Exploitation of Critical Security Vulnerability in Palo Alto Networks Firewalls
Palo Alto Networks has recently disclosed a critical buffer overflow vulnerability in its PAN-OS firewall software, tracked as CVE-2026-0300. This vulnerability is currently being actively exploited by attackers. The company confirmed the security breach on May 6, 2026, warning that limited exploitation has been observed targeting exposed instances.
The vulnerability primarily affects the User-ID Authentication Portal service. It allows unauthenticated attackers to execute arbitrary code with root privileges on PA-Series and VM-Series firewalls by sending specially crafted packets. This flaw carries a CVSS severity score of 9.3 and has been added to the U.S. Cybersecurity and Infrastructure Security Agency’s list of known exploited vulnerabilities.
Palo Alto Networks has assured that customers following standard security best practices, such as restricting sensitive portals to trusted internal networks, are at greatly reduced risk. The company is working diligently to release software fixes, with the first updates expected to be available on May 13, 2026. Until patches are available, the company strongly recommends that customers secure the User-ID Authentication Portal by restricting access to trusted zones only or disabling the portal if not required. Security researchers believe the attacks are likely the work of state-sponsored threat actors.
Source: Help Net Security