Signal

Critical Palo Alto Networks firewall vulnerability exploited for weeks with patch pending

Evidence first: scan the strongest sources, then decide whether to go deeper.

Published 2026-05-07 19:02 UTCUpdated 2026-05-08 01:19 UTC

rss

cveexploitssecurity_toolingincident_response

Trend in the last 24h

Source links open

Source links and full evidence are open here. Archive history, compare-over-time, alerts, exports, API, integrations, and workflow are paid.

Back Evidence (2)Get the free brief by email Start free trial

No card needed for the free brief.

Evidence trail (top sources)

top sources (2 domains)

2 top sources shown

Palo Alto Networks firewall flaw has been exploited for several weeks

CSO Online · News · csoonline.com · 2026-05-08 01:19 UTC

Palo Alto Networks says patch for exploited PAN-OS firewall bug forthcoming

SC Media · News · scworld.com · 2026-05-07 19:02 UTC

limited source diversity in top sources

View all evidence

Overview

A critical zero-day vulnerability (CVE-2026-0300) in Palo Alto Networks' PAN-OS firewall has been actively exploited by suspected state-sponsored hackers for nearly a month. The flaw affects the User-ID Authentication Portal, allowing attackers to execute code with root privileges without logging in.

Entities

Palo Alto Networks

Score total

0.87

Momentum 24h

Posts

Origins

Source types

Duplicate ratio

Why now

Exploitation has been ongoing for nearly a month, indicating active threat actor interest.
Palo Alto Networks is expected to release patches starting May 13, making immediate mitigation critical.
The exposed firewalls are primarily located in high-risk regions such as Asia and North America.

Why it matters

The vulnerability allows root-level code execution without authentication, posing a severe risk to affected firewalls.
Thousands of PAN-OS VM firewalls are exposed online, increasing potential attack surface globally.
Patch deployment is pending, requiring interim mitigations to protect networks.

LLM analysis

Topic mix: lowPromo risk: lowSource quality: medium

Recurring claims

A critical zero-day vulnerability in Palo Alto Networks PAN-OS firewalls has been exploited for nearly a month by suspected state-sponsored hackers.

How sources frame it

CSO Online: neutral

All evidence

Palo Alto Networks firewall flaw has been exploited for several weeks

CSO Online · csoonline.com · 2026-05-08 01:19 UTC

Palo Alto Networks says patch for exploited PAN-OS firewall bug forthcoming

SC Media · scworld.com · 2026-05-07 19:02 UTC

Show filters & breakdown

Posts loaded: 0Publishers: 2Origin domains: 2Duplicates: -

Platform

Publisher

Origin domain

Relevance tier

Duplicates only

Showing 2 / 0

Top publishers (this list)

CSO Online (1)
SC Media (1)

Top origin domains (this list)

csoonline.com (1)
scworld.com (1)