Internet facing PAN OS firewalls are once again doing impressions of initial access brokers State backed hackers have been quietly exploiting a fresh zero day in Palo Alto Networks firewalls to gain root access with no login required. The flaw, tracked as CVE 2026 0300 and carrying a CVSS severity rating of 9.3, affects the Captive Portal feature in PAN OS on PA Series and VM Series firewalls. Palo Alto said the issue stems from a memory corruption bug in the User ID Authentication Portal, a...
