Critical Palo Alto PAN-OS Flaw Under Active Exploitation Enables Remote Code Execution 

Cybersecurity researchers have warned about a critical security flaw affecting Palo Alto Networks’ PAN-OS software. The vulnerability, tracked as CVE-2026-0300, is reportedly being actively exploited in real-world attacks. Security experts say the flaw can allow remote code execution on vulnerable systems. The issue mainly affects internet-exposed PAN-OS User-ID Authentication Portal services.

Researchers explained that the vulnerability carries a critical CVSS score of 9.3 because of its severity. Attackers can reportedly exploit the flaw remotely without requiring authentication or user interaction. The issue falls under CWE-787, also known as an out-of-bounds write vulnerability. Experts warn that this type of flaw can lead to complete system compromise.

Reports suggest that the attacks are mainly targeting systems where the User-ID Authentication Portal is publicly accessible. Security researchers say organizations exposing these services to the internet face the highest level of risk. Since exploitation attempts are already happening, experts are urging administrators to patch affected systems immediately. The vulnerability has raised serious concerns across enterprise security environments.

Palo Alto Networks confirmed that several PAN-OS versions are affected by the vulnerability. These include PAN-OS 10.2, 11.1, 11.2, and 12.1 running older unpatched releases. The company has already released patched versions and security updates to fix the issue. Researchers strongly recommend upgrading systems to the latest versions as soon as possible.

Security experts also shared temporary mitigation measures for organizations unable to immediately apply patches. Administrators are advised to restrict access to the User-ID Authentication Portal and only allow trusted internal IP addresses. Researchers also recommend disabling the portal completely if it is not required. Preventing public internet exposure can significantly reduce the risk of attacks.

Researchers explained that remote code execution vulnerabilities are among the most dangerous cybersecurity threats. These flaws allow attackers to execute malicious commands directly on targeted systems from remote locations. In this case, attackers may gain full administrative control over vulnerable firewalls and security appliances. Once compromised, these devices could be used for data theft or further network attacks.

Cybersecurity professionals have also warned that internet-facing infrastructure devices remain major targets for attackers worldwide. Security reports show that firewalls, VPN gateways, and remote access systems are increasingly targeted in automated attacks. Attackers often focus on these systems because they provide direct access into enterprise environments. Experts say edge infrastructure vulnerabilities should always be treated as high priority risks.

Researchers recommend that organizations immediately review their PAN-OS deployments for vulnerable services. Security teams are also advised to monitor logs for suspicious activity and unauthorized access attempts. Applying patches, limiting internet exposure, and following strong access control policies are considered essential protective measures. Experts warn that rapid action is important because attackers are already exploiting the flaw in the wild.

Stay alert, and keep your security measures updated!

Source: Follow cybersecurity88 on X and LinkedIn for the latest cybersecurity news