Palo Alto PAN-OS Flaw Under Active Exploitation Enables Remote Code Execution
The Hacker News • • technology
Key Points:
- Palo Alto Networks has issued an advisory about a critical buffer overflow vulnerability (CVE-2026-0300) in its PAN-OS software that allows unauthenticated remote code execution with root privileges on PA-Series and VM-Series firewalls.
- The vulnerability is most severe (CVSS score 9.3) when the User-ID Authentication Portal is accessible from the internet or untrusted networks, but the risk decreases (score 8.7) if access is limited to trusted internal IP addresses.
- Limited exploitation has been observed, primarily targeting publicly accessible User-ID Authentication Portals, affecting multiple PAN-OS versions including 12.1, 11.2, 11.1, and 10.2 series.
- The vulnerability remains unpatched, with fixes scheduled for release starting May 13, 2026; meanwhile, users are advised to restrict portal access to trusted zones or disable the portal if not needed.
- Palo Alto Networks emphasizes that adherence to standard security best practices, such as restricting sensitive portals to internal networks, significantly reduces the risk of exploitation.
