CVE-2026-0228
Awaiting Analysis Awaiting Analysis - Queue
Improper Certificate Validation in PAN-OS Enables Unauthorized Access

Publication date: 2026-02-11

Last updated on: 2026-02-12

Assigner: Palo Alto Networks, Inc.

Description
An improper certificate validation vulnerability in PAN-OS allows users to connect Terminal Server Agents on Windows to PAN-OS using expired certificates even if the PAN-OS configuration would not normally permit them to do so.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-11
Last Modified
2026-02-12
Generated
2026-06-16
AI Q&A
2026-02-11
EPSS Evaluated
2026-06-14
NVD
CVE-2026-0228
EUVD
EUVD-2026-5939
Affected Vendors & Products
Showing 6 associated CPEs
Vendor Product Version / Range
palo_alto_networks pan-os to 10.2.17 (exc)
palo_alto_networks pan-os to 11.1.11 (exc)
palo_alto_networks pan-os to 11.2.8 (exc)
palo_alto_networks prisma_access to 10.2.10-h28 (exc)
palo_alto_networks prisma_access to 11.2.7-h10 (exc)
palo_alto_networks pan-os *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-295 The product does not validate, or incorrectly validates, a certificate.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-0228 is a vulnerability in PAN-OS related to improper validation of Terminal Server Agent certificates on Windows.

This flaw allows users to connect Terminal Server Agents to PAN-OS using expired certificates, bypassing the normal PAN-OS configuration restrictions that would typically prevent such connections.

It affects PAN-OS versions prior to certain patch releases and is classified under CWE-295 (Improper Certificate Validation) and CAPEC-114 (Authentication Abuse).

Impact Analysis

This vulnerability allows unauthorized or unintended connections to PAN-OS devices by using expired certificates, potentially bypassing security configurations.

The impact on product integrity and confidentiality is limited, and the vulnerability has a low severity score (CVSS v4.0 base score of 4.0).

It requires low privileges and no user interaction, with a network attack vector and low attack complexity.

However, it could allow attackers or unauthorized users to abuse authentication mechanisms to connect Terminal Server Agents on Windows to PAN-OS devices.

Compliance Impact

I don't know

Detection Guidance

This vulnerability affects PAN-OS devices configured to connect to Terminal Server Agents on Windows. To detect if your system is affected, verify if Terminal Server Agents are enabled under Device > User Identification > Terminal Server Agents in the PAN-OS management interface.

There are no specific commands provided in the available resources to detect the improper certificate validation or expired certificates being accepted. Detection primarily involves checking the PAN-OS configuration for Terminal Server Agents and verifying the PAN-OS version against the affected versions.

Mitigation Strategies

The only effective mitigation is to upgrade PAN-OS to a fixed version. Upgrade to PAN-OS 10.2.17 or later, 11.1.11 or later, 11.2.8 or later, or the corresponding Prisma Access patch versions (10.2.10-h28 and 11.2.7-h10 or later).

If you are using PAN-OS 12.1 or Cloud NGFW, no action is required as these versions are not affected.

No known workarounds exist, so patching is the recommended immediate step to mitigate the vulnerability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-0228. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart