We are seeing confirmed reports of a high-severity denial-of-service vulnerability (CVE-2026-0227) affecting Palo Alto Networks PAN-OS software as of February 4, 2026. Specifically, hackers are using this flaw to crash firewalls and force them into a permanent maintenance mode without needing any login credentials.

The Evidence

First, the vulnerability carries a CVSS score of 7.7, reflecting a high risk to business uptime and network perimeter safety. According to the official Palo Alto Networks Security Advisory, this flaw stems from faulty exception handling within the GlobalProtect gateway and portal components. Initially, security researchers discovered that an unauthenticated attacker could trigger a system crash by sending repeated, specially crafted requests to the firewall’s internet-facing interface. Subsequently, independent watchdog Shadowserver Foundation confirmed that over 6,000 Palo Alto firewalls are currently exposed online and potentially vulnerable. Specifically, the exploit code for this vulnerability is now publicly available, making it trivial for automated bots to disable corporate protections. Furthermore, threat intelligence firm GreyNoise reports an uptick in automated scans targeting GlobalProtect portals following the disclosure.

Who Should Be Concerned

Most importantly, organizations using PAN-OS versions 10.1, 10.2, 11.1, 11.2, and 12.1 with GlobalProtect enabled must treat this as a top priority. Moreover, logistics and manufacturing firms face the highest risk because a firewall crash can stop all remote access and halt critical supply chain operations. In particular, IT security directors and network administrators should verify their hardware versions immediately to prevent an unplanned outage. Therefore, business leaders must understand that this is an availability crisis that can leave the entire network undefended within minutes of an attack.

Historical Context

Notably, this is the second major denial-of-service flaw to hit the GlobalProtect platform since late 2024. Similarly, this vulnerability follows a pattern where attackers target the “front door” of the network to disrupt operations and create a path for more advanced ransomware attacks. In fact, Palo Alto has reported nearly 500 vulnerabilities in its software to date, showing that perimeter devices are a constant target for professional hackers. As a result, many security teams are moving toward zero-trust models to ensure that a single firewall failure does not collapse the entire company’s security.

Detailed Impact Analysis

Currently, an unpatched firewall remains a sitting duck for unauthenticated attackers who want to disrupt your business. Once the exploit is triggered multiple times, the device automatically enters a maintenance mode that requires physical or serial console access to fix.

Meanwhile, during this downtime, all VPN connections for remote workers will fail, and internal systems like SAP or email may become unreachable. Consequently, the operational disruption can lead to missed deadlines, lost revenue, and damage to your brand’s reputation. Based on current observations, hackers are using these crashes as a “smoke screen” to hide more dangerous activities like data theft.

Immediate Actions Required

Immediately, you must update your firewalls to the latest patched versions of PAN-OS, such as 10.2.13-h1, 11.1.6-h3, or 12.1.2-h2. Specifically, organizations should complete these updates within 24 hours to stay ahead of automated exploit tools. Next, you can verify the fix by checking the software version in your management dashboard and ensuring the build number matches the vendor’s secure release. However, if you cannot patch immediately, you should consider disabling the GlobalProtect portal on external interfaces as a temporary safety measure. Additionally, we recommend reviewing your system logs for any repeated “crash” events or unusual traffic patterns directed at your VPN gateway. After patching, monitor your network for any secondary signs of lateral movement that may have occurred during the disruption.

Additional Resources

For a complete list of affected versions and official patch links, visit the Palo Alto Networks Security Advisories page. Additionally, you can find further technical analysis on this threat through the CISA official alerts.

Get Expert Help

If your organization needs expert help to verify your firewall security or manage this critical update, DefendMyBusiness provides the guidance you need. Our team specializes in emergency patch management and comprehensive defense strategies to keep your network running smoothly. Schedule a free security consultation now to get professional analysis within 24 hours.