Cyber Resilience

CVE-2026-0227

Medium

Published: 15 January 2026

Published
15 January 2026
Modified
06 February 2026
KEV Added
Patch
CVSS Score v4 6.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:D/RE:M/U:Amber
EPSS Score 0.0007 21.0th percentile
Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-0227 is a medium-severity Improper Check for Unusual or Exceptional Conditions (CWE-754) vulnerability in Paloaltonetworks Pan-Os. Its CVSS base score is 6.6 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 21.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-0227 is a vulnerability in Palo Alto Networks PAN-OS software that enables an unauthenticated attacker to cause a denial of service (DoS) condition on the firewall. Repeated attempts to trigger the issue can force the firewall into maintenance mode. The vulnerability is associated with CWE-754 and carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating high availability impact with no effects on confidentiality or integrity.

An unauthenticated attacker with network access to the affected firewall can exploit this vulnerability remotely with low complexity and no requirement for user interaction or privileges. Successful exploitation disrupts firewall operations, and sustained attacks lead to the device entering maintenance mode, rendering it unavailable for traffic processing.

Mitigation details and patches are available in the vendor advisory at https://security.paloaltonetworks.com/CVE-2026-0227, published on 2026-01-15. Security practitioners should consult this reference for specific remediation steps.

EU & UK References

Vulnerability details

A vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to cause a denial of service (DoS) to the firewall. Repeated attempts to trigger this issue results in the firewall entering into maintenance mode.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Direct remote exploitation of software vulnerability to crash/impair firewall availability and force maintenance mode.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-0257Same product: Paloaltonetworks Pan-Os
CVE-2024-3400Same product: Paloaltonetworks Pan-Os
CVE-2025-0111Same product: Paloaltonetworks Pan-Os
CVE-2025-0108Same product: Paloaltonetworks Pan-Os
CVE-2025-0114Same product: Paloaltonetworks Pan-Os
CVE-2025-0118Same product class: VPN / SSL gateway
CVE-2024-46668Same product class: VPN / SSL gateway
CVE-2024-46670Same product class: VPN / SSL gateway
CVE-2026-0300Same product: Paloaltonetworks Pan-Os
CVE-2026-4693Shared CWE-754

Affected Assets

paloaltonetworks
pan-os
10.1.14, 10.2.10, 10.2.13, 10.2.16, 10.2.17 · 10.1.0 — 10.1.14 · 10.2.0 — 10.2.7 · 10.2.8 — 10.2.10
paloaltonetworks
prisma access
all versions

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the vulnerability by identifying, reporting, and applying vendor patches for the PAN-OS DoS flaw.

prevent

Protects the firewall against denial-of-service events triggered by unauthenticated remote exploitation of this vulnerability.

prevent

Enforces boundary protection to limit network access to the firewall's vulnerable interfaces, reducing unauthenticated attack opportunities.

References