MDR
Solutions
Partners
About
Resources
Palo Alto Networks has disclosed multiple vulnerabilities affecting Prisma Browser and PAN-OS, including medium- to high-severity Chromium engine flaws and a denial-of-service condition in firewall software. The most significant issues impact Prisma Browser, where multiple Chromium vulnerabilities could allow remote code execution, memory corruption, type confusion, and user interface spoofing when a user visits crafted web content. These flaws stem from weaknesses in components such as V8, Blink, ANGLE, libvpx, and various browser security UI mechanisms.
Prisma Browser versions earlier than 144.27.7.133 are affected, with fixes delivered across several incremental builds. Palo Alto incorporated upstream Chromium security updates as part of its February 2026 release cycle.
Separately, CVE-2026-0229 affects the Advanced DNS Security (ADNS) feature in PAN-OS. This vulnerability allows an unauthenticated attacker to send specially crafted packets that trigger firewall reboots. Repeated exploitation attempts may force affected devices into maintenance mode, resulting in service disruption. Cloud NGFW and Prisma Access are not impacted by this issue.
A low-severity certificate validation flaw, CVE-2026-0228, affects PAN-OS deployments using Terminal Server Agents. It permits connections using expired certificates under specific conditions. No active exploitation has been reported for any of these vulnerabilities.
CVE
CVE-2026-0899; CVE-2026-0900; CVE-2026-0901; CVE-2026-0902; CVE-2026-0903; CVE-2026-0904; CVE-2026-0905; CVE-2026-0906; CVE-2026-0907; CVE-2026-0908; CVE-2026-1504; CVE-2026-1861; CVE-2026-1862; CVE-2026-0229; CVE-2026-0228
Targeting / Delivery Mechanism
Prisma Browser vulnerabilities require user interaction with malicious web content. The PAN-OS DoS flaw can be triggered remotely via crafted network packets targeting exposed firewall interfaces.
Execution Technique
Chromium engine flaws may enable remote code execution or UI spoofing through memory corruption and logic errors. The PAN-OS DoS issue abuses packet handling in ADNS to force system reboot conditions.
Persistence / Deployment
These vulnerabilities do not inherently provide persistence but may allow follow-on compromise if exploited successfully, particularly in browser-based attack chains.
Operational Impact
Risk is assessed as Medium overall, with higher impact potential in environments heavily reliant on Prisma Browser or PAN-OS firewall infrastructure. Successful exploitation of the browser vulnerabilities could result in arbitrary code execution within the context of the logged-in user, potentially leading to credential theft, malware installation, or lateral movement depending on endpoint controls. UI spoofing flaws may also facilitate phishing-style attacks by misleading users about security indicators.
The PAN-OS denial-of-service vulnerability presents availability risk. An unauthenticated attacker capable of reaching vulnerable firewall interfaces could repeatedly trigger reboots, causing service outages or forcing devices into maintenance mode. While this does not directly enable data compromise, disruption of perimeter defenses may create secondary exposure or operational downtime.
The certificate validation flaw carries limited severity but weakens trust enforcement where Terminal Server Agents are deployed. Although no active exploitation has been observed, organizations operating exposed management or firewall interfaces should prioritize patching to prevent opportunistic targeting.
Validate Integrity
Confirm Prisma Browser is updated to version 144.27.7.133 or later. Verify PAN-OS devices are running 12.1.4, 11.2.10, 11.2.8, 11.1.11, 10.2.17, or later as applicable.
Respond to Confirmed Compromise
Investigate unexpected firewall reboots, review logs for anomalous DNS Security activity, and assess endpoints for suspicious browser-driven activity if exploitation is suspected.
Strengthen Preventative Controls
Apply patches promptly after testing. Restrict external access to firewall management interfaces and ADNS services. Enforce least privilege on endpoints and limit browser-based exposure through secure web gateway controls.
References
https://security.paloaltonetworks.com/PAN-SA-2026-0002
https://security.paloaltonetworks.com/CVE-2026-0229
https://security.paloaltonetworks.com/CVE-2026-0228
https://nvd.nist.gov/vuln/detail/CVE-2026-0899
Trusted by clients worldwide
Led by human expertise and powered by the VisionX platform, we provide you with a 24/7 unbeatable Managed Detection & Response capability giving you transparent and consolidated security solutions.
.jpg)