thehackernews.com 5/14/2026, 5:32:08 PM · via preferred

Palo Alto fixes critical PAN OS bug after EarthWorm exploits

Developing story vulnerability 12 articles tracked
Palo Alto PAN-OS Captive Portal zero‑day (CVE-2026-0300) exploited in the wild
CyberSIXT Evidence Panel
Primary Source daniel.haxx.se
CISA KEV Listed in KEV
Patch Patch Available

PALO Alto Networks has released the first round of fixes for CVE-2026-0300, a critical buffer overflow in the PAN-OS User-ID Authentication Portal that could let an unauthenticated attacker run arbitrary code with root privileges by sending specially crafted packets. The company says the flaw has been exploited in limited attacks since at least last month, with threat actors dropping payloads such as EarthWorm and ReverseSocks5.

In related security coverage, Anthropic Mythos examined a cURL model and identified a single confirmed vulnerability among five findings, described as low severity, with details to be published in sync with curl’s next release, 8.21.0, in late June. The discussion emphasises that the remaining findings flagged by Mythos were false positives.

Overall, the bulletin underscores ongoing risk from high-severity bugs in widely used infrastructure and the need for prompt patching and verification of purported security signals.

View Primary Source Via thehackernews.com

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline