CVE-2026-0229
Awaiting Analysis Awaiting Analysis - Queue
Denial-of-Service in PAN-OS ADNS Causes Firewall Reboots

Publication date: 2026-02-11

Last updated on: 2026-02-12

Assigner: Palo Alto Networks, Inc.

Description
A denial-of-service (DoS) vulnerability in the Advanced DNS Security (ADNS) feature of Palo Alto Networks PAN-OSยฎ software enables an unauthenticated attacker to initiate system reboots using a maliciously crafted packet. Repeated attempts to initiate a reboot causes the firewall to enter maintenance mode. Cloud NGFW and Prisma Accessยฎ are not impacted by this vulnerability.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-11
Last Modified
2026-02-12
Generated
2026-06-16
AI Q&A
2026-02-11
EPSS Evaluated
2026-06-14
NVD
CVE-2026-0229
EUVD
EUVD-2026-5938
Affected Vendors & Products
Showing 5 associated CPEs
Vendor Product Version / Range
palo_alto_networks pan-os From 12.1.2 (inc) to 12.1.3 (inc)
palo_alto_networks pan-os From 11.2.0 (inc) to 11.2.9 (inc)
palo_alto_networks pan-os 12.1.4
palo_alto_networks pan-os 11.2.10
palo_alto_networks pan-os *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-754 The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-0229 is a medium-severity denial-of-service (DoS) vulnerability in the Advanced DNS Security (ADNS) feature of Palo Alto Networks PAN-OS software.

It allows an unauthenticated attacker to cause system reboots by sending specially crafted packets.

Repeated exploitation forces the firewall into maintenance mode, disrupting its normal operation.

The vulnerability affects PAN-OS versions 12.1.2 through 12.1.3 and 11.2.0 through 11.2.9, and requires that ADNS is enabled with a spyware profile configured to block, sinkhole, or alert (any non-allow setting).

The attack is network-based, requires no privileges or user interaction, and can be automated.

Impact Analysis

This vulnerability can cause your Palo Alto Networks firewall to reboot repeatedly when targeted by an attacker sending malicious packets.

Repeated reboots will cause the firewall to enter maintenance mode, leading to disruption of network security services and potential downtime.

Since the attack requires no authentication or user interaction, it can be executed remotely and automated, increasing the risk of denial of service.

Compliance Impact

I don't know

Detection Guidance

This vulnerability involves the Advanced DNS Security (ADNS) feature of Palo Alto Networks PAN-OS software and can be exploited by sending specially crafted packets that cause system reboots.

There are no known threat prevention signatures or workarounds available to detect or block this vulnerability due to its nature.

Detection would require monitoring for unusual system reboots or the firewall entering maintenance mode, especially if ADNS is enabled and a spyware profile with blocking, sinkholing, or alerting actions is configured.

No specific commands or network detection signatures are provided in the available information.

Mitigation Strategies

The primary mitigation step is to upgrade affected PAN-OS versions to the fixed releases: 12.1.4 or later, and 11.2.10 or later.

Ensure that the Advanced DNS Security (ADNS) feature and spyware profiles with blocking, sinkholing, or alerting actions are reviewed, as these configurations are required for the vulnerability to be exploitable.

Since no workarounds or threat prevention signatures exist, upgrading the software is the only reliable mitigation.

Chat Assistant
Ask questions about this CVE
Hi! Iโ€™m here to help you understand CVE-2026-0229. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart