CVE-2026-0229
Denial-of-Service in PAN-OS ADNS Causes Firewall Reboots
Publication date: 2026-02-11
Last updated on: 2026-02-12
Assigner: Palo Alto Networks, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| palo_alto_networks | pan-os | From 12.1.2 (inc) to 12.1.3 (inc) |
| palo_alto_networks | pan-os | From 11.2.0 (inc) to 11.2.9 (inc) |
| palo_alto_networks | pan-os | 12.1.4 |
| palo_alto_networks | pan-os | 11.2.10 |
| palo_alto_networks | pan-os | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-754 | The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-0229 is a medium-severity denial-of-service (DoS) vulnerability in the Advanced DNS Security (ADNS) feature of Palo Alto Networks PAN-OS software.
It allows an unauthenticated attacker to cause system reboots by sending specially crafted packets.
Repeated exploitation forces the firewall into maintenance mode, disrupting its normal operation.
The vulnerability affects PAN-OS versions 12.1.2 through 12.1.3 and 11.2.0 through 11.2.9, and requires that ADNS is enabled with a spyware profile configured to block, sinkhole, or alert (any non-allow setting).
The attack is network-based, requires no privileges or user interaction, and can be automated.
How can this vulnerability impact me? :
This vulnerability can cause your Palo Alto Networks firewall to reboot repeatedly when targeted by an attacker sending malicious packets.
Repeated reboots will cause the firewall to enter maintenance mode, leading to disruption of network security services and potential downtime.
Since the attack requires no authentication or user interaction, it can be executed remotely and automated, increasing the risk of denial of service.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves the Advanced DNS Security (ADNS) feature of Palo Alto Networks PAN-OS software and can be exploited by sending specially crafted packets that cause system reboots.
There are no known threat prevention signatures or workarounds available to detect or block this vulnerability due to its nature.
Detection would require monitoring for unusual system reboots or the firewall entering maintenance mode, especially if ADNS is enabled and a spyware profile with blocking, sinkholing, or alerting actions is configured.
No specific commands or network detection signatures are provided in the available information.
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to upgrade affected PAN-OS versions to the fixed releases: 12.1.4 or later, and 11.2.10 or later.
Ensure that the Advanced DNS Security (ADNS) feature and spyware profiles with blocking, sinkholing, or alerting actions are reviewed, as these configurations are required for the vulnerability to be exploitable.
Since no workarounds or threat prevention signatures exist, upgrading the software is the only reliable mitigation.