Palo Alto Networks has released patches for a high-severity denial-of-service (DoS) vulnerability in its PAN-OS firewall platform, identified as CVE-2026-0227, with a CVSS score of 7.7. This flaw affects users running PAN-OS Next-Generation Firewall (NGFW) or Prisma Access configurations that utilize the GlobalProtect remote access gateway. If left unpatched, an unauthenticated attacker could exploit this vulnerability, forcing the firewall into maintenance mode, which would likely disrupt network availability as administrators work to resolve the issue. While Palo Alto Networks claims it hasn't seen any exploitation in the wild, the existence of proof of concept (PoC) code raises concerns. This mirrors a similar DoS issue from late 2024 (CVE-2024-3393) where attackers learned of the vulnerability before patches were issued, leading to a zero-day situation. Threat intelligence firm GreyNoise has noted an increase in automated login attempts targeting GlobalProtect and Cisco VPNs, hinting at a growing threat landscape for these systems. Most customers using Prisma Access have already been patched, but many PAN-OS NGFW users still need to apply the fix manually. Without known workarounds, temporarily disabling the VPN interface might be necessary, which means losing remote access until the patching is completed. Palo Alto has provided a patching guide based on different PAN-OS versions, urging users to update to supported versions, as those older than 10.2 are no longer maintained. According to Flashpoint, while a firewall entering maintenance mode due to this DoS condition doesn’t necessarily expose enterprises to further security risks, it does present a serious availability disruption. Modern firewalls typically "fail closed," meaning they don't open up vulnerabilities when they encounter issues. The primary concern here lies in the resilience of network operations rather than direct exploitation.