Updated
Updated · SecurityWeek · May 6
Palo Alto Networks develops patches for exploited PAN-OS zero-day
Updated
Updated · SecurityWeek · May 6

Palo Alto Networks develops patches for exploited PAN-OS zero-day

13 articles · Updated · SecurityWeek · May 6
  • The company said limited attacks hit PA and VM firewalls using the User-ID Authentication Portal, with first fixes due on 13 May and further patches expected by 28 May.
  • Tracked as CVE-2026-0300, the buffer overflow lets unauthenticated attackers send crafted packets to gain root privileges when the portal is exposed to untrusted or public internet addresses.
  • Palo Alto said Prisma Access, Cloud NGFW and Panorama are unaffected, and restricting portal access to trusted internal IPs reduces risk while the flaw awaits possible addition to CISA's KEV list.
How might attackers evolve their tactics given the widespread attention and rapid mitigations for this PAN-OS vulnerability?
With over 5,800 firewalls exposed online, how can organizations quickly assess if their systems are vulnerable to CVE-2026-0300 before the patch arrives?
Why do critical firewall portals remain publicly accessible despite repeated high-profile exploits, and what systemic changes could finally stop this?

Related Stories

SecurityWeekMay 6
paloaltonetworks.comMay 6
appcheck-ng.comMay 6
heise onlineMay 6
cycognito.comMay 6
The Hacker NewsMay 6
securityonline.infoMay 6
XMay 6
Qualys BlogMay 6
security.paloaltonetworks.comMay 6
InstagramMay 6
Cyber Security Agency of SingaporeMay 6
CybersecurityNewsMay 6