Signal
Critical Palo Alto PAN-OS vulnerability exploited in the wild with no patch yet available
Evidence first: scan the strongest sources, then decide whether to go deeper.
Published 2026-05-06 06:14 UTCUpdated 2026-05-07 01:13 UTC
rss
cveexploitssecurity_advisoryincident_response
Trend in the last 24h
Source links open
Source links and full evidence are open here. Archive history, compare-over-time, alerts, exports, API, integrations, and workflow are paid.
No card needed for the free brief.
Evidence trail (top sources)
top sources (4 domains)domains are deduped. counts indicate coverage, not truth.4 top sources shown
Overview
A critical unauthenticated buffer overflow vulnerability (CVE-2026-0300) in the PAN-OS User-ID Authentication Portal is actively exploited in the wild.
Entities
Palo Alto NetworksPAN-OS User-ID Authentication Portal
Score total
2.18
Momentum 24h
12
Posts
12
Origins
12
Source types
1
Duplicate ratio
0%
Why now
- Exploitation is confirmed and ongoing, with no patch currently available, leaving a critical exposure window.
- Palo Alto Networks plans to release patches starting May 13, 2026, with staggered rollouts through late May.
- Security agencies including CISA have added this vulnerability to their known exploited catalogs, highlighting its severity and active threat.
Why it matters
- The vulnerability enables unauthenticated remote code execution with root privileges, risking full firewall compromise.
- Active exploitation in the wild increases urgency for affected organizations to mitigate exposure immediately.
- Palo Alto Networks firewalls are widely deployed, so this flaw poses a significant risk to enterprise network security.
LLM analysis
Topic mix: lowPromo risk: lowSource quality: high
Recurring claims
- CVE-2026-0300 is a critical unauthenticated buffer overflow vulnerability in the PAN-OS User-ID Authentication Portal allowing remote code execution with root privileges.
- The vulnerability is actively exploited in the wild, targeting firewalls exposed to untrusted or public networks, with no patch currently available.
- Palo Alto Networks plans to release patches starting May 13, 2026, with additional releases through May 28, 2026.
How sources frame it
- Rapid7 Blog: neutral
Compiled from multiple security advisories and reports on CVE-2026-0300 active exploitation and patch timeline.
All evidence
All evidence
UPDATE ALERT Palo Alto PAN-OS: CVSS (Max): 9.3
AusCERT - Bulletins · portal.auscert.org.au · 2026-05-07 01:13 UTC
Threat Brief: Exploitation of PAN-OS Captive Portal Zero-Day for Unauthenticated Remote Code Execution
Palo Alto Networks Unit 42 · unit42.paloaltonetworks.com · 2026-05-07 00:00 UTC
Palo Alto Networks warns of critical PAN-OS vulnerability exploited in the wild
SC Media · scworld.com · 2026-05-06 23:22 UTC
A Vulnerability in PAN-OS Could Allow for Remote Code Execution
CIS Security Advisories · cisecurity.org · 2026-05-06 22:07 UTC
Palo Alto warns of critical software bug used in firewall attacks
The Record (Recorded Future News) · therecord.media · 2026-05-06 20:33 UTC
A critical Palo Alto PAN-OS zero-day is being exploited in the wild
CyberScoop · cyberscoop.com · 2026-05-06 19:48 UTC
Show filters & breakdown
Posts loaded: 0Publishers: 6Origin domains: 6Duplicates: -
Showing 6 / 0
Top publishers (this list)
- AusCERT - Bulletins (1)
- Palo Alto Networks Unit 42 (1)
- SC Media (1)
- CIS Security Advisories (1)
- The Record (Recorded Future News) (1)
- CyberScoop (1)
Top origin domains (this list)
- portal.auscert.org.au (1)
- unit42.paloaltonetworks.com (1)
- scworld.com (1)
- cisecurity.org (1)
- therecord.media (1)
- cyberscoop.com (1)