Palo Alto firewall zero-day has been exploited since April to gain root access

A critical Palo Alto Networks PAN-OS zero-day has been exploited in the wild since April 2026, giving attackers a path to unauthenticated remote code execution with root privileges on affected firewalls. The flaw is tracked as CVE-2026-0300 and affects the User-ID Authentication Portal, also known as Captive Portal, in PAN-OS. Attackers can exploit it by […] The post Palo Alto firewall zero-day has been exploited since April to gain root access appeared first on VPN Central.