Palo Alto Networks Zero-Day Exploited to Hack Firewalls
Palo Alto Networks is set to patch a critical zero-day vulnerability, CVE-2026-0300, which SecurityWeek reports is actively being exploited in the wild. This flaw specifically impacts the Captive Portal service within PAN-OS software, affecting both PA and VM series firewalls.
This isnβt just another vulnerability; itβs a zero-day actively leveraged against critical network infrastructure. Attackers are clearly targeting the perimeter, aiming for initial access to corporate networks. The exploitation of a firewall, especially through a service like Captive Portal, offers a high-value entry point, potentially bypassing traditional perimeter defenses and gaining a foothold for lateral movement or data exfiltration.
For defenders, this means immediate action. Firewalls are the bedrock of network security, and any compromise here is catastrophic. The attackerβs calculus is straightforward: find the weakest link at the edge, exploit it, and then move deeper. A successful exploit of this zero-day could grant persistent access, enabling long-term espionage or disruptive attacks.
What This Means For You
- If your organization uses Palo Alto Networks PA or VM series firewalls with the Captive Portal service enabled, you need to identify exposure and prepare for patching immediately. Prioritize this. Do not wait. Audit logs for any unusual activity around your firewalls, especially concerning Captive Portal, from external sources.
Related ATT&CK Techniques
π‘οΈ Detection Rules
3 rules Β· 6 SIEM formats3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free β export to any SIEM format via the Intel Bot.
Palo Alto Networks Captive Portal Zero-Day Exploitation Attempt
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-0300 | Auth Bypass | Palo Alto Networks PAN-OS software on PA series firewalls |
| CVE-2026-0300 | Auth Bypass | Palo Alto Networks PAN-OS software on VM series firewalls |
| CVE-2026-0300 | Auth Bypass | Captive Portal service of PAN-OS software |
Written by SCW Vulnerability Desk
Related coverage on
Apache HTTP/2 Flaw (CVE-2026-23918) Enables DoS, Potential RCE
The Apache Software Foundation (ASF) has rolled out critical security updates for its HTTP Server, addressing multiple vulnerabilities. Among them is a severe flaw, tracked...
DAEMON Tools Supply Chain Attack Compromises Official Installers
A new supply chain attack is compromising official DAEMON Tools installers with malicious payloads, according to The Hacker News, citing findings from Kaspersky. These compromised...
Microsoft Warns of Sophisticated AitM Phishing Campaign Targeting US Organizations
Microsoft has issued a warning regarding a sophisticated phishing campaign actively targeting organizations in the United States. According to SecurityWeek, the attack vector involves malicious...