State-sponsored attackers are actively exploiting a zero-day vulnerability in Palo Alto Networks firewalls, designated as CVE-2026-0300, to gain unauthorized root access without requiring login credentials1. This high-severity flaw, with a CVSS rating of 9.3, affects the Captive Portal feature in PAN-OS on PA-Series and VM-Series firewalls, stemming from a memory corruption bug in the User-ID Authentication Portal. Successful exploitation enables remote execution of arbitrary code on exposed devices, posing a significant threat to network security. The vulnerability is currently being discussed by Palo Alto, and its exploitation status will determine whether immediate patching or continued monitoring is necessary. This vulnerability matters to security practitioners because it highlights the need for prompt patch management and vigilance in protecting against state-backed cyber threats.
State-backed hackers hammer Palo Alto firewall zero-day before patch lands
⚠️ Critical Alert
Why This Matters
CVE-2026-0300 is in active discussion involving Palo Alto — exploitation status determines whether this is patch-now or monitor.
References
- The Register. (2026, May 7). State-backed hackers hammer Palo Alto firewall zero-day before patch lands. *The Register*. https://www.theregister.com/cyber-crime/2026/05/07/state-backed-hackers-hammer-palo-alto-firewall-zero-day-before-patch-lands/5234737
Original Source
The Register
Read original →