Security firm Palo Alto is rolling out a patch for a vulnerability in its firewall software. The vulnerability allows attackers to disable your firewall(s).
On Wednesday, Palo Alto shared more details about a vulnerability (CVE-2026-0227) in PAN-OS, the software that runs on most of the company’s firewalls. With a CVSS score of 7.7, it is a serious vulnerability. Attackers can exploit it to bypass firewalls by provoking a DNS failure, which causes the firewalls to go into maintenance mode.
Palo Alto shares a list of affected PAN-OS versions for which a patch is available. As always, it is advisable to investigate as soon as possible whether an update is required for you, and not to postpone it for too long. A patch has also been rolled out for Prisma Access 10.2 and 11.2.
According to the security company, there is currently no evidence that the vulnerability is actually being exploited. This is only possible with a specific configuration and when GlobalProtect is enabled. The cloud-based firewalls do not appear to be subject to the vulnerability.
6,000 vulnerable firewalls
Shadowserver counts almost 6,000 firewalls (5,742) worldwide that could be at risk. Of these, approximately eight hundred are in Europe (794). For Belgium, this only concerns seventeen vulnerable firewalls and 58 in the Netherlands. In France, 111 firewalls need an urgent update.
Palo Alto experienced several problems with firewall vulnerabilities in 2024. In November 2024, thousands of firewalls were also effectively hacked. The impact of this vulnerability is not yet as great, but that can change quickly if customers do not implement the patch in time.
read also