CVE-2026-0228

Summary

An improper certificate validation vulnerability in PAN-OS allows users to connect Terminal Server Agents on Windows to PAN-OS using expired certificates even if the PAN-OS configuration would not normally permit them to do so.

Affected Software

VendorProductVersion RangeStatus
Palo Alto NetworksCloud NGFWAllunaffected
Palo Alto NetworksPAN-OS12.1.0 < 11.2.8unaffected
Palo Alto NetworksPAN-OS11.2.0 < 11.2.8affected
Palo Alto NetworksPAN-OS11.1.0 < 11.1.11affected
Palo Alto NetworksPAN-OS10.2.0 < 10.2.17affected
Palo Alto NetworksPrisma Access10.2.0 < 10.2.10-h28affected

Weaknesses

  • CWE-295: CWE-295 Improper Certificate Validation

Workarounds

No known workarounds exist for this issue.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References