A critical zero-day vulnerability, identified as CVE-2026-0300, has been discovered in Palo Alto Networks' PAN-OS firewall system, specifically in the User-ID Authentication Portal. This flaw allows attackers to execute code with root privileges on exposed PA and VM series firewalls without requiring a login, giving them unfettered access to the system. Suspected state-sponsored hackers have been exploiting this vulnerability for nearly a month, targeting over 5,400 PAN-OS VM firewalls, according to estimates by Shadowserver. The vulnerability's active exploitation status underscores the need for immediate attention, as it can be used to gain unauthorized access to sensitive networks1. This vulnerability's impact is significant, as it can compromise the security of entire networks, making it essential for practitioners to prioritize patching or monitoring their Palo Alto Networks firewalls to prevent potential breaches.
Palo Alto Networks firewall flaw has been exploited for several weeks
⚠️ Critical Alert
Why This Matters
CVE-2026-0300 is in active discussion involving Palo Alto — exploitation status determines whether this is patch-now or monitor.
References
- CSO Online. (2026, May 8). Palo Alto Networks firewall flaw has been exploited for several weeks. *CSO Online*. https://www.csoonline.com/article/4168343/critical-palo-alto-networks-software-bug-hits-exposed-firewalls.html
Original Source
CSO Online
Read original →