CVE-2026-0227

HIGH

Palo Alto Networks PAN-OS >= 10.1.0 < 10.1.14 - Unauthenticated Denial of Service

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2026-0227. PoCs published by TeeyaR, CkAbhijit.

AI-analyzed exploit summary The repository contains a scanner for detecting exposed Palo Alto GlobalProtect instances, inspired by CVE-2026-0227. It probes common GlobalProtect paths and checks for indicators of exposure, but does not include exploit code for the vulnerability.

Description

A vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to cause a denial of service (DoS) to the firewall. Repeated attempts to trigger this issue results in the firewall entering into maintenance mode.

Exploits (2)

nomisec SCANNER
by TeeyaR · poc
https://github.com/TeeyaR/CVE-2026-0227-Palo-Alto

The repository contains a scanner for detecting exposed Palo Alto GlobalProtect instances, inspired by CVE-2026-0227. It probes common GlobalProtect paths and checks for indicators of exposure, but does not include exploit code for the vulnerability.

Classification
Scanner 95%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: Palo Alto GlobalProtect (PAN-OS)
No auth needed
Prerequisites: Network access to target systems
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec STUB
by CkAbhijit · poc
https://github.com/CkAbhijit/CVE-2026-0227-Advanced-Scanner

The repository contains only a minimal README with no technical details or exploit code. It appears to be a placeholder or stub with no substantive content.

Classification
Stub 90%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target: unknown
No auth needed
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (1)

Core 1
Core References
Vendor Advisory vendor-advisory
https://security.paloaltonetworks.com/CVE-2026-0227

Scores

CVSS v3 7.5
EPSS 0.0067
EPSS Percentile 47.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-754
Status published
Products (5)
paloaltonetworks/pan-os 10.1.14 (13 CPE variants)
paloaltonetworks/pan-os 10.2.7 (11 CPE variants)
paloaltonetworks/pan-os 10.2.10 (14 CPE variants)
paloaltonetworks/pan-os 10.2.13 (9 CPE variants)
paloaltonetworks/pan-os 10.2.16 (3 CPE variants)
Published Jan 15, 2026
Tracked Since Feb 18, 2026