Medium5.3Palo Alto Networks
PAN-OS: improper certificate validation vulnerability in PAN-OS allows users to connect Terminal Server Agents on Windows…
CVE-2026-0228 Published Feb 11, 2026Updated by vendor Jun 17, 2026
CVE-2026-0228
Affected products & platforms
Palo Alto NetworksPAN-OSFirewall
Summary
An improper certificate validation vulnerability in PAN-OS allows users to connect Terminal Server Agents on Windows to PAN-OS using expired certificates even if the PAN-OS configuration would not normally permit them to do so.
Affected versions
- PAN-OS < 11.2.8
- PAN-OS < 11.1.11
- PAN-OS < 10.2.17
- Prisma Access < 10.2.10-h28
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
Fixed versions
- PAN-OS >= 11.2.8
- PAN-OS >= 11.1.11
- PAN-OS >= 10.2.17
- Prisma Access >= 11.2.7-h10
- Prisma Access >= 10.2.10-h28
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
Mitigation checklist
Recommended fix / mitigation
- VersionMinor VersionSuggested SolutionCloud NGFWNo action needed.PAN-OS 12.1No action needed.
- PAN-OS 11.2 11.2.0 through 11.2.7 Upgrade to 11.2.8 or later.
- PAN-OS 11.1 11.1.0 through 11.1.10 Upgrade to 11.1.11 or later.
- PAN-OS 10.2 10.2.0 through 10.2.16 Upgrade to 10.2.17 or later.
Temporary workarounds
- No known workarounds exist for this issue.
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.