{"id":244267,"date":"2026-05-06T04:59:00","date_gmt":"2026-05-06T08:59:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/05\/06\/palo-alto-networks-pan-os-flaw-exploited-for-remote-code-execution\/"},"modified":"2026-05-12T07:15:13","modified_gmt":"2026-05-12T11:15:13","slug":"palo-alto-networks-pan-os-flaw-exploited-for-remote-code-execution","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/05\/06\/palo-alto-networks-pan-os-flaw-exploited-for-remote-code-execution\/","title":{"rendered":"Palo Alto Networks PAN-OS flaw exploited for remote code execution"},"content":{"rendered":"

Palo Alto Networks PAN-OS flaw exploited for remote code execution<\/a><\/p>\n

https:\/\/securityaffairs.com\/191748\/security\/palo-alto-networks-pan-os-flaw-exploited-for-remote-code-execution.html<\/a><\/p>\n

Publish Date: 2026-05-06 04:59:00<\/a><\/p>\n

Source Domain: securityaffairs.com<\/a><\/p>\n

Palo Alto Networks PAN-OS flaw exploited for remote code execution<\/h2>\n<\/p>\n

\t\t\t\t\t\t\t Pierluigi Paganini<\/span>
\n\t\t\t\t\t\t\t\"\"\/ May 06, 2026<\/span><\/p>\n

\t\t\t\t\t\t\"\"\/<\/p>\n

Palo Alto Networks warns of a critical PAN-OS flaw (CVE-2026-0300) that is under active attack, allowing unauthenticated remote code execution.<\/h2>\n

Palo Alto Networks has warned that a critical PAN-OS vulnerability, tracked as CVE-2026-0300 (CVSS score of 9.3), is actively exploited in the wild. The flaw is a buffer overflow that allows unauthenticated remote code execution, especially when the User-ID portal is exposed to the internet. <\/p>\n

\u201cA buffer overflow vulnerability in the User-ID\u2122 Authentication Portal (aka Captive Portal) service of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets.\u201d reads the advisory published by Palo Alto Networks. \u201cThe risk of this issue is greatly reduced if you secure access to the User-ID\u2122 Authentication Portal per the\u00a0best practice guidelines\u00a0by restricting access to only trusted internal IP addresses.\u201d<\/p>\n

Below is the list of impacted products:<\/p>\n\n\n\n\n\n\n\n\n
Versions<\/th>\nAffected<\/th>\nUnaffected<\/th>\n<\/tr>\n
Cloud NGFW<\/td>\nNone<\/td>\nAll<\/td>\n<\/tr>\n
PAN-OS 12.1<\/td>\n\n= 12.1.4-h5 (ETA: 05\/13)
= 12.1.7 (ETA: 05\/28)<\/td>\n<\/tr>\n
PAN-OS 11.2<\/td>\n\n= 11.2.4-h17 (ETA: 05\/28)
= 11.2.7-h13 (ETA: 05\/13)
= 11.2.10-h6 (ETA: 05\/13)
= 11.2.12 (ETA: 05\/28)<\/td>\n<\/tr>\n
PAN-OS 11.1<\/td>\n\n= 11.1.4-h33 (ETA: 05\/13)
= 11.1.6-h32 (ETA: 05\/13)
= 11.1.7-h6 (ETA: 05\/28)
= 11.1.10-h25 (ETA: 05\/13)
= 11.1.13-h5 (ETA: 05\/13)
= 11.1.15 (ETA: 05\/28)<\/td>\n<\/tr>\n
PAN-OS 10.2<\/td>\n\n= 10.2.7-h34 (ETA: 05\/28)
= 10.2.10-h36 (ETA: 05\/13)
= 10.2.13-h21 (ETA: 05\/28)
= 10.2.16-h7 (ETA: 05\/28)
= 10.2.18-h6 (ETA: 05\/13)<\/td>\n<\/tr>\n
Prisma Access<\/td>\nNone<\/td>\nAll<\/td>\n<\/tr>\n<\/table>\n

The cybersecurity vendor states that the issue doesn\u2019t impact Prisma Access, Cloud NGFW and Panorama appliances.<\/p>\n

Palo Alto Networks says the flaw is being exploited in a limited way, mainly against systems where the User-ID Authentication Portal…<\/p>\n

Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Palo Alto Networks PAN-OS flaw exploited for remote code execution https:\/\/securityaffairs.com\/191748\/security\/palo-alto-networks-pan-os-flaw-exploited-for-remote-code-execution.html Publish Date: 2026-05-06 04:59:00…<\/p>\n","protected":false},"author":1,"featured_media":244268,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/securityaffairs.com\/wp-content\/uploads\/2020\/05\/Palo-Alto-Networks.png","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,27],"class_list":["post-244267","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/244267"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=244267"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/244267\/revisions"}],"predecessor-version":[{"id":244269,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/244267\/revisions\/244269"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/244268"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=244267"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=244267"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=244267"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}