CVE-2026-0227 (CVSS 7.7, High): DoS in GlobalProtect Gateway/Portal (improper exception handling). Unauthenticated remote attackers could crash firewalls or force maintenance mode (PoC public). Announced/published January 14, 2026 (advisory updated February 9, 2026). Patches released concurrently in fixed PAN-OS versions (e.g., 12.1.3-h3 / 12.1.4, 11.2.4-h15, etc.; Prisma Access cloud mostly pre-patched). Vulnerability window post-announcement: 0 days…