Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
Critical MacSync Stealer Delivered via Google Ads and Claude AI Chats
July 15, 2026
GPT-5.6 Sol Ultra AI Creates Full Chrome Exploit Chain from Patches
July 15, 2026
Critical Cursor RCE: CVE-2024-XXXXX lets Git repos auto-execute code
July 15, 2026
Home/CyberSecurity News/CISA Warns of Critical Palo Alto PAN-OS Vulnerability Exploited for Root Access
CyberSecurity News

CISA Warns of Critical Palo Alto PAN-OS Vulnerability Exploited for Root Access

Key Takeaways A critical out-of-bounds write vulnerability (CVE-2026-0300) in Palo Alto Networks PAN-OS has been identified. The flaw allows unauthenticated attackers to achieve root access and...

Marcus Rodriguez
Marcus Rodriguez
May 7, 2026 3 Min Read
53 0

Key Takeaways

  • A critical out-of-bounds write vulnerability (CVE-2026-0300) in Palo Alto Networks PAN-OS has been identified.
  • The flaw allows unauthenticated attackers to achieve root access and arbitrary code execution on vulnerable firewall appliances.
  • CISA has added this CVE to its Known Exploited Vulnerabilities catalog, confirming active exploitation in the wild.
  • Both physical PA-Series and virtual VM-Series firewalls running specific PAN-OS versions are affected.
  • Temporary mitigations are available, with a permanent patch from Palo Alto Networks pending release.

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert concerning a critical security vulnerability within Palo Alto Networks’ PAN-OS software, which powers its firewall appliances. This flaw, designated as CVE-2026-0300, has been observed under active exploitation by malicious actors, prompting its immediate inclusion in CISA’s Known Exploited Vulnerabilities catalog on May 6, 2026.

Table Of Content

  • Key Takeaways
  • Understanding the Vulnerability
  • Active Exploitation and Threat Landscape
  • What You Should Do

Understanding the Vulnerability

At its core, CVE-2026-0300 is an out-of-bounds write vulnerability impacting the PAN-OS User-ID Authentication Portal, often referred to as the Captive Portal service. This memory corruption issue, classified as CWE-787, arises when the software attempts to write data beyond the allocated boundaries of a memory buffer. Threat actors can trigger this flaw by transmitting specially crafted network packets to the vulnerable Captive Portal service.

A successful exploit grants the attacker the ability to execute arbitrary code with root-level privileges on the affected device. Such extensive access completely compromises the security appliance, allowing attackers to bypass existing security policies, intercept sensitive network traffic, modify configuration files, or leverage the compromised firewall as a launchpad for deeper incursions into internal networks.

The vulnerability specifically affects both physical PA-Series and virtual VM-Series firewalls operating vulnerable versions of PAN-OS.

Active Exploitation and Threat Landscape

CISA’s decision to add this flaw to its catalog of actively exploited vulnerabilities confirms that threat actors are actively leveraging it in real-world attacks. While it remains unclear whether these exploits are currently linked to ransomware campaigns, the capability for unauthenticated root access presents an extremely high risk.

Network edge devices, such as Palo Alto firewalls, are prime targets for advanced persistent threats due to their strategic position outside traditional internal security perimeters. They serve as a direct gateway into corporate environments, making their compromise particularly severe.

Federal Civilian Executive Branch (FCEB) agencies are under a strict mandate, Binding Operational Directive (BOD) 22-01, to address this specific threat by May 9, 2026. As an official permanent patch from Palo Alto Networks is still forthcoming, organizations must implement immediate temporary workarounds to safeguard their systems.

What You Should Do

  • Restrict Access: Immediately limit network access to the User-ID Authentication Portal. Ensure it is accessible only from strictly trusted internal network zones and completely inaccessible from the public internet.
  • Monitor Vendor Communications: Maintain heightened vigilance and closely monitor official communications from Palo Alto Networks for the release of a permanent firmware update.
  • Prepare for Patching: Be ready to deploy the official firmware update as soon as it becomes publicly available to fully mitigate this critical vulnerability.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

AttackCVEExploitPatchransomwareSecurityThreatVulnerability

Share Article

Marcus Rodriguez

Marcus Rodriguez

Marcus is a security researcher and investigative journalist with expertise in vulnerability research, bug bounties, and cloud security. Since 2017, Marcus has been breaking stories on critical vulnerabilities affecting major platforms. His investigative work has led to the disclosure of numerous security flaws and improved defenses across the industry. Marcus is an active participant in bug bounty programs and has been recognized for responsible disclosure practices. He holds multiple security certifications and regularly speaks at industry events.

Previous Post

Fake Claude AI Installers Deliver Malware, Not Anthropic’s Chatbot

Next Post

Cisco ASA, FTD Software Critical DoS Vulnerability CVE-2024-20353

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
Critical Dell PowerProtect flaws let attackers gain full system access
July 15, 2026
Microsoft Confirms Dell Laptop Overheating, Shutdowns After July Windows Update
July 15, 2026
FaceTime Call Impersonation Fraud Hijacks Bank Accounts
July 15, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Emy Elsamnoudy
Emy Elsamnoudy
Jennifer sherman
Jennifer sherman
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Attacks

ClickFix Attack Hides Malicious Code via Stegan Security

January 1, 2026
Sarah simpson
By Sarah simpson
Vulnerabilities

MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Breaches

Conti Ransomware Gang Leaders & Infrastructure Exposed

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us