Palo Alto warns of critical software bug used in firewall attacks

Palo Alto Networks disclosed a critical PAN-OS vulnerability (CVE-2026-0300, CVSS 9.3) affecting PA-Series and VM-Series firewalls; CISA confirmed active exploitation and exploit code has been circulated. The issue targets exposed authentication portals, Palo Alto recommends restricting access to trusted networks and applying mitigations while a patch is scheduled to be released within the coming weeks.