-
Palo Alto Networks (PAN-OS / Prisma Access / GlobalProtect focus)
CVE-2026-0227 (CVSS 7.7, High): DoS in GlobalProtect Gateway/Portal (improper exception handling). Unauthenticated remote attackers could crash firewalls or force maintenance mode (PoC public). Announced/published January 14, 2026 (advisory updated February 9, 2026). Patches released concurrently in fixed PAN-OS versions (e.g., 12.1.3-h3 / 12.1.4, 11.2.4-h15, etc.; Prisma Access cloud mostly pre-patched). Vulnerability window post-announcement: 0 days…
-
Fortinet (FortiOS / FortiGate / FortiManager focus)
CVE-2026-24858 (Critical, auth bypass via FortiCloud SSO alternate path/channel; CWE-288): Attacker with any FortiCloud account could access other customers’ devices if SSO enabled (not default but common post-registration). Exploited in the wild pre-disclosure (malicious accounts locked Jan 22, 2026). Advisory published January 27, 2026. Fortinet mitigated on cloud side (disabled/re-enabled SSO without vulnerable device support…