What you need to know today.
Palo Alto Networks firewalls face a high-severity DoS flaw, while 389 Directory Server has an authentication bypass vulnerability.

A high-severity vulnerability in Palo Alto Networks firewalls could allow an unauthenticated attacker to cause a denial-of-service condition. The issue, CVE-2026-0288, affects PAN-OS and is rated with a medium risk score. Further details are scarce, but the advisory indicates it's a critical flaw requiring immediate attention. All other Palo Alto Networks vulnerabilities disclosed today (CVE-2026-0278, CVE-2026-0286, CVE-2026-0284, CVE-2026-0283, CVE-2026-0277, CVE-2026-0287, CVE-2026-0285, CVE-2026-0282, CVE-2026-0280, CVE-2026-0281, CVE-2026-0279, CVE-2026-0276) are rated low risk and appear to be less severe, though they warrant review by administrators.
An integer overflow vulnerability in the PBKDF2-SHA256 password verification function of 389 Directory Server (389-ds-base) could allow an attacker to bypass authentication. This flaw, CVE-2026-15041, has a low risk score but could have significant implications for systems relying on this directory service for authentication. A non-constant-time comparison is the root cause, potentially enabling attackers to guess passwords more effectively.
A heap-based buffer overflow vulnerability in VMware's NAT networking components could allow remote authenticated attackers to execute arbitrary code. This older vulnerability, CVE-2005-4459, affects multiple versions of VMware Workstation, GSX Server, ACE, and Player. While dated, its presence in the daily digest suggests potential relevance for legacy systems or environments that have not yet been patched.