Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Palo Alto Networks PAN-OS and Prisma Access unauthenticated DoS flaw (CVE-2026-0227)

Vulnerability
First reported
Last updated
Happening score
H score 24
1 unique sources, 1 articles

Summary

Hide ▲

CVE-2026-0227 affects Palo Alto Networks PAN-OS 10.1 or later and Prisma Access with GlobalProtect enabled, creating an unauthenticated DoS risk that can push firewalls into maintenance mode. Palo Alto Networks has released fixes for the flaw, and most cloud Prisma Access instances have already been patched. The issue matters because exposed firewalls can lose protections even without attacker authentication, although the vendor had no evidence of active exploitation at publication.

Related Happenings

PAN-OS User-ID Authentication Portal mitigation guidance (CVE-2026-0300)

Advisory/Mitigation
First: 06.05.2026 09:14 Last: 06.05.2026 09:14 Sources 1

About this happening: Palo Alto Networks issued **mitigation guidance** for **CVE-2026-0300** after the **PAN-OS User-ID Authentication Portal** flaw was reported **exploited in the wild**, leaving pub...

Open Happening

FIRESTARTER malware on Cisco ASA and FTD devices

Malware Activity
First: 23.04.2026 15:00 Last: 23.04.2026 15:00 Sources 1

About this happening: CISA has published analysis of **FIRESTARTER**, a malware strain that enables **remote access and control** on **Cisco Firepower** and **Secure Firewall** devices, raising the ris...

Latest development: 24.04.2026 23:34

CISA, NCSC-UK, and Cisco detailed Firestarter persistence on Cisco Firepower and Secure Firewall devices running ASA or FTD software, attributing the backdoor to UAT-4356 and linking the activity to ArcaneDoor. The malware modifies CSP_MOUNT_LIST, stores a copy in /opt/cisco/platform/logs/var/log/svc_samcore.log, restores itself to /usr/bin/lina_cs, and relaunches after termination or reboot; Cisco recommends reimaging and upgrading to fixed releases, or using a cold restart only if reimaging is not possible.

Open Happening

CISA end-of-support edge device decommissioning mandate (BOD 26-02)

Advisory/Mitigation
First: 06.02.2026 10:41 Last: 06.02.2026 10:41 Sources 1

About this happening: CISA's **BOD 26-02** now forces **U.S. federal agencies** to inventory, decommission, and replace **end-of-support edge devices** that no longer receive security updates. The dire...

Open Happening

CISA orders federal agencies to remediate end-of-support edge devices

Public Sector Action
First: 05.02.2026 14:00 Last: 05.02.2026 14:00 Sources 1

About this happening: **CISA** issued **Binding Operational Directive 26-02** to require **FCEB agencies** to inventory, update, and remove **end-of-support edge devices** within a specified timeframe....

Open Happening

CISA KEV remediation deadline for SolarWinds WHD CVE-2025-40551

Public Sector Action
First: 04.02.2026 07:50 Last: 04.02.2026 07:50 Sources 1

About this happening: **CISA** added **CVE-2025-40551** in **SolarWinds Web Help Desk** to the **KEV catalog** and imposed **federal remediation deadlines**, turning a newly exploited flaw into a compl...

Open Happening

Timeline

  1. 15.01.2026 11:02 2 articles · 4mo ago

    Palo Alto Networks patches CVE-2026-0227 in PAN-OS and Prisma Access

    Mitigation Patch Update

    Palo Alto Networks releases fixes for CVE-2026-0227, a high-severity PAN-OS vulnerability affecting PAN-OS 10.1 or later and Prisma Access configurations when the GlobalProtect gateway or portal is enabled. Repeated unauthenticated triggering can force firewalls into maintenance mode and disable firewall protections, and the vendor says most cloud Prisma Access instances are already patched while remaining customers are being scheduled for upgrade.

    Show sources
    Open in new tab