Palo Alto Networks warns of firewall RCE zero-day exploited in attacks

bleepingcomputer.com·May 6, 2026

Palo Alto Networks has issued a warning about a critical unpatched vulnerability (CVE-2026-0300) in its PAN-OS User-ID Authentication Portal, which is currently being exploited by attackers to execute arbitrary code on exposed firewalls. The company advises customers to restrict access to this feature or disable it until a patch is released, expected on May 13, 2026.

Palo Alto Networks has identified a critical zero-day vulnerability (CVE-2026-0300) in its PAN-OS User-ID Authentication Portal, which is being actively exploited and allows unauthenticated attackers to execute code with root privileges. Until a patch is available, it is crucial for security teams to mitigate this risk by restricting access to the User-ID Authentication Portal to trusted networks only or disabling it if necessary. This proactive measure can significantly reduce exposure to this high-severity threat.

Want more content like this?

twixb tracks your favorite blogs and social media, filters by keywords, and delivers personalized key learnings — straight to your inbox.

Create Your Own →Explore Newsfeeds

More from Cybersecurity News

Recent stories curated alongside this one.

Browse all Cybersecurity News →

Palo Alto Networks warns of firewall RCE zero-day exploited in attacks

Want more content like this?

More from Cybersecurity News

OpenAI Launches Daybreak for AI-Powered Vulnerability Detection and Patch Validation

iOS 26.5 Brings Default End-to-End Encrypted RCS Messaging Between iPhone and Android

Linux bitten by second severe vulnerability in as many weeks

TeamPCP Compromises Checkmarx Jenkins AST Plugin Weeks After KICS Supply Chain Attack

cPanel CVE-2026-41940 Under Active Exploitation to Deploy Filemanager Backdoor