CVE-2026-0229
📋 TL;DR
An unauthenticated denial-of-service vulnerability in Palo Alto Networks PAN-OS Advanced DNS Security feature allows attackers to cause system reboots via malicious packets. Repeated exploitation can force firewalls into maintenance mode, disrupting network security. Only PAN-OS firewalls with ADNS enabled are affected; Cloud NGFW and Prisma Access are not vulnerable.
💻 Affected Systems
- Palo Alto Networks PAN-OS
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Sustained attacks cause repeated reboots and maintenance mode, resulting in extended firewall downtime and complete loss of network security protection.
Likely Case
Intermittent firewall reboots causing network outages, security policy enforcement gaps, and potential bypass of security controls during reboot cycles.
If Mitigated
Limited to brief service interruptions if quick detection and response mechanisms are in place, with minimal data loss due to firewall state preservation.
🎯 Exploit Status
Unauthenticated exploitation via crafted packets to ADNS service. No authentication or special privileges required.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: PAN-OS 10.2.12, 11.0.8, or 11.1.4
Vendor Advisory: https://security.paloaltonetworks.com/CVE-2026-0229
Restart Required: Yes
Instructions:
1. Download appropriate PAN-OS hotfix from Palo Alto support portal. 2. Upload to firewall via WebUI or CLI. 3. Install hotfix following vendor documentation. 4. Reboot firewall to complete installation.
🔧 Temporary Workarounds
Disable Advanced DNS Security
PAN-OSTemporarily disable ADNS feature to prevent exploitation while awaiting patch deployment.
configure
set deviceconfig setting dns-setting advanced-dns-security enabled no
commit
🧯 If You Can't Patch
- Implement strict network ACLs to limit access to firewall management interfaces from trusted sources only.
- Deploy network-based IPS signatures to detect and block malicious ADNS packets targeting this vulnerability.
🔍 How to Verify
Check if Vulnerable:
Check PAN-OS version and ADNS status: show system info | match version AND show deviceconfig setting dns-setting | match advanced-dns-securityCheck Version:
show system info | match versionVerify Fix Applied:
Verify PAN-OS version is 10.2.12, 11.0.8, or 11.1.4 or later: show system info | match version📡 Detection & Monitoring
Log Indicators:
- Unexpected firewall reboots in system logs
- ADNS service crash events
- Maintenance mode activation logs
Network Indicators:
- Unusual DNS traffic patterns to firewall management interfaces
- Multiple connection attempts to ADNS service port
SIEM Query:
source="pan-firewall" (event_type="system" AND message="reboot") OR (event_type="dns" AND status="error")