What is CVE-2022-0028 in Palo Alto firewalls?

It's a PAN-OS bug letting unauth hackers turn misconfigured firewalls into DDoS reflectors via URL filtering profiles.

Do I need to patch my Palo Alto firewall for CVE-2022-0028?

Yes, if running vulnerable PAN-OS versions before the listed hotfixes — especially with external-facing URL blocks. Check advisory.

What happens if attackers exploit this Palo Alto bug?

Your firewall amplifies TCP DoS traffic against any target, potentially blackholing you while costing victims (and you) big in downtime.

🛡️ Security Tools

Palo Alto's Firewall Glitch Hits CISA's 'Fix Now' List After Real-World Attacks

CISA's Known Exploited Vulnerabilities catalog just grew by one: a Palo Alto firewall bug that's already drawing fire from attackers. Patch by September 9, or risk becoming the next DDoS reflector.

Threat Digest Apr 03, 2026 4 min read 26 views

CISA warning alert for Palo Alto Networks PAN-OS firewall vulnerability CVE-2022-0028

⚡ Key Takeaways

CISA added CVE-2022-0028 to KEV catalog after confirmed exploits; federal patch deadline is Sept 9. 𝕏
Bug turns misconfigured PAN-OS firewalls into DDoS amplifiers — no auth needed. 𝕏
Vendors like Palo Alto downplay scope, but history shows 'niche' flaws enable massive attacks. 𝕏

Published by

Threat Digest

Threat intelligence. Zero noise.

#CISA KEV #CVE-2022-0028 #DDoS amplification #PAN-OS #Palo Alto Networks #Reflected DoS

Worth sharing?

Get the best Cybersecurity stories of the week in your inbox — no noise, no spam.

Originally reported by Threatpost

⚡ Key Takeaways

The 60-Second TL;DR

Threat Digest

Share this article

Worth sharing?

Related Stories

14,000 F5 BIG-IP Doors Wide Open to RCE Nightmares

Google's Vertex AI Lets AI Agents Roam Free – Palo Alto's Wake-Up Call

Iran's April 1 Deadline Puts Apple, Google in Crosshairs

Chrome's Fifth Zero-Day Patch: Google Races Against Relentless Exploits

Stay in the loop