Palo Alto Networks PAN-OS Vulnerability Added to CISA KEV Catalog
Palo Alto Networks is working on a patch for a critical out-of-bounds write vulnerability in PAN-OS that is currently being exploited in the wild and has been added to CISA's KEV catalog.
Palo Alto Networks has acknowledged a critical out-of-bounds write vulnerability in its PAN-OS software, which is currently being actively exploited in the wild. The vulnerability, tracked as CVE-2026-0300, has been officially added to CISA's Known Exploited Vulnerabilities (KEV) Catalog, mandating remediation for Federal Civilian Executive Branch agencies [CISA].
The flaw affects Palo Alto Networks' firewall appliances running PAN-OS. Successful exploitation allows an attacker to trigger an out-of-bounds write condition, which can lead to unauthorized access or system instability. The severity of the risk has prompted immediate attention from security authorities due to its role as a frequent attack vector for malicious actors.
Palo Alto Networks has not yet released a patch for the vulnerability but has stated that fixes will be included in upcoming software releases over the next two weeks [The Record]. Organizations are advised to monitor the vendor's security advisories closely for the release of these patches and to implement any interim mitigations provided by the company.