Palo Alto Networks has reported that a critical zero-day vulnerability (CVE-2026-0300) in its PAN-OS firewall has been exploited by suspected state-sponsored hackers for remote code execution since April 9, 2026. The company is working on patches, urging customers to secure their systems by restricting access to the affected User-ID Authentication Portal until updates are available.
The critical insight for you from this content is the ongoing exploitation of the PAN-OS firewall zero-day vulnerability (CVE-2026-0300) by likely state-sponsored threat actors. Until patches are released, it is crucial to mitigate risk by restricting access to the PAN-OS User-ID Authentication Portal to trusted zones or disabling it entirely. This highlights the importance of proactive vulnerability management and securing edge network devices, which are increasingly targeted by threat actors.