PAN-OS
Coverage of PAN-OS in the Nexus archive.
- Palo Alto Warns of Active Exploitation of PAN-OS GlobalProtect VPN Flaw
Palo Alto Networks has observed active exploitation of a PAN-OS vulnerability (CVE-2026-0257) in GlobalProtect portals, allowing unauthorized access via an authentication bypass flaw. The vulnerability affects portal and gateway components of PAN-OS software with a CVSS score of 7.8.
- Palo Alto VPN bug graduates from advisory to active exploitation
Palo Alto Networks disclosed a critical security flaw, CVE-2026-0257, in PAN-OS GlobalProtect that allows attackers to bypass authentication and gain unauthorized VPN access. Researchers at Rapid7 confirmed active exploitation since May 17, prompting Palo Alto to elevate the severity rating and CISA to add it to its exploited vulnerabilities catalog with a June 1 patch deadline.
- Palo Alto GlobalProtect VPN auth bypass flaw now exploited in attacks
Palo Alto Networks warns that hackers are exploiting a PAN-OS GlobalProtect authentication bypass flaw (CVE-2026-0257) in attacks targeting corporate networks. The vulnerability allows unauthorized access to systems using the GlobalProtect VPN solution.
- PAN-OS GlobalProtect Authentication Bypass (CVE-2026-0257) Under Active Exploitation
Palo Alto Networks has warned that a medium-severity authentication bypass vulnerability (CVE-2026-0257) in PAN-OS and Prisma Access is being actively exploited. The flaw allows attackers to establish unauthorized VPN connections.
- ThreatsDay Bulletin: PAN-OS RCE, Mythos cURL Bug, AI Tokenizer Attacks, and 10+ Stories
The cybersecurity world is facing numerous threats, including PAN-OS RCE and Mythos cURL Bug, with users being tricked and systems being compromised. The situation feels like a mix of new and old problems that should have been fixed years ago. Supply chain attacks are being turned into a game for clout and cash.
- State-backed hackers hammer Palo Alto firewall zero-day before patch lands
State-backed hackers have been exploiting a zero-day vulnerability in Palo Alto Networks firewalls, tracked as CVE-2026-0300, to gain root access without login required. The flaw affects the Captive Portal feature in PAN-OS on PA-Series and VM-Series firewalls. Attacks are already underway, tied to a cluster of likely state-sponsored threat activity tracked as CL-STA-1132.
- PAN-OS RCE Exploit Under Active Use Enabling Root Access and Espionage
Palo Alto Networks disclosed a critical security flaw in their PAN-OS software, which could allow an unauthenticated attacker to exploit a buffer overflow vulnerability. The vulnerability, CVE-2026-0300, has a CVSS score of 9.3/8.7 and may have been attempted to be exploited as early as April 9, 2026. Threat actors may use this flaw for root access and espionage.
- Palo Alto Networks firewall zero-day exploited for nearly a month
Palo Alto Networks warned customers of a critical-severity PAN-OS firewall zero-day vulnerability being exploited by suspected state-sponsored hackers for nearly a month. The exploit affects Palo Alto Networks firewalls and has been ongoing. Customers are advised to take immediate action.
- A critical Palo Alto PAN-OS zero-day is being exploited in the wild
A critical zero-day vulnerability is being exploited in Palo Alto Networks' firewalls, allowing unauthenticated attackers to run code with root privileges. The company has not released a patch but has provided mitigation guidance to customers. Exploitation is expected to increase as more researchers and attackers become aware of the vulnerability.
- Palo Alto Networks warns of firewall RCE zero-day exploited in attacks
Palo Alto Networks has warned customers of a critical-severity unpatched vulnerability in the PAN-OS User-ID Authentication Portal being exploited in attacks. The vulnerability is a zero-day exploit in the firewall. Customers are advised to take immediate action to protect themselves.
- Palo Alto PAN-OS Flaw Under Active Exploitation Enables Remote Code Execution
Palo Alto Networks' PAN-OS software has a critical buffer overflow vulnerability that allows unauthenticated remote code execution, tracked as CVE-2026-0300, with a CVSS score of 9.3. The flaw is under active exploitation and enables access from the internet if the User-ID Authentication Portal is configured accordingly. This poses a significant security risk to affected systems.