{"id":241835,"date":"2026-05-06T15:50:00","date_gmt":"2026-05-06T19:50:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/05\/06\/a-critical-palo-alto-pan-os-zero-day-is-being-exploited-in-the-wild\/"},"modified":"2026-05-08T14:15:13","modified_gmt":"2026-05-08T18:15:13","slug":"a-critical-palo-alto-pan-os-zero-day-is-being-exploited-in-the-wild","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/05\/06\/a-critical-palo-alto-pan-os-zero-day-is-being-exploited-in-the-wild\/","title":{"rendered":"A critical Palo Alto PAN-OS zero-day is being exploited in the wild"},"content":{"rendered":"<p><a href=\"https:\/\/cyberscoop.com\/palo-alto-networks-pan-os-firewall-zero-day-vulnerability-exploited\/\">A critical Palo Alto PAN-OS zero-day is being exploited in the wild<\/a><\/p>\n<p><a href=\"https:\/\/cyberscoop.com\/palo-alto-networks-pan-os-firewall-zero-day-vulnerability-exploited\/\">https:\/\/cyberscoop.com\/palo-alto-networks-pan-os-firewall-zero-day-vulnerability-exploited\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-05-06 15:50:00<\/a><\/p>\n<p>Source Domain: <a href=\"cyberscoop.com\">cyberscoop.com<\/a><\/p>\n<p>Attackers are actively exploiting a zero-day vulnerability affecting some Palo Alto Networks\u2019 customers\u2019 firewalls, the security vendor said in an advisory Tuesday.<\/p>\n<p>The critical memory corruption vulnerability \u2014 CVE-2026-0300 \u2014 affects the authentication portal of PAN-OS, and allows unauthenticated attackers to run\u00a0 code with root privileges on the vendor\u2019s PA-Series and VM-Series firewalls, the company said.<\/p>\n<p>Palo Alto Networks did not say when or how it became aware of active exploitation, nor when the earliest known exploitation occurred. The Cybersecurity and Infrastructure Security Agency added the defect to its known exploited vulnerabilities catalog Wednesday.<\/p>\n<p>The company hasn\u2019t released a patch for the vulnerability or described the scope and objective of confirmed attacks.<\/p>\n<p>\u201cThis vulnerability is specific to a limited number of customers with their User-ID Authentication Portal (Captive Portal) exposed to the public internet or untrusted IP addresses. We have observed limited exploitation of this issue and are working to release software fixes, with the first updates expected to be available on May 13,\u201d a Palo Alto Networks spokesperson told CyberScoop.<\/p>\n<p>The company said firewalls exposed to the buffer-overflow vulnerability, which has a CVSS rating of 9.3, are broadly exposed in real-world deployments, and it described the attack complexity as low.<\/p>\n<p>Shadowserver scans found more than 5,800 publicly exposed VM-Series firewalls running PAN-OS as of Tuesday, yet it\u2019s unknown how many of those instances have restricted authentication access to trusted internal IP addresses or disabled the feature altogether.<\/p>\n<p>\u201cWe have provided clear mitigation guidance to our customers to secure their environments immediately. This issue does not impact Cloud NGFW or Panorama appliances. We remain committed to a transparent, security-first approach to protect our global customer base,\u201d Palo Alto Networks\u2019 spokesperson&#8230;<\/p>\n<p><a href=\"https:\/\/cyberscoop.com\/palo-alto-networks-pan-os-firewall-zero-day-vulnerability-exploited\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>A critical Palo Alto PAN-OS zero-day is being exploited in the wild https:\/\/cyberscoop.com\/palo-alto-networks-pan-os-firewall-zero-day-vulnerability-exploited\/ Publish Date:&#8230;<\/p>\n","protected":false},"author":1,"featured_media":241836,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2024\/11\/GettyImages-1303238193.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,27],"class_list":["post-241835","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/241835"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=241835"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/241835\/revisions"}],"predecessor-version":[{"id":241837,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/241835\/revisions\/241837"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/241836"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=241835"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=241835"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=241835"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}