Critical Palo Alto Networks Vulnerability Exploited in the Wild (CVE-2026-0300)
Palo Alto Networks has revealed a critical buffer overflow vulnerability in its PAN-OS software, identified as CVE-2026-0300, which is currently being actively exploited. The flaw, rated 9.3 (CRITICAL) under CVSS 4.0, enables unauthenticated attackers to execute arbitrary code with root privileges on affected PA-Series and VM-Series firewalls without requiring credentials, user interaction, or special conditions.
The vulnerability resides in the User-ID Authentication Portal (Captive Portal) service of PAN-OS and affects multiple versions across Palo Alto’s firewall platforms. Successful exploitation grants attackers full control over compromised systems, underscoring the risks of unpatched critical infrastructure.
Palo Alto Networks has not disclosed specific details about the ongoing attacks, but the severity of the flaw highlights the urgency of applying available patches or mitigations. Organizations relying on affected firewalls are advised to prioritize updates to prevent potential breaches.
Source: https://www.linkedin.com/feed/update/urn:li:activity:7457625340316901376
Palo Alto Networks TPRM report: https://www.rankiteo.com/company/palo-alto-networks
"id": "pal1778041428",
"linkid": "palo-alto-networks",
"type": "Vulnerability",
"date": "5/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': 'Organizations using affected '
'firewalls',
'industry': 'Cybersecurity',
'name': 'Palo Alto Networks',
'type': 'Vendor'}],
'attack_vector': 'Remote Exploitation',
'description': 'Palo Alto Networks has revealed a critical buffer overflow '
'vulnerability in its PAN-OS software, identified as '
'CVE-2026-0300, which is currently being actively exploited. '
'The flaw enables unauthenticated attackers to execute '
'arbitrary code with root privileges on affected PA-Series and '
'VM-Series firewalls without requiring credentials, user '
'interaction, or special conditions.',
'impact': {'operational_impact': 'Full control over compromised systems',
'systems_affected': 'PA-Series and VM-Series firewalls'},
'post_incident_analysis': {'root_causes': 'Buffer overflow vulnerability in '
'the User-ID Authentication Portal '
'(Captive Portal) service of '
'PAN-OS'},
'recommendations': 'Organizations relying on affected firewalls are advised '
'to prioritize updates to prevent potential breaches.',
'references': [{'source': 'Palo Alto Networks'}],
'response': {'containment_measures': 'Apply available patches or mitigations',
'remediation_measures': 'Prioritize updates to prevent potential '
'breaches'},
'title': 'Critical Palo Alto Networks Vulnerability Exploited in the Wild '
'(CVE-2026-0300)',
'type': 'Buffer Overflow',
'vulnerability_exploited': 'CVE-2026-0300'}