Palo Alto Firewalls Being Exploited; No Patch Yet Available

Vendor Details Mitigations, Promises Patched PAN-OS Software in Coming Weeks Mathew J. Schwartz (euroinfosec) • May 6, 2026

A critical vulnerability in firewalls built by Palo Alto Networks is under active exploitation - and the flaw has no patch.

See Also: AI Impersonation Is the New Arms Race-Is Your Workforce Ready?

In a Wednesday alert, Palo Alto Networks said a buffer overflow vulnerability is present in a captive portal feature built into PAN-OS software that runs the company's appliances. The portal authenticates unknown users accessing a company's internal network.

Exploiting the buffer overflow vulnerability "allows an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets," the alert says. The firm calls its captive portal "User-ID."

Palo Alto Networks on Wednesday reported seeing "limited exploitation" of the flaw for customers who exposed the portal to the ...