Home > Security > Security News

Palo Alto Networks to Patch Exploited PAN-OS Zero-Day (CVE-2026-0300) Starting May 13

Published on May 6, 2026
Written by:
Lore Apostol
Lore Apostol
Cybersecurity Writer
Enterprise Firewall Rack - Network Traffic - Emergency Patch Deployment
Summarize with:
ChatGPT logo ChatGPT Claude.ai logo Claude.ai Google AI logo Google AI Grok logo Grok Perplexity logo Perplexity
Google logo Add as preferred source on Google
Key Takeaways
  • Critical vulnerability: Palo Alto Networks is patching CVE-2026-0300, a zero-day exploited to hack specific firewall models.
  • Unauthenticated execution: The buffer overflow allows an unauthenticated attacker to execute malicious code with root privileges via specially crafted packets.
  • Patch schedule: The vendor aims to release the first round of patches on May 13 and the second on May 28.

Palo Alto Networks is actively working on security patches for a critical PAN-OS zero-day vulnerability. Tracked as CVE-2026-0300, this critical flaw is described as a buffer overflow affecting the User-ID Authentication Portal, also known as the Captive Portal service. The Palo Alto zero-day vulnerability specifically affects PA and VM series firewalls. 

Active Exploitation of CVE-2026-0300

By leveraging this User-ID Captive Portal buffer overflow vulnerability, an unauthenticated attacker can execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by transmitting specially crafted packets, the Palo Alto advisory said.

The company has observed limited exploitation in the wild. These ongoing attacks specifically target User-ID Authentication Portals that remain exposed to untrusted IP addresses and/or the public internet.

Affected product status | Source: Palo Alto
Affected product status | Source: Palo Alto

Palo Alto Networks aims to deliver the first round of official patches on May 13, with a second round scheduled for May 28. The company has confirmed that Prisma Access, Cloud NGFW, and Panorama appliances are not affected by this zero-day exploit.

CVE-2026-0300 Mitigation

Until the patches deploy, system administrators can implement strict mitigation strategies. Limiting portal access exclusively to trusted internal IPs significantly reduces the risk of exploitation. 

At present, the Cybersecurity and Infrastructure Security Agency (CISA) Known Exploited Vulnerabilities (KEV) catalog includes 13 Palo Alto product vulnerabilities. However, CVE-2026-0300 has not yet been included in the KEV database. 

In other recent news, hackers mass-exploit a critical cPanel vulnerability, which may impact 550,000+ potentially vulnerable servers.

In 2025, a Palo Alto Networks phishing scam targeted professionals, and Palo Alto Networks suffered a data breach via a Salesforce compromise.

Add a Comment
Related
Fortinet Patches Critical RCE Vulnerabilities in FortiSandbox and FortiAuthenticator
Canvas Cyberattack: Instructure Pays ShinyHunters Ransom, US House Committee Asks for Investigation
Sophos 2026 Report Details Escalating Security Threats: Identity Security Breaches Cost $1.6 Million
Skoda Auto Carmaker Discloses Online Shop Intrusion Potentially Impacting Customer Data
Kaspersky 2026 Ransomware Report Details Shifting Threats, as Attacks Decline and Tactics Change
CVE-2026-41940 Vulnerability in cPanel Exploited to Steal Credentials
Most Popular
The Environment Has Changed, But Your Identity Security Still Hasn’t
Fortinet Patches Critical RCE Vulnerabilities in FortiSandbox and FortiAuthenticator
Canvas Cyberattack: Instructure Pays ShinyHunters Ransom, US House Committee Asks for Investigation
Sophos 2026 Report Details Escalating Security Threats: Identity Security Breaches Cost $1.6 Million
Skoda Auto Carmaker Discloses Online Shop Intrusion Potentially Impacting Customer Data
The Risks of AI Agents as High-Privilege Users That Never Pause
The Environment Has Changed, But Your Identity Security Still Hasn’t
Fortinet Patches Critical RCE Vulnerabilities in FortiSandbox and FortiAuthenticator
Canvas Cyberattack: Instructure Pays ShinyHunters Ransom, US House Committee Asks for Investigation
Sophos 2026 Report Details Escalating Security Threats: Identity Security Breaches Cost $1.6 Million
Skoda Auto Carmaker Discloses Online Shop Intrusion Potentially Impacting Customer Data
The Risks of AI Agents as High-Privilege Users That Never Pause

Most Popular
The Environment Has Changed, But Your Identity Security Still Hasn’t
Fortinet Patches Critical RCE Vulnerabilities in FortiSandbox and FortiAuthenticator
Canvas Cyberattack: Instructure Pays ShinyHunters Ransom, US House Committee Asks for Investigation
Sophos 2026 Report Details Escalating Security Threats: Identity Security Breaches Cost $1.6 Million
Skoda Auto Carmaker Discloses Online Shop Intrusion Potentially Impacting Customer Data
The Risks of AI Agents as High-Privilege Users That Never Pause
The Environment Has Changed, But Your Identity Security Still Hasn’t
Fortinet Patches Critical RCE Vulnerabilities in FortiSandbox and FortiAuthenticator
Canvas Cyberattack: Instructure Pays ShinyHunters Ransom, US House Committee Asks for Investigation
Sophos 2026 Report Details Escalating Security Threats: Identity Security Breaches Cost $1.6 Million
Skoda Auto Carmaker Discloses Online Shop Intrusion Potentially Impacting Customer Data
The Risks of AI Agents as High-Privilege Users That Never Pause

TechNadu keeps you informed with the latest in cybersecurity, VPNs, and technology. From expert guides to in-depth reviews, we provide the knowledge you need to stay secure and connected in the digital world.

© 2026 TechNadu. All Rights Reserved. TechNadu is a part of Leaprove Media LLP.

Close lightbox
Facebook
Twitter
Linkedin
Reddit
Email
Copy Link
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: