromise. The company has released security updates and advised administrators to upgrade to the latest release to secure their systems.
Palo Alto Networks has issued a critical security warning about a newly discovered vulnerability (CVE-2026-0227) that could allow hackers to disable firewall protections in denial-of-service (DoS) attacks. The vulnerability affects next-generation firewalls running on PAN-OS 10.1 or later, as well as Prisma Access configurations with GlobalProtect gateway or portal enabled. Repeated attempts to trigger this issue can result in the firewall entering maintenance mode, leaving systems vulnerable to targeted attacks. Palo Alto Networks has released security updates for affected versions and advised administrators to upgrade to the latest release to secure their systems. About 6,000 Palo Alto Networks firewalls are still exposed online, with thousands potentially vulnerable or already patched. This vulnerability is the latest in a series of recent security breaches and exploits targeting Palo Alto Networks products and services.
Palo Alto Networks has issued a critical security warning about a newly discovered vulnerability that could allow hackers to disable firewall protections in denial-of-service (DoS) attacks. The vulnerability, tracked as CVE-2026-0227, affects next-generation firewalls running on PAN-OS 10.1 or later, as well as Prisma Access configurations when the GlobalProtect gateway or portal is enabled.
According to Palo Alto Networks, this security flaw enables an unauthenticated attacker to cause a denial of service (DoS) to the firewall. Repeated attempts to trigger this issue results in the firewall entering into maintenance mode. This could potentially leave systems vulnerable to targeted attacks and compromise their security posture.
In response to this vulnerability, Palo Alto Networks has released security updates for all affected versions and advised administrators to upgrade to the latest release to secure their systems against potential attacks. The company stated that most cloud-based Prisma Access instances have already been patched, with those left to be secured already scheduled for an upgrade through their standard upgrade process.
Internet security watchdog Shadowserver currently tracks nearly 6,000 Palo Alto Networks firewalls exposed online, although there is no information on how many have vulnerable configurations or have already been patched. The fact that thousands of firewalls are still vulnerable raises concerns about the potential for widespread exploitation and compromise.
In recent months, Palo Alto Networks has faced numerous security breaches and exploits targeting their products and services. In November 2024, the company patched two actively exploited PAN-OS firewall zero-days that enabled attackers to gain root privileges. Shadowserver revealed days later that thousands of firewalls had been compromised in the campaign, while CISA ordered federal agencies to secure their devices within three weeks.
One month later, Palo Alto Networks warned customers that hackers were exploiting another PAN-OS DoS vulnerability (CVE-2024-3393) to target PA-Series, VM-Series, and CN-Series firewalls with DNS Security logging enabled, forcing them to reboot and disable firewall protections. Soon after, the cybersecurity firm said three other flaws (CVE-2025-0111, CVE-2025-0108, and CVE-2024-9474) were being chained in attacks to compromise PAN-OS firewalls.
More recently, threat intelligence company GreyNoise warned of an automated campaign targeting Palo Alto GlobalProtect portals with brute-force and login attempts from more than 7,000 IP addresses. This highlights the potential for large-scale attacks on systems using Palo Alto Networks products and services.
Palo Alto Networks' products and services are used by over 70,000 customers worldwide, including most of the largest U.S. banks and 90% of Fortune 10 companies. The company's security posture is a significant concern given the widespread use of their products in critical infrastructure and high-security environments.
In light of this new vulnerability, administrators are advised to prioritize securing their systems against potential attacks by upgrading to the latest release. The timely patching of these vulnerabilities highlights the importance of continuous monitoring and vigilance in maintaining the security posture of critical systems.
Related Information:
https://www.ethicalhackingnews.com/articles/Palo-Alto-Networks-Warns-of-Critical-Vulnerability-Allowing-Hackers-to-Disable-Firewalls-in-Denial-of-Service-Attacks-ehn.shtml
Published: Thu Jan 15 03:07:21 2026 by llama3.2 3B Q4_K_M
