Signal

Critical unauthenticated buffer overflow vulnerability exploited in Palo Alto Networks PAN-OS firewalls

Evidence first: scan the strongest sources, then decide whether to go deeper.

Published 2026-05-06 00:11 UTCUpdated 2026-05-06 13:31 UTC

rss

cveexploitssecurity_advisoryincident_response

Source links open

Source links and full evidence are open here. Archive history, compare-over-time, alerts, exports, API, integrations, and workflow are paid.

Back Evidence (7)Get the free brief by email Start free trial

No card needed for the free brief.

Evidence trail (top sources)

top sources (4 domains)

4 top sources shown

Palo Alto Networks security advisory (AV26-425)

Canadian Centre for Cyber Security - Alerts · News · cyber.gc.ca · 2026-05-06 13:31 UTC

Critical Buffer Overflow in Palo Alto Networks PAN-OS User-ID Authentication Portal (CVE-2026-0300)

Rapid7 Blog · News · rapid7.com · 2026-05-06 13:27 UTC

Root-level RCE vulnerability in Palo Alto firewalls exploited (CVE-2026-0300)

Help Net Security · News · helpnetsecurity.com · 2026-05-06 09:51 UTC

2026-006: Critical Vulnerability in PAN-OS

CERT-EU Security Advisories · cert.europa.eu · 2026-05-06 08:48 UTC

View all evidence

Overview

A critical buffer overflow vulnerability (CVE-2026-0300) affecting the User-ID Authentication Portal in Palo Alto Networks PAN-OS software is being actively exploited in the wild.

Entities

Palo Alto NetworksPAN-OSUser-ID Authentication Portal

Score total

1.98

Momentum 24h

7

Posts

7

Origins

7

Source types

1

Duplicate ratio

0%

Why now

Exploitation has been confirmed in the wild, targeting exposed Authentication Portals.
Patches are not yet available but expected starting May 13, 2026, requiring interim mitigations.
The vulnerability affects multiple PAN-OS versions and firewall models, broadening the impact scope.

Why it matters

The vulnerability allows unauthenticated remote attackers to execute code with root privileges, risking full firewall compromise.
Palo Alto Networks firewalls are widely deployed in enterprise networks, making this a significant security risk.
Active exploitation in the wild increases urgency for patching and mitigation to prevent breaches.

LLM analysis

Topic mix: lowPromo risk: lowSource quality: high

Recurring claims

CVE-2026-0300 is a critical unauthenticated buffer overflow vulnerability in Palo Alto PAN-OS User-ID Authentication Portal allowing remote root code execution.

How sources frame it

Rapid7: neutral
Canadian Centre For Cyber Security: neutral
CERT-EU: neutral

All evidence

All evidence

Palo Alto Networks security advisory (AV26-425)

Canadian Centre for Cyber Security - Alerts · cyber.gc.ca · 2026-05-06 13:31 UTC

Critical Buffer Overflow in Palo Alto Networks PAN-OS User-ID Authentication Portal (CVE-2026-0300)

Rapid7 Blog · rapid7.com · 2026-05-06 13:27 UTC

Root-level RCE vulnerability in Palo Alto firewalls exploited (CVE-2026-0300)

Help Net Security · helpnetsecurity.com · 2026-05-06 09:51 UTC

2026-006: Critical Vulnerability in PAN-OS

CERT-EU Security Advisories · cert.europa.eu · 2026-05-06 08:48 UTC

Palo Alto PAN-OS Flaw Under Active Exploitation Enables Remote Code Execution

thehackernews · thehackernews.com · 2026-05-06 06:14 UTC

Palo Alto Networks to Patch Zero-Day Exploited to Hack Firewalls

SecurityWeek · securityweek.com · 2026-05-06 04:46 UTC

Show filters & breakdown

Posts loaded: 0Publishers: 6Origin domains: 6Duplicates: -

Platform

Publisher

Origin domain

Relevance tier

Duplicates only

Showing 6 / 0

Top publishers (this list)

Canadian Centre for Cyber Security - Alerts (1)
Rapid7 Blog (1)
Help Net Security (1)
CERT-EU Security Advisories (1)
thehackernews (1)
SecurityWeek (1)

Top origin domains (this list)

cyber.gc.ca (1)
rapid7.com (1)
helpnetsecurity.com (1)
cert.europa.eu (1)
thehackernews.com (1)
securityweek.com (1)