Palo Alto Networks warns of firewall RCE zero-day exploited in attacks
Palo Alto Networks has acknowledged that a critical RCE vulnerability (CVE-2026-0300) in its PAN-OS firewalls is being actively exploited, and is urging customers to apply mitigations while a fix is developed.
Palo Alto Networks has confirmed that a critical buffer overflow vulnerability, tracked as CVE-2026-0300, is being actively exploited in its PAN-OS firewalls. The vulnerability resides in the User-ID Authentication Portal (Captive Portal) service, which is used to identify users for unknown traffic.
Successful exploitation of this vulnerability allows an attacker to achieve root-level remote code execution (RCE) on the affected firewall. This level of access provides the attacker with complete control over the device, posing a severe risk to the security of the network it protects. Palo Alto Networks is currently working on a patch for the issue.
In the meantime, the company has urged customers to implement recommended mitigations immediately to protect their systems. Administrators should monitor the official Palo Alto Networks security advisory page for updates on the availability of a permanent fix. [Help Net Security]