Signal
Critical Palo Alto PAN-OS zero-day exploited in the wild with no patch yet
Evidence first: scan the strongest sources, then decide whether to go deeper.
Published 2026-05-06 17:22 UTCUpdated 2026-05-07 13:34 UTC
rss
cveexploitsmalwareincident_responsesecurity_policy
Source links open
Source links and full evidence are open here. Archive history, compare-over-time, alerts, exports, API, integrations, and workflow are paid.
No card needed for the free brief.
Evidence trail (top sources)
top sources (4 domains)domains are deduped. counts indicate coverage, not truth.4 top sources shown
Overview
A critical zero-day vulnerability (CVE-2026-0300) in Palo Alto Networks' PAN-OS User-ID Authentication Portal is actively exploited by attackers, including suspected state-sponsored groups, since at least April 9, 2026.
Entities
Palo Alto NetworksPAN-OSUser-ID Authentication PortalJustin Moore
Score total
1.93
Momentum 24h
10
Posts
10
Origins
10
Source types
1
Duplicate ratio
0%
Why now
- Exploitation has been ongoing since early April 2026, indicating attackers are actively targeting this flaw.
- Palo Alto Networks plans to release patches imminently, making immediate mitigation critical.
- The vulnerability is listed in CISA's Known Exploited Vulnerabilities catalog, highlighting its severity and prevalence.
Why it matters
- The vulnerability allows attackers to gain root access on critical network firewalls, risking full network compromise.
- Active exploitation by sophisticated threat actors increases urgency for organizations to mitigate exposure.
- No patch is currently available, so temporary mitigations are essential to protect affected systems.
LLM analysis
Topic mix: lowPromo risk: lowSource quality: high
Recurring claims
- CVE-2026-0300 is a critical buffer overflow vulnerability in PAN-OS User-ID Authentication Portal allowing unauthenticated remote code execution with root privileges.
- The vulnerability has been actively exploited in the wild since at least April 9, 2026, including by suspected state-sponsored actors.
- No patch is currently available, but Palo Alto Networks plans to release fixes starting May 13, 2026, with mitigations advised in the meantime.
How sources frame it
- Palo Alto Networks Spokesperson: neutral
- Security Researchers: neutral
All evidence
All evidence
PAN-OS RCE Exploit Under Active Use Enabling Root Access and Espionage
thehackernews · thehackernews.com · 2026-05-07 13:34 UTC
Critical Palo Alto Networks software bug hits exposed firewalls
CSO Online · csoonline.com · 2026-05-07 11:13 UTC
Palo Alto Networks firewall zero-day exploited for nearly a month
bleepingcomputer_all · bleepingcomputer.com · 2026-05-07 10:57 UTC
UPDATE ALERT Palo Alto PAN-OS: CVSS (Max): 9.3
AusCERT - Bulletins · portal.auscert.org.au · 2026-05-07 01:13 UTC
Threat Brief: Exploitation of PAN-OS Captive Portal Zero-Day for Unauthenticated Remote Code Execution
Palo Alto Networks Unit 42 · unit42.paloaltonetworks.com · 2026-05-07 00:00 UTC
Palo Alto Networks warns of critical PAN-OS vulnerability exploited in the wild
SC Media · scworld.com · 2026-05-06 23:22 UTC
Show filters & breakdown
Posts loaded: 0Publishers: 6Origin domains: 6Duplicates: -
Showing 6 / 0
Top publishers (this list)
- thehackernews (1)
- CSO Online (1)
- bleepingcomputer_all (1)
- AusCERT - Bulletins (1)
- Palo Alto Networks Unit 42 (1)
- SC Media (1)
Top origin domains (this list)
- thehackernews.com (1)
- csoonline.com (1)
- bleepingcomputer.com (1)
- portal.auscert.org.au (1)
- unit42.paloaltonetworks.com (1)
- scworld.com (1)