VulnHub

Real-time Cybersecurity News

Palo Alto Networks PAN-OS flaw exploited for remote code execution

Security Affairs
Actively Exploited
CVEVulnerabilityCriticalPalo Alto

Overview

Palo Alto Networks has issued a warning about a serious vulnerability in its PAN-OS, identified as CVE-2026-0300, which has a high severity score of 9.3. This flaw, a buffer overflow, allows attackers to execute remote code without authentication, making it particularly dangerous. The company reports that this vulnerability is currently being exploited in the wild, putting numerous users at risk. Organizations that rely on PAN-OS should prioritize addressing this vulnerability to prevent unauthorized access and potential system compromise. Immediate action is critical to mitigate the risks associated with this active threat.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: Palo Alto Networks PAN-OS versions affected include various models and deployments of their security appliances and software that utilize this operating system.
  • Action Required: Palo Alto Networks recommends that users update their PAN-OS to the latest version provided by the vendor, which includes patches addressing this vulnerability.
  • Timeline: Newly disclosed

Original Article Summary

Palo Alto Networks warns of a critical PAN-OS flaw (CVE-2026-0300) that is under active attack, allowing unauthenticated remote code execution. Palo Alto Networks has warned that a critical PAN-OS vulnerability, tracked as CVE-2026-0300 (CVSS score of 9.3), is actively exploited in the wild. The flaw is a buffer overflow that allows unauthenticated remote code execution, […]

Impact

Palo Alto Networks PAN-OS versions affected include various models and deployments of their security appliances and software that utilize this operating system.

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Newly disclosed

Remediation

Palo Alto Networks recommends that users update their PAN-OS to the latest version provided by the vendor, which includes patches addressing this vulnerability. Specific patch numbers or versions were not disclosed in the article, but users should check their systems and apply updates as soon as possible.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to CVE, Vulnerability, Critical, and 1 more.

Read Original Article

Related Coverage

Palo Alto Networks launches AI safety toolkit for schools

SCM feed for Latest

Palo Alto Networks has launched a free digital literacy toolkit in collaboration with Cyberlite to help educators teach students about AI-driven threats. This initiative aims to combat the rising use of artificial intelligence by cybercriminals, emphasizing the importance of digital literacy in recognizing and resisting such threats.

Dec 3, 2025

WormGPT 4 and KawaiiGPT: New Dark LLMs Boost Cybercrime Automation

SecurityWeek

Palo Alto Networks has identified new malicious language models, WormGPT 4 and KawaiiGPT, that are being utilized by cybercriminals to enhance their phishing, malware development, and reconnaissance efforts. The rise of these dark LLMs represents a significant threat to cybersecurity, automating and streamlining various cybercrime activities.

Nov 25, 2025

​​Spyware Allows Cyber Threat Actors to Target Users of Messaging Applications​

All CISA Advisories

CISA has identified that various cyber threat actors are using commercial spyware to target users of mobile messaging applications, employing tactics such as phishing, zero-click exploits, and impersonation. The focus is primarily on high-value individuals including government and military officials, indicating a serious threat to sensitive communications.

Nov 24, 2025

In Other News: ATM Jackpotting, WhatsApp-NSO Lawsuit Continues, CISA Hiring

SecurityWeek

The article highlights several significant cybersecurity incidents, including a data breach affecting 120,000 individuals and a surge in scanning activities by Palo Alto Networks. Additionally, it mentions ongoing legal battles involving WhatsApp and NSO, as well as the emergence of AI-related security threats such as second-order prompt injection attacks.

Nov 21, 2025

Attackers launch dual campaign on GlobalProtect portals and SonicWall APIs

Security Affairs

A hacking campaign has been targeting GlobalProtect logins and scanning SonicWall APIs since December 2, 2025. The attack is significant due to its scale, involving over 7,000 IP addresses linked to a German hosting provider, indicating a coordinated effort that poses a serious threat to the security of affected systems.

Dec 6, 2025

React2Shell Vulnerability Actively Exploited to Deploy Linux Backdoors

The Hacker News

The React2Shell vulnerability is currently being exploited by cybercriminals to install malware on Linux systems. Researchers from Palo Alto Networks and NTT Security have identified that this vulnerability facilitates the deployment of malicious tools like KSwapDoor and ZnDoor. KSwapDoor is particularly concerning as it is a sophisticated remote access tool designed to operate stealthily, allowing attackers to maintain control over compromised systems without detection. This ongoing threat affects organizations running vulnerable Linux environments, making it crucial for them to take immediate action to secure their systems. Users need to be aware of the risks and ensure their defenses are updated to mitigate potential attacks.

Dec 16, 2025