A critical zero-day vulnerability, designated as CVE-2026-0300, is being actively exploited in the wild, targeting the authentication portal of Palo Alto Networks' PAN-OS, which powers the company's PA-Series and VM-Series firewalls. This memory corruption flaw enables unauthenticated attackers to execute code with root privileges, posing a significant threat to affected systems. The vulnerability's exploitation allows malicious actors to gain unauthorized access and control, underscoring the need for immediate attention from security teams. Palo Alto Networks has issued an advisory, but details regarding the discovery and initial exploitation timeline remain undisclosed1. The active exploitation of this vulnerability necessitates prompt action from practitioners, as the situation may escalate rapidly, making it essential to prioritize patching or monitoring affected systems to mitigate potential damage.
A critical Palo Alto PAN-OS zero-day is being exploited in the wild
⚠️ Critical Alert
Why This Matters
CVE-2026-0300 is in active discussion involving Palo Alto — exploitation status determines whether this is patch-now or monitor.
References
- CyberScoop. (2026, May 6). A critical Palo Alto PAN-OS zero-day is being exploited in the wild. CyberScoop. https://cyberscoop.com/palo-alto-networks-pan-os-firewall-zero-day-vulnerability-exploited/
Original Source
CyberScoop
Read original →