PAN-OS CVE-2026-0300 RCE flaw under active exploitation [developing]
Key Questions
What is CVE-2026-0300?
CVE-2026-0300 is a remote code execution vulnerability in the PAN-OS User-ID portal, caused by a buffer overflow that allows unauthenticated root access via crafted packets. It affects Palo Alto Networks PA and VM firewall series. The vulnerability has a CVSS score of 9.3 if the User-ID portal is publicly exposed.
Is CVE-2026-0300 being actively exploited?
Yes, this zero-day vulnerability is under active exploitation in the wild to hack firewalls. Palo Alto Networks is developing patches, expected around May 13 or 28. It poses operational risks to affected systems and potential stock volatility for customers and investors.
What mitigations are available for CVE-2026-0300?
Users should disable or restrict access to the User-ID portal to mitigate risks until patches are applied. Palo Alto Networks is working on software updates for the core firewall product. Monitor official advisories for patch release details.
CVE-2026-0300 remote code execution vulnerability in PAN-OS User-ID portal actively exploited in the wild on PA/VM firewall series (buffer overflow/unauth root via crafted packets), CVSS 9.3 if publicly exposed; impacts core firewall product; patches ~May13/28, mitigations disable/restrict access; potential operational risk and stock volatility for customers/investors.