VYPR
kevPublished May 6, 2026· Updated May 17, 2026· 2 sources

Critical Palo Alto Networks Firewall Vulnerability Under Active State-Sponsored Exploitation

A critical out-of-bounds write vulnerability in Palo Alto Networks' PAN-OS is being actively exploited by a state-sponsored group, prompting an urgent directive from CISA.

Palo Alto Networks has issued an urgent advisory regarding a critical vulnerability, tracked as CVE-2026-0300, which is currently being actively exploited by a state-sponsored threat actor. The flaw, which carries a high severity score of 9.3 out of 10, affects the PAN-OS software running on the company's PA-Series and VM-Series firewalls The Record.

The vulnerability is classified as an out-of-bounds write issue CISA. According to Palo Alto Networks, the exploitation is specifically targeting authentication portals that are exposed to the public internet or untrusted IP addresses. By leveraging this flaw, attackers have been able to gain unauthorized access and move laterally through victim networks over a period of several weeks The Record.

The threat actors behind this campaign have demonstrated significant operational restraint, opting to use open-source tools rather than traditional malware to avoid detection. By utilizing stolen credentials and maintaining non-persistent access windows, the attackers have successfully operated below the behavioral thresholds of most automated security alerting systems The Record.

In response to the active exploitation, the Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2026-0300 to its Known Exploited Vulnerabilities (KEV) Catalog CISA. Under Binding Operational Directive (BOD) 22-01, all U.S. Federal Civilian Executive Branch (FCEB) agencies are required to apply the company's recommended mitigations by Saturday The Record CISA.

While a permanent patch is not yet available, Palo Alto Networks has indicated that fixes will be rolled out across affected versions over the next two weeks, with some expected as early as May 13 The Record. In the interim, the company advises that customers who restrict access to sensitive portals to trusted internal networks are at a significantly reduced risk of compromise The Record.

This incident highlights the ongoing trend of nation-state actors targeting edge infrastructure, such as firewalls, to maintain long-term, stealthy access to high-value networks. Given the widespread use of PAN-OS in Fortune 500 environments, vulnerabilities in these products remain a primary target for sophisticated adversaries. Organizations are encouraged to monitor for further updates from Palo Alto Networks and prioritize the implementation of recommended security configurations until patches are deployed The Record.

Synthesized by Vypr AI
Critical Palo Alto Networks Firewall Vulnerability Under Active State-Sponsored Exploitation · VYPR