Palo Alto warns of critical software bug used in firewall attacks

Hackers are exploiting a new vulnerability in software from Palo Alto Networks, the company said in an advisory on Wednesday. 

The bug is tracked as CVE-2026-0300 and carries a severity score of 9.3 out of 10, indicating a critical issue. A patch has not been published yet and Palo Alto Networks said it will be included in releases over the next two weeks.

The vulnerability affects the PAN-OS software and the PA-Series and VM-Series firewalls that have certain settings configured. PAN-OS is a popular firewall operating system used by many Fortune 500 companies. 

The Cybersecurity and Infrastructure Security Agency (CISA) confirmed it is being exploited on Wednesday and ordered all U.S. agencies to apply Palo Alto Networks’ mitigations by Saturday. Incident response firm Rapid7 said a patch is likely to be released for many versions by May 13. 

Cybersecurity experts began warning of CVE-2026-0300 on Tuesday evening, with several companies reporting exploitation following the release of exploit code. 

Palo Alto Networks said the exploitation was focused on authentication portals that are exposed to untrusted IP addresses or the public internet.

“Customers following standard security best practices, such as restricting sensitive portals to trusted internal networks are at a greatly reduced risk,” the company said. 

Due to the popularity of Palo Alto Networks firewalls, vulnerabilities in the company’s products have become prized tools for cybercriminals and nation state attackers. 

Multiple bugs in 2024 affecting lines of Palo Alto Networks firewalls were exploited by cybercriminals and nation-state actors. Palo Alto was previously affected by a vulnerability affecting its firewall product in 2022 that was used in a distributed denial-of-service (DDoS) attack.