PALO Alto Networks has issued a vulnerability notice for a denial-of-service flaw in PAN-OS, tracked as CVE-2026-0229, that could allow an unauthenticated attacker to force firewalls into a reboot loop and, ultimately, maintenance mode. The issue stems from how the Advanced DNS Security (ADNS) feature processes certain network packets and can be triggered by a maliciously crafted packet, potentially crashing the system without login.
A reboot loop becomes more consequential if it is repeated, causing the firewall to enter maintenance mode and stop processing traffic. Exploit requires a specific configuration: ADNS must be enabled and a spyware profile configured with actions set to “block, sinkhole, or alert.” Cloud NGFW and Prisma Access are not impacted, and patches are available: PAN-OS 12.1 should be upgraded to 12.1.4 or later (Affected: < 12.1.4), and PAN-OS 11.2 should be upgraded to 11.2.10 or later (Affected: < 11.2.10). According to Palo Alto Networks, the advisory details the mechanism of the DoS vulnerability affecting its PAN-OS software.