Memory Corruption DoS in Palo Alto Networks PAN-OS Tunnel Traffic Processing

Successful exploitation causes a denial-of-service condition against the affected firewall. An authenticated attacker can repeatedly trigger system reboots, disrupting traffic processing and firewall availability. Continued exploitation can force the firewall into maintenance mode, resulting in sustained service interruption and loss of normal security enforcement until the device is recovered.

Where immediate patching is not possible, reduce exposure by limiting access to the affected tunnel-facing functionality to trusted users and networks where operationally feasible. Because the vulnerability requires an authenticated user and affects devices configured with IPsec tunnels or GlobalProtect gateways, review and minimize accounts and access paths that can interact with those services. The provided content also recommends restricting management access to trusted internal IP addresses, limiting CLI access to a small group of administrators, and using a hardened jump box for firewall management access, although those measures are broader hardening guidance and not a direct fix for this tunnel-traffic flaw.

Upgrade PAN-OS to a fixed release. The provided content lists the following fixed versions for CVE-2026-0269: PAN-OS 12.1.4-h5 and 12.1.5; 11.2.4-h17, 11.2.7-h4, and 11.2.10; 11.1.4-h33, 11.1.6-h21, 11.1.10-h7, and 11.1.12; and 10.2.7-h34, 10.2.10-h36, 10.2.13-h21, 10.2.16-h6, and 10.2.18. Organizations on unsupported PAN-OS branches should upgrade to a supported fixed release.