Free practical cybersecurity guidance for organisations without a security team.
hello@actionsoncyber.com
← Back to Vulnerability Briefs

Critical Security Flaw in Palo Alto Firewalls Could Let Hackers Take Control

09 May 2026

Reference: CVE-2026-0300

1. What is being reported?

There is a buffer overflow vulnerability in the User-ID Authentication Portal service of Palo Alto Networks PAN-OS software. This flaw lets attackers who are not logged in run any code they want with the highest system privileges on specific PA-Series and VM-Series firewalls by sending specially crafted network packets.

2. What this means in plain English

If exploited, this vulnerability could let a hacker fully control your firewall, potentially spying on your network or causing serious disruptions. This is very risky because the attacker does not need to be authenticated or have prior access.

3. Could this affect a small business?

Small organisations using affected Palo Alto PA-Series or VM-Series firewalls could be at risk, especially if the User-ID Authentication Portal is accessible from outside your trusted internal network.

4. What to do now

  • Check with your IT provider if your firewall is a PA-Series or VM-Series running PAN-OS with the User-ID Authentication Portal enabled.
  • Ensure access to the User-ID Authentication Portal is restricted to trusted internal IP addresses only.
  • Ask your IT provider about available software updates or patches to fix this vulnerability and apply them promptly.
  • Monitor firewall logs and network activity for any unusual behaviour that could indicate an attempted attack.

5. Ask your IT provider

Can you confirm if our Palo Alto firewall is affected by CVE-2026-0300 and what steps are being taken to secure or patch it?

6. Bottom line

If you use affected Palo Alto firewalls, act quickly to restrict access and apply fixes to prevent hackers from taking control.

Information based on CISA KEV, NVD, and reputable security news reports.

Back to Vulnerability Briefs