Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Palo Alto Networks PAN-OS flaw exploited for remote code execution

Palo Alto Networks warns of a critical PAN-OS flaw (CVE-2026-0300) that is under active attack, allowing unauthenticated remote code execution. Palo Alto Networks has warned that a critical PAN-OS vulnerability, tracked as CVE-2026-0300 (CVSS score of 9.3), is actively exploited in the wild. The flaw is a buffer overflow that allows unauthenticated remote code execution, […]

Palo Alto Networks Palo Alto Palo Alto Warns of Exploitation of VPN Bypass Exploits (CVE-2026-0257) in PAN-OS FlawGlobalProtect CVE-2026-0257

Palo Alto Networks warns of a critical PAN-OS flaw (CVE-2026-0300) that is under active attack, allowing unauthenticated remote code execution.

Palo Alto Networks has warned that a critical PAN-OS vulnerability, tracked as CVE-2026-0300 (CVSS score of 9.3), is actively exploited in the wild. The flaw is a buffer overflow that allows unauthenticated remote code execution, especially when the User-ID portal is exposed to the internet.

“A buffer overflow vulnerability in the User-ID™ Authentication Portal (aka Captive Portal) service of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets.” reads the advisory published by Palo Alto Networks. “The risk of this issue is greatly reduced if you secure access to the User-ID™ Authentication Portal per the best practice guidelines by restricting access to only trusted internal IP addresses.”

Below is the list of impacted products:

VersionsAffectedUnaffected
Cloud NGFWNoneAll
PAN-OS 12.1< 12.1.4-h5
< 12.1.7
>= 12.1.4-h5 (ETA: 05/13)
>= 12.1.7 (ETA: 05/28)
PAN-OS 11.2< 11.2.4-h17
< 11.2.7-h13
< 11.2.10-h6
< 11.2.12
>= 11.2.4-h17 (ETA: 05/28)
>= 11.2.7-h13 (ETA: 05/13)
>= 11.2.10-h6 (ETA: 05/13)
>= 11.2.12 (ETA: 05/28)
PAN-OS 11.1< 11.1.4-h33
< 11.1.6-h32
< 11.1.7-h6
< 11.1.10-h25
< 11.1.13-h5
< 11.1.15
>= 11.1.4-h33 (ETA: 05/13)
>= 11.1.6-h32 (ETA: 05/13)
>= 11.1.7-h6 (ETA: 05/28)
>= 11.1.10-h25 (ETA: 05/13)
>= 11.1.13-h5 (ETA: 05/13)
>= 11.1.15 (ETA: 05/28)
PAN-OS 10.2< 10.2.7-h34
< 10.2.10-h36
< 10.2.13-h21
< 10.2.16-h7
< 10.2.18-h6
>= 10.2.7-h34 (ETA: 05/28)
>= 10.2.10-h36 (ETA: 05/13)
>= 10.2.13-h21 (ETA: 05/28)
>= 10.2.16-h7 (ETA: 05/28)
>= 10.2.18-h6 (ETA: 05/13)
Prisma AccessNoneAll

The cybersecurity vendor states that the issue doesn’t impact Prisma Access, Cloud NGFW and Panorama appliances.

Palo Alto Networks says the flaw is being exploited in a limited way, mainly against systems where the User-ID Authentication Portal is exposed to the public internet.

The flaw remains unpatched, with fixes expected from May 13, 2026. It affects PA-Series and VM-Series firewalls using the User-ID Authentication Portal. Palo Alto Networks notes risk is much lower for organizations that follow best practices, like limiting access to trusted internal networks only.

“Limited exploitation has been observed targeting Palo Alto Networks User-ID™ Authentication Portals that are exposed to untrusted IP addresses and/or the public internet.” concludes the advisory. “Customers following standard security best practices, such as restricting sensitive portals to trusted internal networks are at a greatly reduced risk.”

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, PAN-OS)