246/69 Wednesday, May 6, 2026
Palo Alto Networks has confirmed the discovery of a critical zero-day vulnerability, tracked as CVE-2026-0300, affecting PAN-OS. The flaw is a Buffer Overflow vulnerability in the User-ID Authentication Portal (Captive Portal) service and impacts PA-Series and VM-Series firewalls with the feature enabled. The vulnerability could allow unauthenticated remote attackers to send specially crafted packets to execute arbitrary code with Root privileges on affected systems.
Palo Alto Networks stated that the vulnerability has already been exploited in limited real-world attacks targeting publicly exposed User-ID Authentication Portals or systems accessible from untrusted IP addresses. The nature of the attacks highlights a significant risk for organizations that expose these services to the internet. At this time, the company has not disclosed further details regarding affected organizations or the specific attack techniques used.
Palo Alto Networks plans to release the first round of security patches on May 13, 2026, followed by a second round on May 28, 2026. Until patches become available, administrators are strongly advised to restrict access to the User-ID Authentication Portal to internal or trusted IP addresses only, in order to reduce the risk of exploitation. Organizations should also closely monitor firewall systems for any suspicious or abnormal activity that could indicate attempted compromise.
Source https://www.securityweek.com/palo-alto-networks-to-patch-zero-day-exploited-to-hack-firewalls/