Palo Alto PAN-OS Vulnerabilities Including ADNS DoS (CVE-2026-0229)
Palo Alto Networks published fixes for multiple PAN-OS vulnerabilities affecting supported releases (including PAN-OS 12.1, 11.2, 11.1, and 10.2) and related services such as Prisma Access and Prisma Browser. The Canadian Centre for Cyber Security amplified the vendor guidance, pointing organizations to apply updates and mitigations for PAN-OS and Prisma products, including CVE-2026-0228 and CVE-2026-0229, and a separate Chromium monthly update advisory referenced by Palo Alto.
CVE-2026-0229 is a network-reachable denial-of-service condition in PAN-OS’s Advanced DNS Security (ADNS) feature that can allow an unauthenticated attacker to trigger system reboots with a maliciously crafted packet; repeated triggering can push a firewall into maintenance mode, creating a high availability impact. Exposure requires ADNS to be enabled and a spyware profile action set to block, sinkhole, or alert (i.e., not allow); Palo Alto stated Cloud NGFW and Prisma Access are not impacted by this specific issue and reported no known exploitation. CVE-2026-0228 involves improper certificate validation that can allow Windows Terminal Server Agents to connect using expired certificates under certain configurations, with no workaround noted by the vendor; affected organizations are advised to upgrade to fixed PAN-OS versions per Palo Alto’s guidance.
Timeline
Feb 11, 2026
Canadian Centre for Cyber Security issues alert on Palo Alto advisories
Later on 2026-02-11, the Canadian Centre for Cyber Security published advisory AV26-118 highlighting Palo Alto Networks' newly released security advisories. It urged administrators to review the advisories, apply mitigations, and install the necessary updates.
Feb 11, 2026
Palo Alto discloses CVE-2026-0229 DNS security DoS flaw
Palo Alto Networks disclosed CVE-2026-0229 on 2026-02-11 as a denial-of-service vulnerability in the Advanced DNS Security feature of PAN-OS. The advisory specified affected versions and the releases containing fixes.
Feb 11, 2026
Palo Alto discloses CVE-2026-0228 certificate validation flaw
Palo Alto Networks disclosed CVE-2026-0228 on 2026-02-11 as an improper validation of a Terminal Server Agent certificate in PAN-OS. The advisory identified affected versions and directed customers to upgrade to fixed releases.
Feb 11, 2026
Palo Alto Networks publishes advisories for multiple PAN-OS vulnerabilities
On 2026-02-11, Palo Alto Networks published security advisories covering multiple vulnerabilities affecting PAN-OS, Prisma Access on PAN-OS, and Prisma Browser. The advisories included CVE-2026-0228, CVE-2026-0229, and a February 2026 Chromium security update, with affected versions and fixed releases identified.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Related Entities
Vulnerabilities
Organizations
Affected Products
Sources
Related Stories
Palo Alto Networks PAN-OS and Prisma Browser Vulnerabilities Disclosed
Palo Alto Networks disclosed a denial-of-service (DoS) vulnerability, identified as CVE-2025-4619, affecting PAN-OS software on PA-Series, VM-Series, CN-Series firewalls, and Prisma Access. This vulnerability allows an unauthenticated attacker to reboot a firewall by sending specially crafted packets through the data plane, potentially causing the device to enter maintenance mode if exploited repeatedly. The company has detailed affected and unaffected PAN-OS versions and confirmed that Cloud NGFW is not impacted. Prisma Access customers have largely been upgraded, with remaining updates scheduled. Additionally, Palo Alto Networks released its November 2025 monthly vulnerability update for Chromium and Prisma Browser, addressing multiple CVEs, including several Chromium vulnerabilities and three specific to Prisma Browser (CVE-2025-4616, CVE-2025-4617, CVE-2025-4618). The Canadian Centre for Cyber Security issued an advisory summarizing these disclosures and urging administrators to review the advisories, apply mitigations, and update affected products to secure their environments against these vulnerabilities.
1 months ago
Denial-of-Service Vulnerabilities Disrupting Network Perimeter and Wi‑Fi Infrastructure
A **DoS vulnerability in Palo Alto Networks PAN-OS** tracked as **CVE-2024-3393** was reported as **actively exploited in the wild**, allowing **unauthenticated remote attackers** to send specially crafted **DNS** packets that can force affected firewalls to **reboot** and, with repeated triggering, potentially enter **maintenance mode**, effectively disabling perimeter enforcement. Reported impact is tied to the **data plane** when **DNS Security** is enabled and **DNS Security logging** is active, and it may affect multiple form factors (including PA-Series, VM-Series, CN-Series, and Prisma Access) where the DNS Security license is applied; advisories urge rapid patching/mitigation due to the risk of losing network security controls. Separately, researchers disclosed a **Broadcom chipset software flaw** affecting at least the **ASUS RT-BE86U** that enables an **unauthenticated, in-range attacker on 5 GHz Wi‑Fi** to send a single malformed frame that **immediately disconnects clients**, requiring a **manual router reset**; the issue was found via fuzzing, fixed by Broadcom, and addressed by ASUS in updated firmware (reported fixed in `3.0.0.6.102_37841`, affecting `3.0.0.6.102_37612` and older). A Palo Alto Networks advisory on a **Chromium monthly vulnerability update** lists multiple Chromium CVEs incorporated into Palo Alto products, but it is not directly related to the PAN-OS DNS DoS exploitation or the Broadcom/ASUS Wi‑Fi DoS issue.
1 months ago
Palo Alto Networks PAN-OS GlobalProtect DoS Vulnerability (CVE-2026-0227)
Palo Alto Networks released fixes for **CVE-2026-0227**, a high-severity denial-of-service vulnerability in **PAN-OS** that can be triggered by an **unauthenticated** attacker when the **GlobalProtect gateway or portal** is enabled on affected next-generation firewall and *Prisma Access* configurations. Repeated exploitation attempts can force impacted firewalls into **maintenance mode**, effectively disabling protections and causing service disruption; Palo Alto Networks stated there are **no workarounds** and advised upgrading to patched releases. Reporting indicates a **proof-of-concept (PoC)** exploit exists, although Palo Alto Networks said it had **no evidence of in-the-wild exploitation** at the time of advisory publication. Exposure risk remains material given the large number of internet-facing Palo Alto Networks firewalls observed online (with Shadowserver tracking roughly **6,000** exposed devices) and ongoing scanning activity historically targeting exposed GlobalProtect endpoints; administrators should prioritize patching across affected PAN-OS and Prisma Access versions and validate whether GlobalProtect is enabled on externally reachable interfaces.
1 months ago