VMTech
+381 11 4150 20024/7 Discuss a project
← All Instagram insights VMTECH · INSTAGRAM

PAN-OS CVE-2026-0300: RCE in User‑ID Portal grants root

PAN-OS CVE-2026-0300: RCE в User‑ID Portal даёт root

Colleagues, a cybersecurity alert: active exploitation of CVE-2026-0300 in PAN-OS.

Synopsis: a buffer overflow in the User‑ID Authentication Portal allows unauthenticated attackers to execute code as root; scanning began on 9 April, followed by confirmed compromises.

Adversary activity: injected shellcode into nginx, log/dump wiping, AD enumeration, deployment of EarthWorm and ReverseSocks5 (CL-STA-1132).

Recommendations: patches expected from 13 May — restrict User‑ID Portal access to trusted zones or disable the service.

Why it matters: full device takeover enables espionage risks.

What perimeter hardening steps will you take?

#cybersecurity #vulnerabilities #PaloAlto #RCE

Latest comments

No comments yet.