Security3 min read
Palo Alto Networks Firewall Zero-Day Likely Exploited by State-Sponsored Actors
Tags Infrastructure ยท Enterprise
Help Net Securityยท
Palo Alto Networks believes the in-the-wild exploitation of a zero-day vulnerability (CVE-2026-0300) in its firewalls is likely the work of state-sponsored threat actors. The buffer overflow vulnerability in the User-ID Authentication Portal service can be exploited by unauthenticated attackers sending specially crafted packets to internet-facing instances.
Technical significance
State-sponsored exploitation of a firewall zero-day is a serious escalation. Palo Alto firewalls are ubiquitous in enterprise and government networks, making this a high-value target. The unauthenticated nature of the exploit and the state-sponsored attribution suggest this is part of a broader campaign targeting network infrastructure.