Skip to content
Cyvex Security

Palo Alto warns of critical software bug used in firewall attacks

A patch for the bug, tracked as CVE-2026-0300, has not been published yet and Palo Alto Networks said it will be included in releases over the next two weeks.

Updated 5/8 with additional information from Palo Alto Networks.

Hackers are exploiting a new vulnerability in software from Palo Alto Networks, the company said in an advisory on Wednesday. 

The bug is tracked as CVE-2026-0300 and carries a severity score of 9.3 out of 10, indicating a critical issue. A patch has not been published yet and Palo Alto Networks said it will be included in releases over the next two weeks.

Source: https://therecord.media/palo-alto-warns-of-critical-software-bug-firewalls

Related breach coverage

  • Palo Alto Networks to Patch Zero-Day Exploited to Hack Firewalls
    2026-05-06

    CVE-2026-0300 affects the Captive Portal service of PAN-OS software on PA and VM series firewalls. The post Palo Alto Networks to Patch Zero-Day Exploited to Hack Firewalls appeared first on SecurityWeek.

  • U.S. CISA adds a flaw in Palo Alto Networks PAN-OS to its Known Exploited Vulnerabilities catalog
    2026-05-07

    The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Palo Alto Networks PAN-OS to its Known Exploited Vulnerabilities catalog The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in the Palo Alto Networks PAN-OS, tracked as CVE-2026-0300 (CVSS score of 9.3), to its Known Exploited Vulnerabilities (KEV) catalog. The flaw is a buffer […]

  • Cybersecurity M&A Roundup: 33 Deals Announced in April 2026
    2026-05-04

    Significant cybersecurity M&A deals announced by Airbus, Cyera, Fortra, Palo Alto Networks, Silverfort, and Socket. The post Cybersecurity M&A Roundup: 33 Deals Announced in April 2026 appeared first on SecurityWeek.

  • MOVEit automation flaws could enable full system compromise
    2026-05-04

    Progress fixes critical MOVEit Automation flaws, including an authentication bypass bug that could let attackers gain unauthorized access to systems. Progress Software addressed two vulnerabilities in MOVEit Automation, a critical authentication bypass flaw tracked as CVE-2026-4670 and a privilege escalation issue tracked as CVE-2026-5174. If exploited, these bugs could allow attackers to gain unauthorized access […]