U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Artificial Intelligence

Palo Alto Networks addressed a GlobalProtect flaw, PoC exists

Palo Alto Networks addressed a flaw impacting GlobalProtect Gateway and Portal, for which a proof-of-concept (PoC) exploit exists. Palo Alto Networks addressed a high-severity vulnerability, tracked as CVE-2026-0227 (CVSS score: 7.7), affecting GlobalProtect Gateway and Portal, for which a proof-of-concept (PoC) exploit exists. GlobalProtect is Palo Alto Networks’ VPN and secure remote-access solution. It gives users a […]

Palo Alto Networks Palo Alto Palo Alto Warns of Exploitation of VPN Bypass Exploits (CVE-2026-0257) in PAN-OS FlawGlobalProtect CVE-2026-0257

Palo Alto Networks addressed a flaw impacting GlobalProtect Gateway and Portal, for which a proof-of-concept (PoC) exploit exists.

Palo Alto Networks addressed a high-severity vulnerability, tracked as CVE-2026-0227 (CVSS score: 7.7), affecting GlobalProtect Gateway and Portal, for which a proof-of-concept (PoC) exploit exists.

GlobalProtect is Palo Alto Networks’ VPN and secure remote-access solution. It gives users a protected connection to their organization’s network by routing their traffic through a Palo Alto firewall, which applies the same security controls used inside the corporate environment.

The flaw affects Palo Alto Networks PAN-OS and allows an attacker to disrupt a firewall without authentication.

“A vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to cause a denial of service (DoS) to the firewall.” reads the advisory. “Repeated attempts to trigger this issue results in the firewall entering into maintenance mode.”

By repeatedly exploiting the vulnerability, an attacker can force the device into maintenance mode, causing a denial-of-service condition that interrupts network traffic and firewall protection until administrators intervene.

Below is the list of the impacted versions:

VersionsAffectedUnaffected
Cloud NGFWNoneAll
PAN-OS 12.1< 12.1.3-h3
< 12.1.4
>= 12.1.3-h3
>= 12.1.4
PAN-OS 11.2< 11.2.4-h15
< 11.2.7-h8
< 11.2.10-h2
>= 11.2.4-h15 (ETA: 1/14/2026)
>= 11.2.7-h8
>= 11.2.10-h2
PAN-OS 11.1< 11.1.4-h27
< 11.1.6-h23
< 11.1.10-h9
< 11.1.13
>= 11.1.4-h27
>= 11.1.6-h23
>= 11.1.10-h9
>= 11.1.13
PAN-OS 10.2< 10.2.7-h32
< 10.2.10-h30
< 10.2.13-h18
< 10.2.16-h6
< 10.2.18-h1
>= 10.2.7-h32
>= 10.2.10-h30
>= 10.2.13-h18
>= 10.2.16-h6
>= 10.2.18-h1
PAN-OS 10.1< 10.1.14-h20>= 10.1.14-h20
Prisma Access 11.2< 11.2.7-h8*>= 11.2.7-h8*
Prisma Access 10.2< 10.2.10-h29*>= 10.2.10-h29*

The cybersecurity vendor states that the vulnerability affects only PAN-OS or Prisma Access setups where the GlobalProtect gateway or portal is enabled.

The vulnerability doesn’t impact Cloud Next-Generation Firewall (NGFW). At the time of this writing, Palo Alto Networks is not aware of attacks in the wild exploiting this vulnerability.

In December 2025, a hacking campaign started targeting GlobalProtect logins and scanning SonicWall APIs since December 2, 2025.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, GlobalProtect)