प्लेटफ़ॉर्म
paloalto
घटक
terminal-server-agent
में ठीक किया गया
11.2.8
11.1.11
10.2.17
10.2.10-h28
CVE-2026-0228 describes an improper certificate validation vulnerability within the Palo Alto Networks PAN-OS operating system, specifically impacting Terminal Server Agents. This flaw allows unauthorized connections from Windows Terminal Server Agents using expired certificates, potentially circumventing intended security policies. The vulnerability affects all versions of PAN-OS prior to 11.2.8, and a fix is available in version 11.2.8.
The primary impact of CVE-2026-0228 is the potential for unauthorized access to the PAN-OS system through Terminal Server Agents. An attacker could leverage an expired certificate to establish a connection, effectively bypassing certificate-based authentication and potentially gaining access to sensitive data or internal network resources. This could lead to data breaches, system compromise, and lateral movement within the network. While the vulnerability doesn't directly grant remote code execution, it weakens the authentication posture and creates an avenue for further exploitation.
CVE-2026-0228 was publicly disclosed on 2026-02-11. As of this date, there are no publicly available proof-of-concept exploits. The EPSS score is pending evaluation. It is not currently listed on the CISA KEV catalog. Given the nature of the vulnerability and the potential for certificate manipulation, it is prudent to assume that exploitation is possible and to apply the recommended mitigation.
Organizations heavily reliant on Terminal Server Agents for remote access and management are at increased risk. Environments with legacy Windows systems or those that have not enforced strict certificate management practices are particularly vulnerable. Shared hosting environments where multiple users share the same Terminal Server Agent infrastructure could also be affected.
• paloalto / windows: Use Windows Event Viewer to monitor for successful connections from Terminal Server Agents with certificates nearing or past their expiration date. Filter for events related to certificate validation failures followed by successful connections.
Get-WinEvent -LogName Security -FilterXPath '//Event[System[EventID=5141]]'• paloalto / linux: Examine Palo Alto Networks firewall logs for connections from Terminal Server Agents using certificates with expiration dates outside of the acceptable range. Use journalctl to filter for relevant log entries.
journalctl -u panfsd | grep "certificate expired"• paloalto / generic web: Check Palo Alto Networks firewall configuration for certificate validation policies. Ensure that policies are configured to reject expired certificates and that alerts are generated for any attempts to bypass these policies.
disclosure
एक्सप्लॉइट स्थिति
EPSS
0.01% (1% शतमक)
CISA SSVC
The primary mitigation for CVE-2026-0228 is to upgrade Palo Alto Networks PAN-OS to version 11.2.8 or later. Prior to upgrading, it's crucial to review the release notes for any potential compatibility issues or breaking changes. If an immediate upgrade is not feasible, consider implementing stricter certificate validation policies within PAN-OS to limit the acceptance of expired certificates. While not a complete fix, this can reduce the attack surface. Monitor system logs for any unusual connections from Terminal Server Agents, particularly those using certificates with unexpected expiration dates.
Actualice PAN-OS a la versión 11.2.8 o superior, o a las versiones 10.2.17, 10.2.10-h28 o 11.1.11 para corregir la validación incorrecta de certificados. Esto evitará que los agentes de Terminal Server se conecten usando certificados expirados. Consulte el advisory de Palo Alto Networks para obtener más detalles sobre la actualización.
भेद्यता विश्लेषण और गंभीर अलर्ट सीधे आपके ईमेल में।
CVE-2026-0228 is a vulnerability in Palo Alto Networks PAN-OS that allows connections from Windows Terminal Server Agents using expired certificates, bypassing normal security controls.
If you are running PAN-OS versions prior to 11.2.8 and utilize Terminal Server Agents, you are potentially affected by this vulnerability.
Upgrade your Palo Alto Networks PAN-OS to version 11.2.8 or later to resolve this vulnerability. Review release notes before upgrading.
As of the public disclosure date, there are no confirmed reports of active exploitation, but the potential for exploitation exists.
Refer to the Palo Alto Networks Security Advisories page for the official advisory regarding CVE-2026-0228.
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।