CVE-2026-0287 PAN-OS: Denial of Service Vulnerabilities in Network Traffic Processing
Multiple denial of service vulnerabilities, tracked as CVE-2026-0287, in Palo Alto Networks PAN-OS software allow an unauthenticated attacker to cause a DoS condition by sending specially crafted network traffic, potentially forcing the firewall into maintenance mode.
Palo Alto Networks has disclosed multiple denial of service vulnerabilities, tracked as CVE-2026-0287, affecting various versions of its PAN-OS® software, Cloud NGFW, and Prisma Access products. An unauthenticated attacker with network access can trigger a denial of service (DoS) condition by sending specially crafted network traffic to or through a vulnerable dataplane interface. Repeated exploitation of this vulnerability can force the firewall into maintenance mode, disrupting network traffic and service availability. While Cloud NGFW and Prisma Access have built-in resilience, they are still susceptible. This vulnerability, discovered internally, carries a CVSSv4 score of 8.7 (High) and requires immediate patching for affected on-premises PAN-OS installations. Palo Alto Networks is not aware of any in-the-wild exploitation at this time.
Attack Chain
- An unauthenticated attacker gains network access to a vulnerable Palo Alto Networks PAN-OS dataplane interface.
- The attacker crafts and sends specially crafted network traffic designed to exploit CVE-2026-0287.
- The vulnerable PAN-OS device processes this malicious traffic through its network traffic processing component.
- The specially crafted traffic triggers a denial of service condition within the firewall's operating system.
- The DoS condition disrupts the firewall's ability to process legitimate network traffic.
- Repeated attempts by the attacker to exploit the vulnerability cause the firewall to enter maintenance mode, completely interrupting network availability.
Impact
Successful exploitation of CVE-2026-0287 leads to a denial of service condition, severely degrading or completely interrupting network traffic processing through the affected Palo Alto Networks firewall. If exploited repeatedly, the firewall enters maintenance mode, rendering it inoperable and causing a full network outage. While Cloud NGFW and Prisma Access products have some built-in resilience, they are not immune, potentially leading to service disruptions for cloud-based network security. This vulnerability impacts organizations relying on these firewalls for network segmentation, security policies, and internet connectivity, resulting in significant operational downtime and potential loss of business continuity.
Recommendation
- Prioritize patching all affected Palo Alto Networks PAN-OS installations to the versions specified in the security advisory to remediate CVE-2026-0287.
- For Cloud NGFW and Prisma Access customers, contact Palo Alto Networks Support to schedule an on-demand software upgrade if a more immediate patch is required prior to the next scheduled maintenance cycle as per the CVE-2026-0287 advisory.