CVE-2026-0300
Coverage of CVE-2026-0300 in the Nexus archive.
- Palo Alto VPN bug graduates from advisory to active exploitation
Palo Alto Networks disclosed a critical security flaw, CVE-2026-0257, in PAN-OS GlobalProtect that allows attackers to bypass authentication and gain unauthorized VPN access. Researchers at Rapid7 confirmed active exploitation since May 17, prompting Palo Alto to elevate the severity rating and CISA to add it to its exploited vulnerabilities catalog with a June 1 patch deadline.
- State-backed hackers hammer Palo Alto firewall zero-day before patch lands
State-backed hackers have been exploiting a zero-day vulnerability in Palo Alto Networks firewalls, tracked as CVE-2026-0300, to gain root access without login required. The flaw affects the Captive Portal feature in PAN-OS on PA-Series and VM-Series firewalls. Attacks are already underway, tied to a cluster of likely state-sponsored threat activity tracked as CL-STA-1132.
- PAN-OS RCE Exploit Under Active Use Enabling Root Access and Espionage
Palo Alto Networks disclosed a critical security flaw in their PAN-OS software, which could allow an unauthenticated attacker to exploit a buffer overflow vulnerability. The vulnerability, CVE-2026-0300, has a CVSS score of 9.3/8.7 and may have been attempted to be exploited as early as April 9, 2026. Threat actors may use this flaw for root access and espionage.
- Palo Alto warns of critical software bug used in firewall attacks
Palo Alto Networks has identified a critical software bug used in firewall attacks, tracked as CVE-2026-0300. A patch for the bug is not yet available but will be included in releases over the next two weeks. The vulnerability poses a significant risk to users until the patch is published.
- Palo Alto PAN-OS Flaw Under Active Exploitation Enables Remote Code Execution
Palo Alto Networks' PAN-OS software has a critical buffer overflow vulnerability that allows unauthenticated remote code execution, tracked as CVE-2026-0300, with a CVSS score of 9.3. The flaw is under active exploitation and enables access from the internet if the User-ID Authentication Portal is configured accordingly. This poses a significant security risk to affected systems.