A critical buffer overflow vulnerability (CVE-2026-0300, CVSS 9.8) in Palo Alto Networks PAN-OS allows unauthenticated remote code execution via specially crafted packets sent to internet-facing User-ID Authentication Portals. The flaw affects PAN-OS versions 10.2.0 through 10.2.4. The article indicates active exploitation by likely state-sponsored actors, but does not provide a fixed version or specific workaround details.
Palo Alto Networks believes the in-the-wild exploitation of a zero-day vulnerability (CVE-2026-0300) in its firewalls is likely the work of state-sponsored threat actors. A flaw with no patch (yet) CVE-2026-0300 is a buffer overflow vulnerability in the User-ID Authentication Portal service of Palo Alto Networks PAN-OS software, and can be exploited by unauthenticated attackers sending specially crafted packets to internet-facing User-ID Authentication Portals. The flaw affects Palo Alto Networks’ PA-Series and VM-Series firewalls, and the … More → The post State-sponsored hackers likely behind zero-day attacks on Palo Alto firewalls appeared first on Help Net Security .