TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

Help Net Security

Root-level RCE vulnerability in Palo Alto firewalls exploited (CVE-2026-0300)

Zeljka Zorz · 13 hours ago · Read original ↗

ATT&CK techniques detected

3 predictions
T1190Exploit Public-Facing Application
90%
“7, 11. 2. 4 - h17, 11. 2. 12, 11. 1. 7 - h6, 11. 1. 15, 10. 2. 7 - h34, 10. 2. 13 - h21, and 10. 2. 16 - h7 ( to be released around may 28 ) “ prisma access, cloud ngfw and panorama appliances are not impacted by this vulnerability, ” palo alto confirmed. until the security updat…”
T1190Exploit Public-Facing Application
78%
“root - level rce vulnerability in palo alto firewalls exploited ( cve - 2026 - 0300 ) root - level rce vulnerability in palo alto firewalls exploited ( cve - 2026 - 0300 ) a critical vulnerability ( cve - 2026 - 0300 ) affecting palo alto networks firewalls is being actively expl…”
T1588.006Vulnerabilities
64%
“##matable, though it did not speculate on whether the current in - the - wild attacks are automated. they merely stated that “ limited exploitation has been observed targeting palo alto networks user - id authentication portals that are exposed to untrusted ip addresses and / or …”

Summary

A critical vulnerability (CVE-2026-0300) affecting Palo Alto Networks firewalls is being actively exploited by attackers, the security company acknowledged today, and urged customers to implement mitigations as they are still working on fixes. About CVE-2026-0300 CVE-2026-0300 is a buffer overflow vulnerability in the User-ID Authentication Portal (aka Captive Portal) service of Palo Alto Networks PAN-OS software. The portal enables user identification for unknown traffic, i.e., situations where the firewall cannot automatically map an IP address … More

The post Root-level RCE vulnerability in Palo Alto firewalls exploited (CVE-2026-0300) appeared first on Help Net Security.