Critical Exploited Flaws Hit Palo Alto Adobe and Fortinet
Palo Alto Networks, Adobe, and Fortinet have all released critical patches for vulnerabilities currently under active exploitation by threat actors.
Palo Alto Networks has confirmed active exploitation of a critical buffer overflow vulnerability in the User-ID Authentication Portal of its PAN-OS software, tracked as CVE-2026-0300. This flaw allows unauthenticated attackers to execute arbitrary code with root privileges on affected PA-Series firewalls. As Unit 42 reported, the vulnerability is being leveraged in campaigns exhibiting hallmarks of state-sponsored espionage. Given the severity and active exploitation, CISA has officially added this to its Known Exploited Vulnerabilities catalog, as noted in their alert. Organizations must prioritize patching or applying vendor-recommended mitigations immediately to prevent full system compromise.
Adobe has addressed a critical improper input validation vulnerability in Adobe Commerce, identified as CVE-2025-54236. The flaw affects a wide range of versions, including 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, and all earlier releases. Successful exploitation allows an attacker to achieve session takeover, potentially leading to unauthorized access to sensitive administrative functions. Because this vulnerability is currently listed as a Known Exploited Vulnerability, security teams should treat it with the highest urgency. Patching to the latest version is the only reliable way to mitigate the risk of session hijacking and subsequent data exposure.
Fortinet has disclosed a critical authentication bypass vulnerability, CVE-2026-24858, affecting multiple versions of FortiAnalyzer. The flaw, categorized as an Authentication Bypass Using an Alternate Path or Channel, impacts FortiAnalyzer versions 7.6.0 through 7.6.5, 7.4.0 through 7.4.9, 7.2.0 through 7.2.11, and 7.0.0 through 7.0.16. By exploiting this path, an attacker can circumvent authentication mechanisms, potentially gaining unauthorized control over the appliance. This vulnerability has been added to the Known Exploited Vulnerabilities catalog, signaling that it is actively targeted in the wild. Administrators are urged to apply the provided security updates immediately to secure their logging and analytics infrastructure.