A newly disclosed security weakness in Palo Alto Networks’ PAN-OS software could allow unauthenticated attackers to crash firewalls and force them into repeated reboot cycles, disrupting enterprise networks.
The vulnerability, tracked as CVE-2026-0229, affects the Advanced DNS Security (ADNS) feature. By sending a specially crafted malicious packet, an attacker can trigger a system reboot. Repeated exploitation may push the firewall into maintenance mode, stopping traffic inspection and leading to service outages.
Cloud NGFW and Prisma Access are not affected.
In a security advisory, Palo Alto Networks confirmed that the issue impacts only specific PAN-OS versions when ADNS is enabled along with a spyware profile configured to block, sinkhole, or alert on traffic.
Affected and fixed versions:
- PAN-OS 12.1: Versions earlier than 12.1.4 (specifically 12.1.2–12.1.3) are affected; fixed in 12.1.4 and later
- PAN-OS 11.2: Versions earlier than 11.2.10 (11.2.0–11.2.9) are affected; fixed in 11.2.10 and later
- PAN-OS 11.1: Not affected
- PAN-OS 10.2: Not affected
- Cloud NGFW: Not affected
- Prisma Access: Not affected
The company has urged administrators to immediately upgrade vulnerable systems. Devices running older, unsupported PAN-OS versions should migrate to a patched release. There are no available workarounds. Threat Prevention signatures cannot detect exploitation attempts due to the nature of the flaw.
Palo Alto Networks said there is no evidence of active exploitation in the wild so far. However, security experts caution that denial-of-service flaws can cause major disruptions, especially in high-traffic environments.
“DoS flaws like this can cascade into major disruptions, especially if chained with other attacks. Organizations relying on Palo Alto for perimeter defense must prioritize patching.”
Firewalls using ADNS are a critical layer of defense against DNS-based threats. This makes the vulnerability particularly concerning for enterprises that block malicious domains at the network edge.
Administrators are advised to review configurations and check for unpatched systems through Palo Alto’s support portal.
Also read: Viksit Workforce for a Viksit Bharat
Do Follow: The Mainstream formerly known as CIO News LinkedIn Account | The Mainstream formerly known as CIO News Facebook | The Mainstream formerly known as CIO News Youtube | The Mainstream formerly known as CIO News Twitter
About us:
The Mainstream is a premier platform delivering the latest updates and informed perspectives across the technology business and cyber landscape. Built on research-driven, thought leadership and original intellectual property, The Mainstream also curates summits & conferences that convene decision makers to explore how technology reshapes industries and leadership. With a growing presence in India and globally across the Middle East, Africa, ASEAN, the USA, the UK and Australia, The Mainstream carries a vision to bring the latest happenings and insights to 8.2 billion people and to place technology at the centre of conversation for leaders navigating the future.
