2026-006: Critical Vulnerability in PAN-OS
On 6 May 2026, Palo Alto published a security advisory addressing a critical vulnerability affecting PAN-OS. This vulnerability allows an unauthenticated attacker to execute arbitrary code with root privileges. Palo Alto observed limited exploitation of this vulnerability. It is strongly recommended updating affected appliances as soon as patches will be available, and to apply workarounds and mitigation in the meantime.
CSIRTS triage
- What
- The vulnerability allows unauthenticated attackers to execute arbitrary code with root privileges.
- Who is affected
- Affected appliances running PAN-OS are vulnerable.
- Urgency
- Remediation is strongly recommended due to limited exploitation observed.
- Action
- Update affected appliances as soon as patches are available.
AI-assisted analysis generated from the source advisory — verify against the original.
⚡ Watch PAN-OS
Get an email when a new PAN-OS advisory drops — max one per day, one-click unsubscribe.
Details
Original advisory: https://cert.europa.eu/publications/security-advisories/2026-006/
Exploitation outlook
EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.
- Elevated exploitation riskCVE-2026-030032.1% 30-day exploitation probability — well above the norm. Schedule remediation this cycle. Riskier than 98% of all scored CVEs.
Referenced CVEs
| CVE | CSIRTS overview | External |
|---|---|---|
| CVE-2026-0300 | coverage & exploitation status | NVD · CVE.org |
Same CVEs, other sources
How other CERTs, PSIRTs and databases cover the vulnerabilities in this advisory.
- criticalexploitedCVE-2026-0300 PAN-OS: Unauthenticated user initiated Buffer Overflow Vulnerability in User-ID™ Authentication …paloalto
- criticalexploitedCVE-2026-0300: Palo Alto Networks PAN-OS Out-of-bounds Write Vulnerabilitycisa-kev
Recent advisories for 2026-006
A cluster of recent advisories against the same product widens the attack surface — attackers routinely chain freshly published CVEs on one product, so review these together.
- criticalDrupal core - Moderately critical - Gadget chain - SA-CORE-2026-006drupal · 2026-06-17
More from CERT-EU Security Advisories
- critical2026-008: Critical vulnerabilities in Ivanti Sentry2026-06-10
- critical2026-007: Critical Vulnerability in Windows Netlogon2026-06-10
- high2026-005: High Vulnerability in the Linux Kernel ("Copy Fail")2026-04-30
- critical2026-004: Critical Vulnerability in SharePoint Exploited2026-03-25
- unknown2026-003: Multiple Vulnerabilities in Citrix NetScaler and Citrix ADC2026-03-23