A critical vulnerability in Palo Alto Networks' PAN-OS software, identified as CVE-2026-0300, is being actively exploited to achieve unauthenticated remote code execution. This buffer overflow flaw is particularly problematic when the User-ID portal is exposed to the internet, allowing attackers to execute arbitrary code without authentication. With a CVSS score of 9.3, this vulnerability poses a significant threat to affected systems. Palo Alto Networks has warned of the flaw, which affects the User-ID Authentication Portal service, and is likely to be a high-priority patch for many organizations. The fact that CVE-2026-0300 is under active attack1 means that practitioners should take immediate action to patch or mitigate the vulnerability. This exploit has significant implications for network security, making it essential for practitioners to prioritize patching to prevent potential breaches, as the exploitation status of this vulnerability determines the urgency of the response.
Palo Alto Networks PAN-OS flaw exploited for remote code execution
⚠️ Critical Alert
Why This Matters
CVE-2026-0300 is in active discussion involving Palo Alto — exploitation status determines whether this is patch-now or monitor.
References
- SecurityAffairs. (2026, May 6). Palo Alto Networks PAN-OS flaw exploited for remote code execution. *SecurityAffairs*. https://securityaffairs.com/191748/security/palo-alto-networks-pan-os-flaw-exploited-for-remote-code-execution.html
Original Source
SecurityAffairs
Read original →