PAN-OS CVE-2026-0300: RCE in User‑ID Portal grants root

Colleagues, a cybersecurity alert: active exploitation of CVE-2026-0300 in PAN-OS.
Synopsis: a buffer overflow in the User‑ID Authentication Portal allows unauthenticated attackers to execute code as root; scanning began on 9 April, followed by confirmed compromises.
Adversary activity: injected shellcode into nginx, log/dump wiping, AD enumeration, deployment of EarthWorm and ReverseSocks5 (CL-STA-1132).
Recommendations: patches expected from 13 May — restrict User‑ID Portal access to trusted zones or disable the service.
Why it matters: full device takeover enables espionage risks.
What perimeter hardening steps will you take?
#cybersecurity #vulnerabilities #PaloAlto #RCE


Latest comments
No comments yet.