Platform
paloalto
Component
terminal-server-agent
Fixed in
11.2.8
11.1.11
10.2.17
10.2.10-h28
CVE-2026-0228 describes an improper certificate validation vulnerability within the Palo Alto Networks PAN-OS operating system, specifically impacting Terminal Server Agents. This flaw allows unauthorized connections from Windows Terminal Server Agents using expired certificates, potentially circumventing intended security policies. The vulnerability affects all versions of PAN-OS prior to 11.2.8, and a fix is available in version 11.2.8.
The primary impact of CVE-2026-0228 is the potential for unauthorized access to the PAN-OS system through Terminal Server Agents. An attacker could leverage an expired certificate to establish a connection, effectively bypassing certificate-based authentication and potentially gaining access to sensitive data or internal network resources. This could lead to data breaches, system compromise, and lateral movement within the network. While the vulnerability doesn't directly grant remote code execution, it weakens the authentication posture and creates an avenue for further exploitation.
CVE-2026-0228 was publicly disclosed on 2026-02-11. As of this date, there are no publicly available proof-of-concept exploits. The EPSS score is pending evaluation. It is not currently listed on the CISA KEV catalog. Given the nature of the vulnerability and the potential for certificate manipulation, it is prudent to assume that exploitation is possible and to apply the recommended mitigation.
Exploit Status
EPSS
0.01% (1% percentile)
CISA SSVC
The primary mitigation for CVE-2026-0228 is to upgrade Palo Alto Networks PAN-OS to version 11.2.8 or later. Prior to upgrading, it's crucial to review the release notes for any potential compatibility issues or breaking changes. If an immediate upgrade is not feasible, consider implementing stricter certificate validation policies within PAN-OS to limit the acceptance of expired certificates. While not a complete fix, this can reduce the attack surface. Monitor system logs for any unusual connections from Terminal Server Agents, particularly those using certificates with unexpected expiration dates.
Actualice PAN-OS a la versión 11.2.8 o superior, o a las versiones 10.2.17, 10.2.10-h28 o 11.1.11 para corregir la validación incorrecta de certificados. Esto evitará que los agentes de Terminal Server se conecten usando certificados expirados. Consulte el advisory de Palo Alto Networks para obtener más detalles sobre la actualización.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-0228 is a vulnerability in Palo Alto Networks PAN-OS that allows connections from Windows Terminal Server Agents using expired certificates, bypassing normal security controls.
If you are running PAN-OS versions prior to 11.2.8 and utilize Terminal Server Agents, you are potentially affected by this vulnerability.
Upgrade your Palo Alto Networks PAN-OS to version 11.2.8 or later to resolve this vulnerability. Review release notes before upgrading.
As of the public disclosure date, there are no confirmed reports of active exploitation, but the potential for exploitation exists.
Refer to the Palo Alto Networks Security Advisories page for the official advisory regarding CVE-2026-0228.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.