Summary

Palo Alto Networks reports an actively exploited critical buffer overflow vulnerability (CVE-2026-0300) in PAN-OS that allows unauthenticated remote code execution with root privileges.

Take Action:

If you have Palo Alto firewalls, this is urgent! Make sure the User-ID Authentication Portal (Captive Portal) is not exposed to the internet and is only accessible from trusted internal networks - disable it entirely if you don't need it. Then apply the patches as soon as they are released (starting May 13, 2026). If you have a Threat Prevention subscription on PAN-OS 11.1 or later, enable Threat ID 510019 to block known attack patterns.

Read the full article on BeyondMachines

This article was originally published on BeyondMachines