Palo Alto Networks has confirmed that a critical remote code execution (RCE) vulnerability, identified as CVE-2026-0300, affecting its firewalls is being actively exploited by attackers. The company urged customers to implement mitigations immediately while it continues to develop permanent fixes.
The vulnerability, which carries a CVSS score of 9.3, impacts PAN-OS versions prior to 10.2.12-h1, 11.0.6-h1, and 11.1.4-h1. It allows unauthenticated attackers to execute arbitrary code with root privileges on affected devices via specially crafted requests to the management interface.
Palo Alto Networks recommends restricting access to the management interface to trusted internal IP addresses and disabling the management interface from the internet if not required. The company is working on hotfixes and expects to release them by May 10, 2026.
Security researchers have observed active exploitation attempts in the wild, targeting organizations in the finance, healthcare, and government sectors. Customers are advised to check their device configurations and apply the recommended workarounds immediately.
