Palo Alto Networks warns of critical PAN-OS vulnerability exploited in the wild

Coverage from The Hacker News indicates that Palo Alto Networks has issued a warning regarding a critical buffer overflow vulnerability in its PAN-OS software that is actively being exploited. The flaw, identified as CVE-2026-0300, allows for unauthenticated remote code execution.

The vulnerability, which has a CVSS score of 9.3 when the User-ID Authentication Portal is exposed to untrusted networks, enables unauthenticated attackers to execute arbitrary code with root privileges on PA-Series and VM-Series firewalls. Palo Alto Networks stated that the vulnerability has seen limited exploitation, primarily targeting instances where the User-ID Authentication Portal is publicly accessible.

Affected PAN-OS versions include specific releases within 12.1, 11.2, 11.1, and 10.2. As of now, patches are not yet available, with fixes planned for release starting May 13, 2026. The company advises customers to restrict access to the User-ID Authentication Portal to trusted zones or disable it entirely if not necessary to mitigate the risk.

Source: The Hacker News