Critical Palo Alto Networks software bug hits exposed firewalls
Summary
Palo Alto Networks has issued a warning about a critical buffer overflow vulnerability in its PAN-OS software, specifically affecting the User-ID authentication portal. This flaw, already being exploited in the wild, allows unauthenticated attackers to gain root privileges on exposed firewalls.
IFF Assessment
The article details a critical vulnerability that is actively being exploited, posing a significant risk to organizations using affected Palo Alto Networks firewalls.
Severity
The CVSS score of 9.3 is assigned due to the vulnerability allowing unauthenticated attackers to execute arbitrary code with root privileges, which is a critical impact. The exploitability is high given it affects internet-exposed firewalls.
CISA KEV: Listed as actively exploited. Federal patch due: May 09, 2026. Known ransomware use: Unknown.
Defender Context
Defenders need to immediately assess their Palo Alto Networks firewall configurations, particularly any publicly exposed User-ID authentication portals. Promptly applying available workarounds and preparing for the upcoming patches is crucial to mitigate the risk of exploitation.