CVE-2026-0228 | THREATINT

Description

An improper certificate validation vulnerability in PAN-OS allows users to connect Terminal Server Agents on Windows to PAN-OS using expired certificates even if the PAN-OS configuration would not normally permit them to do so.

PUBLISHED Reserved 2025-11-03 | Published 2026-02-11 | Updated 2026-02-11 | Assigner palo_alto

LOW: 1.3CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber

Problem types

CWE-295 Improper Certificate Validation

Product status

Default status

unaffected

All (custom)

unaffected

Default status

unaffected

12.1.0 (custom) before 11.2.8

unaffected

11.2.0 (custom) before 11.2.8

affected

11.1.0 (custom) before 11.1.11

affected

10.2.0 (custom) before 10.2.17

affected

Default status

unaffected

10.2.0 (custom) before 10.2.10-h28

affected

Timeline

2026-02-11:

Initial Publication

Credits

Paolo Nero of Wellcomm Engineering finder

References

security.paloaltonetworks.com/CVE-2026-0228 vendor-advisory

cve.org (CVE-2026-0228)

nvd.nist.gov (CVE-2026-0228)

Download JSON