THE U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a Palo Alto Networks PAN-OS flaw to its Known Exploited Vulnerabilities catalog, tracked as CVE-2026-0300 with a CVSS score of 9.3.
The issue is a buffer overflow that allows unauthenticated remote code execution, particularly when the User-ID portal is exposed to the internet, and is described by the advisory published by Palo Alto Networks as enabling an unauthenticated attacker to execute arbitrary code with root privileges on PA-Series and VM-Series firewalls. This week Palo Alto Networks warned that the vulnerability is being exploited in the wild in a limited fashion, with risk reduced for organisations following best practices.
The affected products include various PAN-OS versions for PAN-OS 12.1, 11.2, 11.1 and 10.2, while Prisma Access remains unaffected, and the issue remains unpatched with fixes expected from 13 May 2026; CISA has ordered federal agencies to remediate by 9 May 2026. According to the binding directive and related guidance, agencies and organisations should review the KEV catalog and prioritize remediation accordingly, even as private organisations are advised to assess their exposure and apply fixes when available.