CVE-2026-0228
Improper Certificate Validation in PAN-OS Enables Unauthorized Access
Publication date: 2026-02-11
Last updated on: 2026-02-12
Assigner: Palo Alto Networks, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| palo_alto_networks | pan-os | to 10.2.17 (exc) |
| palo_alto_networks | pan-os | to 11.1.11 (exc) |
| palo_alto_networks | pan-os | to 11.2.8 (exc) |
| palo_alto_networks | prisma_access | to 10.2.10-h28 (exc) |
| palo_alto_networks | prisma_access | to 11.2.7-h10 (exc) |
| palo_alto_networks | pan-os | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-295 | The product does not validate, or incorrectly validates, a certificate. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-0228 is a vulnerability in PAN-OS related to improper validation of Terminal Server Agent certificates on Windows.
This flaw allows users to connect Terminal Server Agents to PAN-OS using expired certificates, bypassing the normal PAN-OS configuration restrictions that would typically prevent such connections.
It affects PAN-OS versions prior to certain patch releases and is classified under CWE-295 (Improper Certificate Validation) and CAPEC-114 (Authentication Abuse).
How can this vulnerability impact me? :
This vulnerability allows unauthorized or unintended connections to PAN-OS devices by using expired certificates, potentially bypassing security configurations.
The impact on product integrity and confidentiality is limited, and the vulnerability has a low severity score (CVSS v4.0 base score of 4.0).
It requires low privileges and no user interaction, with a network attack vector and low attack complexity.
However, it could allow attackers or unauthorized users to abuse authentication mechanisms to connect Terminal Server Agents on Windows to PAN-OS devices.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability affects PAN-OS devices configured to connect to Terminal Server Agents on Windows. To detect if your system is affected, verify if Terminal Server Agents are enabled under Device > User Identification > Terminal Server Agents in the PAN-OS management interface.
There are no specific commands provided in the available resources to detect the improper certificate validation or expired certificates being accepted. Detection primarily involves checking the PAN-OS configuration for Terminal Server Agents and verifying the PAN-OS version against the affected versions.
What immediate steps should I take to mitigate this vulnerability?
The only effective mitigation is to upgrade PAN-OS to a fixed version. Upgrade to PAN-OS 10.2.17 or later, 11.1.11 or later, 11.2.8 or later, or the corresponding Prisma Access patch versions (10.2.10-h28 and 11.2.7-h10 or later).
If you are using PAN-OS 12.1 or Cloud NGFW, no action is required as these versions are not affected.
No known workarounds exist, so patching is the recommended immediate step to mitigate the vulnerability.