INSPECTING ARCHIVED INTELLIGENCE (OUTDATED VERSION).
Palo Alto PAN-OS Flaw Exploited for Remote Code Execution
| 2026-05-06 08:52 CRITICAL HIGHExecutive Summary AI-generated
The Palo Alto Networks PAN-OS vulnerability, CVE-2026-0300, is a critical issue that affects the popular firewall operating system used by many Fortune 500 companies. The flaw allows unauthenticated remote code execution on certain firewalls with specific settings configured, particularly when the User-ID portal is exposed to the internet. A patch has not been published yet and Palo Alto Networks expects it will be included in releases over the next two weeks. Incident response firm Rapid7 warned that a patch is likely to be released for many versions by May 13, citing multiple bugs affecting lines of firewalls from 2024 that were exploited by cybercriminals and nation-state actors.
Technical Mitigations AI-generated
* Restrict access to User-ID Authentication Portal: Limiting access to the User-ID Authentication Portal per best practice guidelines can reduce the risk of exploitation. This includes restricting IP addresses and configuring settings to only allow trusted internal networks.
* Use a secure authentication protocol: Implementing a secure authentication protocol, such as OAuth or OpenID Connect, can help prevent unauthorized access to systems with exposed User-ID Authentication Portals.
* Implement rate limiting on User-ID Authentication Portal requests: Limiting the number of requests made to the User-ID Authentication Portal per minute can reduce the risk of exploitation by hackers who may try to flood the system with requests.
* Monitor for suspicious activity: Regularly monitoring for suspicious activity, such as unusual login attempts or changes in access permissions, can help identify potential security incidents before they escalate into a full-blown attack.
Intelligence Metadata
Actors / Malware / CVEs / Campaigns
CVE-2026-0300CVE-2026-0300
Target & Sectors
Global Scope
Incident Timeline
May 06, 2026
Threat actors exploited a critical buffer overflow vulnerability in Palo Alto Networks PAN-OS software.
Click on any entity below to view its context and source!
organisation
Palo Alto Networks
Ravie Lakshmanan
May 06, 2026
Vulnerability / Network Security
Palo Alto Networks has released an advisory warning that a critical buffer overflow vulnerability in its PAN-OS software has been exploited in the wild.
organisation
PAN
Ravie Lakshmanan
May 06, 2026
Vulnerability / Network Security
Palo Alto Networks has released an advisory warning that a critical buffer overflow vulnerability in its PAN-OS software has been exploited in the wild.
tactic
Buffer Overflow
Ravie Lakshmanan
May 06, 2026
Vulnerability / Network Security
Palo Alto Networks has released an advisory warning that a critical buffer overflow vulnerability in its PAN-OS software has been exploited in the wild.
organisation
Vulnerability / Network Security
Ravie Lakshmanan
May 06, 2026
Vulnerability / Network Security
Palo Alto Networks has released an advisory warning that a critical buffer overflow vulnerability in its PAN-OS software has been exploited in the wild.
2026/05/06
Palo Alto Networks PAN-OS flaw exploited for remote code execution.
Click on any entity below to view its context and source!
organisation
Palo Alto Networks PAN-OS
Palo Alto Networks PAN-OS flaw exploited for remote code execution.
organisation
Palo Alto Networks
Palo Alto Networks PAN-OS flaw exploited for remote code execution
Palo Alto Networks warns of a critical PAN-OS flaw (CVE-2026-0300) that is under active attack, allowing unauthenticated remote code execution.
A patch has not been published yet and Palo Alto Networks said it will be included in releases over the next two weeks.
organisation
PAN
Palo Alto Networks PAN-OS flaw exploited for remote code execution
Palo Alto Networks warns of a critical PAN-OS flaw (CVE-2026-0300) that is under active attack, allowing unauthenticated remote code execution.
The vulnerability affects the PAN-OS software and the PA-Series and VM-Series firewalls that have certain settings configured.
organisation
CVE-2026-0300
Palo Alto Networks has warned that a critical PAN-OS vulnerability, tracked as CVE-2026-0300 (CVSS score of 9.3), is actively exploited in the wild.
organisation
the User-ID Authentication Portal
It carries a CVSS score of 9.3 if the User-ID Authentication Portal is configured to enable access from the internet or any untrusted network.
Palo Alto Networks says the flaw is being exploited in a limited way, mainly against systems where the User-ID Authentication Portal is exposed to the public internet.
organisation
CVSS
It carries a CVSS score of 9.3 if the User-ID Authentication Portal is configured to enable access from the internet or any untrusted network.
organisation
User-ID
“A buffer overflow vulnerability in the User-ID™ Authentication Portal (aka Captive Portal) service of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets.” reads the
advisory
published by Palo Alto Networks.
infrastructure
12.1
“The risk of this issue is greatly reduced if you secure access to the User-ID™ Authentication Portal per the
best practice guidelines
by restricting access to only trusted internal IP addresses.”
Below is the list of impacted products:
Versions
Affected
Unaffected
Cloud NGFW
None
All
PAN-OS 12.1
< 12.1.4-h5
< 12.1.7
>= 12.1.4-h5 (ETA: 05/13)
>= 12.1.7
infrastructure
12.1.4-h5
“The risk of this issue is greatly reduced if you secure access to the User-ID™ Authentication Portal per the
best practice guidelines
by restricting access to only trusted internal IP addresses.”
Below is the list of impacted products:
Versions
Affected
Unaffected
Cloud NGFW
None
All
PAN-OS 12.1
< 12.1.4-h5
< 12.1.7
>= 12.1.4-h5 (ETA: 05/13)
>= 12.1.7
infrastructure
12.1.7
“The risk of this issue is greatly reduced if you secure access to the User-ID™ Authentication Portal per the
best practice guidelines
by restricting access to only trusted internal IP addresses.”
Below is the list of impacted products:
Versions
Affected
Unaffected
Cloud NGFW
None
All
PAN-OS 12.1
< 12.1.4-h5
< 12.1.7
>= 12.1.4-h5 (ETA: 05/13)
>= 12.1.7
organisation
IP
“The risk of this issue is greatly reduced if you secure access to the User-ID™ Authentication Portal per the
best practice guidelines
by restricting access to only trusted internal IP addresses.”
Below is the list of impacted products:
Versions
Affected
Unaffected
Cloud NGFW
None
All
PAN-OS 12.1
< 12.1.4-h5
< 12.1.7
>= 12.1.4-h5 (ETA: 05/13)
>= 12.1.7
Palo Alto Networks said the exploitation was focused on authentication portals that are exposed to untrusted IP addresses or the public internet.
The severity comes down to 8.7 if access to the portal is restricted to only trusted internal IP addresses.
organisation
ETA
“The risk of this issue is greatly reduced if you secure access to the User-ID™ Authentication Portal per the
best practice guidelines
by restricting access to only trusted internal IP addresses.”
Below is the list of impacted products:
Versions
Affected
Unaffected
Cloud NGFW
None
All
PAN-OS 12.1
< 12.1.4-h5
< 12.1.7
>= 12.1.4-h5 (ETA: 05/13)
>= 12.1.7
organisation
Prisma Access
None
>= 11.1.7-h6 (ETA: 05/28)
>= 11.1.10-h25 (ETA: 05/13)
>= 11.1.13-h5 (ETA: 05/13)
>= 11.1.15 (ETA: 05/28)
PAN-OS 10.2
< 10.2.7-h34
< 10.2.10-h36
< 10.2.13-h21
< 10.2.16-h7
< 10.2.18-h6
>= 10.2.7-h34 (ETA: 05/28)
>= 10.2.10-h36 (ETA: 05/13)
>= 10.2.13-h21 (ETA: 05/28)
>= 10.2.16-h7 (ETA: 05/28)
>= 10.2.18-h6 (ETA: 05/13)
Prisma Access
None
All
The cybersecurity vendor states that the issue doesn’t impact Prisma Access, Cloud NGFW and Panorama appliances.
organisation
Prisma Access
>= 11.1.7-h6 (ETA: 05/28)
>= 11.1.10-h25 (ETA: 05/13)
>= 11.1.13-h5 (ETA: 05/13)
>= 11.1.15 (ETA: 05/28)
PAN-OS 10.2
< 10.2.7-h34
< 10.2.10-h36
< 10.2.13-h21
< 10.2.16-h7
< 10.2.18-h6
>= 10.2.7-h34 (ETA: 05/28)
>= 10.2.10-h36 (ETA: 05/13)
>= 10.2.13-h21 (ETA: 05/28)
>= 10.2.16-h7 (ETA: 05/28)
>= 10.2.18-h6 (ETA: 05/13)
Prisma Access
None
All
The cybersecurity vendor states that the issue doesn’t impact Prisma Access, Cloud NGFW and Panorama appliances.
organisation
Panorama
>= 11.1.7-h6 (ETA: 05/28)
>= 11.1.10-h25 (ETA: 05/13)
>= 11.1.13-h5 (ETA: 05/13)
>= 11.1.15 (ETA: 05/28)
PAN-OS 10.2
< 10.2.7-h34
< 10.2.10-h36
< 10.2.13-h21
< 10.2.16-h7
< 10.2.18-h6
>= 10.2.7-h34 (ETA: 05/28)
>= 10.2.10-h36 (ETA: 05/13)
>= 10.2.13-h21 (ETA: 05/28)
>= 10.2.16-h7 (ETA: 05/28)
>= 10.2.18-h6 (ETA: 05/13)
Prisma Access
None
All
The cybersecurity vendor states that the issue doesn’t impact Prisma Access, Cloud NGFW and Panorama appliances.
organisation
PAN-OS
PAN-OS is a
popular
firewall operating system used by many Fortune 500 companies.
organisation
User-ID Authentication Portal
The company also said the vulnerability is applicable only to PA-Series and VM-Series firewalls that are configured to use the User-ID Authentication Portal.
May 13, 2026
Palo Alto Networks' PAN-OS flaw was exploited for remote code execution.
Click on any entity below to view its context and source!
infrastructure
12.1
The following versions are impacted by the flaw -
PAN-OS 12.1 - < 12.1.4-h5, < 12.1.7
PAN-OS 11.2 - < 11.2.4-h17, < 11.2.7-h13, < 11.2.10-h6, < 11.2.12
PAN-OS 11.1 - < 11.1.4-h33, < 11.1.6-h32, < 11.1.7-h6, < 11.1.10-h25, < 11.1.13-h5, < 11.1.15
PAN-OS 10.2 - < 10.2.7-h34, < 10.2.10-h36, < 10.2.13-h21, < 10.2.16-h7, < 10.2.18-h6
The issue, as it stands, is unpatched, with Palo Alto Networks planning to release fixes starting May 13, 2026.
infrastructure
12.1.4-h5
The following versions are impacted by the flaw -
PAN-OS 12.1 - < 12.1.4-h5, < 12.1.7
PAN-OS 11.2 - < 11.2.4-h17, < 11.2.7-h13, < 11.2.10-h6, < 11.2.12
PAN-OS 11.1 - < 11.1.4-h33, < 11.1.6-h32, < 11.1.7-h6, < 11.1.10-h25, < 11.1.13-h5, < 11.1.15
PAN-OS 10.2 - < 10.2.7-h34, < 10.2.10-h36, < 10.2.13-h21, < 10.2.16-h7, < 10.2.18-h6
The issue, as it stands, is unpatched, with Palo Alto Networks planning to release fixes starting May 13, 2026.
infrastructure
12.1.7
The following versions are impacted by the flaw -
PAN-OS 12.1 - < 12.1.4-h5, < 12.1.7
PAN-OS 11.2 - < 11.2.4-h17, < 11.2.7-h13, < 11.2.10-h6, < 11.2.12
PAN-OS 11.1 - < 11.1.4-h33, < 11.1.6-h32, < 11.1.7-h6, < 11.1.10-h25, < 11.1.13-h5, < 11.1.15
PAN-OS 10.2 - < 10.2.7-h34, < 10.2.10-h36, < 10.2.13-h21, < 10.2.16-h7, < 10.2.18-h6
The issue, as it stands, is unpatched, with Palo Alto Networks planning to release fixes starting May 13, 2026.
infrastructure
11.2
The following versions are impacted by the flaw -
PAN-OS 12.1 - < 12.1.4-h5, < 12.1.7
PAN-OS 11.2 - < 11.2.4-h17, < 11.2.7-h13, < 11.2.10-h6, < 11.2.12
PAN-OS 11.1 - < 11.1.4-h33, < 11.1.6-h32, < 11.1.7-h6, < 11.1.10-h25, < 11.1.13-h5, < 11.1.15
PAN-OS 10.2 - < 10.2.7-h34, < 10.2.10-h36, < 10.2.13-h21, < 10.2.16-h7, < 10.2.18-h6
The issue, as it stands, is unpatched, with Palo Alto Networks planning to release fixes starting May 13, 2026.
infrastructure
11.2.4-h17
The following versions are impacted by the flaw -
PAN-OS 12.1 - < 12.1.4-h5, < 12.1.7
PAN-OS 11.2 - < 11.2.4-h17, < 11.2.7-h13, < 11.2.10-h6, < 11.2.12
PAN-OS 11.1 - < 11.1.4-h33, < 11.1.6-h32, < 11.1.7-h6, < 11.1.10-h25, < 11.1.13-h5, < 11.1.15
PAN-OS 10.2 - < 10.2.7-h34, < 10.2.10-h36, < 10.2.13-h21, < 10.2.16-h7, < 10.2.18-h6
The issue, as it stands, is unpatched, with Palo Alto Networks planning to release fixes starting May 13, 2026.
infrastructure
11.2.7-h13
The following versions are impacted by the flaw -
PAN-OS 12.1 - < 12.1.4-h5, < 12.1.7
PAN-OS 11.2 - < 11.2.4-h17, < 11.2.7-h13, < 11.2.10-h6, < 11.2.12
PAN-OS 11.1 - < 11.1.4-h33, < 11.1.6-h32, < 11.1.7-h6, < 11.1.10-h25, < 11.1.13-h5, < 11.1.15
PAN-OS 10.2 - < 10.2.7-h34, < 10.2.10-h36, < 10.2.13-h21, < 10.2.16-h7, < 10.2.18-h6
The issue, as it stands, is unpatched, with Palo Alto Networks planning to release fixes starting May 13, 2026.
infrastructure
11.2.10-h6
The following versions are impacted by the flaw -
PAN-OS 12.1 - < 12.1.4-h5, < 12.1.7
PAN-OS 11.2 - < 11.2.4-h17, < 11.2.7-h13, < 11.2.10-h6, < 11.2.12
PAN-OS 11.1 - < 11.1.4-h33, < 11.1.6-h32, < 11.1.7-h6, < 11.1.10-h25, < 11.1.13-h5, < 11.1.15
PAN-OS 10.2 - < 10.2.7-h34, < 10.2.10-h36, < 10.2.13-h21, < 10.2.16-h7, < 10.2.18-h6
The issue, as it stands, is unpatched, with Palo Alto Networks planning to release fixes starting May 13, 2026.
infrastructure
11.2.12
The following versions are impacted by the flaw -
PAN-OS 12.1 - < 12.1.4-h5, < 12.1.7
PAN-OS 11.2 - < 11.2.4-h17, < 11.2.7-h13, < 11.2.10-h6, < 11.2.12
PAN-OS 11.1 - < 11.1.4-h33, < 11.1.6-h32, < 11.1.7-h6, < 11.1.10-h25, < 11.1.13-h5, < 11.1.15
PAN-OS 10.2 - < 10.2.7-h34, < 10.2.10-h36, < 10.2.13-h21, < 10.2.16-h7, < 10.2.18-h6
The issue, as it stands, is unpatched, with Palo Alto Networks planning to release fixes starting May 13, 2026.
infrastructure
11.1
The following versions are impacted by the flaw -
PAN-OS 12.1 - < 12.1.4-h5, < 12.1.7
PAN-OS 11.2 - < 11.2.4-h17, < 11.2.7-h13, < 11.2.10-h6, < 11.2.12
PAN-OS 11.1 - < 11.1.4-h33, < 11.1.6-h32, < 11.1.7-h6, < 11.1.10-h25, < 11.1.13-h5, < 11.1.15
PAN-OS 10.2 - < 10.2.7-h34, < 10.2.10-h36, < 10.2.13-h21, < 10.2.16-h7, < 10.2.18-h6
The issue, as it stands, is unpatched, with Palo Alto Networks planning to release fixes starting May 13, 2026.
infrastructure
11.1.4-h33
The following versions are impacted by the flaw -
PAN-OS 12.1 - < 12.1.4-h5, < 12.1.7
PAN-OS 11.2 - < 11.2.4-h17, < 11.2.7-h13, < 11.2.10-h6, < 11.2.12
PAN-OS 11.1 - < 11.1.4-h33, < 11.1.6-h32, < 11.1.7-h6, < 11.1.10-h25, < 11.1.13-h5, < 11.1.15
PAN-OS 10.2 - < 10.2.7-h34, < 10.2.10-h36, < 10.2.13-h21, < 10.2.16-h7, < 10.2.18-h6
The issue, as it stands, is unpatched, with Palo Alto Networks planning to release fixes starting May 13, 2026.
infrastructure
11.1.6-h32
The following versions are impacted by the flaw -
PAN-OS 12.1 - < 12.1.4-h5, < 12.1.7
PAN-OS 11.2 - < 11.2.4-h17, < 11.2.7-h13, < 11.2.10-h6, < 11.2.12
PAN-OS 11.1 - < 11.1.4-h33, < 11.1.6-h32, < 11.1.7-h6, < 11.1.10-h25, < 11.1.13-h5, < 11.1.15
PAN-OS 10.2 - < 10.2.7-h34, < 10.2.10-h36, < 10.2.13-h21, < 10.2.16-h7, < 10.2.18-h6
The issue, as it stands, is unpatched, with Palo Alto Networks planning to release fixes starting May 13, 2026.
infrastructure
11.1.7-h6
The following versions are impacted by the flaw -
PAN-OS 12.1 - < 12.1.4-h5, < 12.1.7
PAN-OS 11.2 - < 11.2.4-h17, < 11.2.7-h13, < 11.2.10-h6, < 11.2.12
PAN-OS 11.1 - < 11.1.4-h33, < 11.1.6-h32, < 11.1.7-h6, < 11.1.10-h25, < 11.1.13-h5, < 11.1.15
PAN-OS 10.2 - < 10.2.7-h34, < 10.2.10-h36, < 10.2.13-h21, < 10.2.16-h7, < 10.2.18-h6
The issue, as it stands, is unpatched, with Palo Alto Networks planning to release fixes starting May 13, 2026.
infrastructure
11.1.10-h25
The following versions are impacted by the flaw -
PAN-OS 12.1 - < 12.1.4-h5, < 12.1.7
PAN-OS 11.2 - < 11.2.4-h17, < 11.2.7-h13, < 11.2.10-h6, < 11.2.12
PAN-OS 11.1 - < 11.1.4-h33, < 11.1.6-h32, < 11.1.7-h6, < 11.1.10-h25, < 11.1.13-h5, < 11.1.15
PAN-OS 10.2 - < 10.2.7-h34, < 10.2.10-h36, < 10.2.13-h21, < 10.2.16-h7, < 10.2.18-h6
The issue, as it stands, is unpatched, with Palo Alto Networks planning to release fixes starting May 13, 2026.
infrastructure
11.1.13-h5
The following versions are impacted by the flaw -
PAN-OS 12.1 - < 12.1.4-h5, < 12.1.7
PAN-OS 11.2 - < 11.2.4-h17, < 11.2.7-h13, < 11.2.10-h6, < 11.2.12
PAN-OS 11.1 - < 11.1.4-h33, < 11.1.6-h32, < 11.1.7-h6, < 11.1.10-h25, < 11.1.13-h5, < 11.1.15
PAN-OS 10.2 - < 10.2.7-h34, < 10.2.10-h36, < 10.2.13-h21, < 10.2.16-h7, < 10.2.18-h6
The issue, as it stands, is unpatched, with Palo Alto Networks planning to release fixes starting May 13, 2026.
infrastructure
11.1.15
The following versions are impacted by the flaw -
PAN-OS 12.1 - < 12.1.4-h5, < 12.1.7
PAN-OS 11.2 - < 11.2.4-h17, < 11.2.7-h13, < 11.2.10-h6, < 11.2.12
PAN-OS 11.1 - < 11.1.4-h33, < 11.1.6-h32, < 11.1.7-h6, < 11.1.10-h25, < 11.1.13-h5, < 11.1.15
PAN-OS 10.2 - < 10.2.7-h34, < 10.2.10-h36, < 10.2.13-h21, < 10.2.16-h7, < 10.2.18-h6
The issue, as it stands, is unpatched, with Palo Alto Networks planning to release fixes starting May 13, 2026.
infrastructure
10.2
The following versions are impacted by the flaw -
PAN-OS 12.1 - < 12.1.4-h5, < 12.1.7
PAN-OS 11.2 - < 11.2.4-h17, < 11.2.7-h13, < 11.2.10-h6, < 11.2.12
PAN-OS 11.1 - < 11.1.4-h33, < 11.1.6-h32, < 11.1.7-h6, < 11.1.10-h25, < 11.1.13-h5, < 11.1.15
PAN-OS 10.2 - < 10.2.7-h34, < 10.2.10-h36, < 10.2.13-h21, < 10.2.16-h7, < 10.2.18-h6
The issue, as it stands, is unpatched, with Palo Alto Networks planning to release fixes starting May 13, 2026.
infrastructure
10.2.7-h34
The following versions are impacted by the flaw -
PAN-OS 12.1 - < 12.1.4-h5, < 12.1.7
PAN-OS 11.2 - < 11.2.4-h17, < 11.2.7-h13, < 11.2.10-h6, < 11.2.12
PAN-OS 11.1 - < 11.1.4-h33, < 11.1.6-h32, < 11.1.7-h6, < 11.1.10-h25, < 11.1.13-h5, < 11.1.15
PAN-OS 10.2 - < 10.2.7-h34, < 10.2.10-h36, < 10.2.13-h21, < 10.2.16-h7, < 10.2.18-h6
The issue, as it stands, is unpatched, with Palo Alto Networks planning to release fixes starting May 13, 2026.
infrastructure
10.2.10-h36
The following versions are impacted by the flaw -
PAN-OS 12.1 - < 12.1.4-h5, < 12.1.7
PAN-OS 11.2 - < 11.2.4-h17, < 11.2.7-h13, < 11.2.10-h6, < 11.2.12
PAN-OS 11.1 - < 11.1.4-h33, < 11.1.6-h32, < 11.1.7-h6, < 11.1.10-h25, < 11.1.13-h5, < 11.1.15
PAN-OS 10.2 - < 10.2.7-h34, < 10.2.10-h36, < 10.2.13-h21, < 10.2.16-h7, < 10.2.18-h6
The issue, as it stands, is unpatched, with Palo Alto Networks planning to release fixes starting May 13, 2026.
infrastructure
10.2.13-h21
The following versions are impacted by the flaw -
PAN-OS 12.1 - < 12.1.4-h5, < 12.1.7
PAN-OS 11.2 - < 11.2.4-h17, < 11.2.7-h13, < 11.2.10-h6, < 11.2.12
PAN-OS 11.1 - < 11.1.4-h33, < 11.1.6-h32, < 11.1.7-h6, < 11.1.10-h25, < 11.1.13-h5, < 11.1.15
PAN-OS 10.2 - < 10.2.7-h34, < 10.2.10-h36, < 10.2.13-h21, < 10.2.16-h7, < 10.2.18-h6
The issue, as it stands, is unpatched, with Palo Alto Networks planning to release fixes starting May 13, 2026.
infrastructure
10.2.16-h7
The following versions are impacted by the flaw -
PAN-OS 12.1 - < 12.1.4-h5, < 12.1.7
PAN-OS 11.2 - < 11.2.4-h17, < 11.2.7-h13, < 11.2.10-h6, < 11.2.12
PAN-OS 11.1 - < 11.1.4-h33, < 11.1.6-h32, < 11.1.7-h6, < 11.1.10-h25, < 11.1.13-h5, < 11.1.15
PAN-OS 10.2 - < 10.2.7-h34, < 10.2.10-h36, < 10.2.13-h21, < 10.2.16-h7, < 10.2.18-h6
The issue, as it stands, is unpatched, with Palo Alto Networks planning to release fixes starting May 13, 2026.
infrastructure
10.2.18-h6
The following versions are impacted by the flaw -
PAN-OS 12.1 - < 12.1.4-h5, < 12.1.7
PAN-OS 11.2 - < 11.2.4-h17, < 11.2.7-h13, < 11.2.10-h6, < 11.2.12
PAN-OS 11.1 - < 11.1.4-h33, < 11.1.6-h32, < 11.1.7-h6, < 11.1.10-h25, < 11.1.13-h5, < 11.1.15
PAN-OS 10.2 - < 10.2.7-h34, < 10.2.10-h36, < 10.2.13-h21, < 10.2.16-h7, < 10.2.18-h6
The issue, as it stands, is unpatched, with Palo Alto Networks planning to release fixes starting May 13, 2026.
organisation
SecurityAffairs
“Customers following standard security best practices, such as restricting sensitive portals to trusted internal networks are at a greatly reduced risk.”
Follow me on Twitter:
@securityaffairs
and
Facebook
and
Mastodon
Pierluigi Paganini
(
SecurityAffairs
– hacking, PAN-OS)
organisation
PAN-OS
“Customers following standard security best practices, such as restricting sensitive portals to trusted internal networks are at a greatly reduced risk.”
Follow me on Twitter:
@securityaffairs
and
Facebook
and
Mastodon
Pierluigi Paganini
(
SecurityAffairs
– hacking, PAN-OS)
May 13
Threat actors exploited a vulnerability in Palo Alto Networks PAN-OS to gain remote access.
Tactical Metrics
Metrics
infrastructure
12.1
Software Version
Click for context!
“The risk of this issue is greatly reduced if you secure access to the User-ID™ Authentication Portal per the
best practice guidelines
by restricting access to only trusted internal IP addresses.”
Below is the list of impacted products:
Versions
Affected
Unaffected
Cloud NGFW
None
All
PAN-OS 12.1
< 12.1.4-h5
< 12.1.7
>= 12.1.4-h5 (ETA: 05/13)
>= 12.1.7
The following versions are impacted by the flaw -
PAN-OS 12.1 - < 12.1.4-h5, < 12.1.7
PAN-OS 11.2 - < 11.2.4-h17, < 11.2.7-h13, < 11.2.10-h6, < 11.2.12
PAN-OS 11.1 - < 11.1.4-h33, < 11.1.6-h32, < 11.1.7-h6, < 11.1.10-h25, < 11.1.13-h5, < 11.1.15
PAN-OS 10.2 - < 10.2.7-h34, < 10.2.10-h36, < 10.2.13-h21, < 10.2.16-h7, < 10.2.18-h6
The issue, as it stands, is unpatched, with Palo Alto Networks planning to release fixes starting May 13, 2026.
Metrics
infrastructure
12.1.4-h5
Software Version
“The risk of this issue is greatly reduced if you secure access to the User-ID™ Authentication Portal per the
best practice guidelines
by restricting access to only trusted internal IP addresses.”
Below is the list of impacted products:
Versions
Affected
Unaffected
Cloud NGFW
None
All
PAN-OS 12.1
< 12.1.4-h5
< 12.1.7
>= 12.1.4-h5 (ETA: 05/13)
>= 12.1.7
The following versions are impacted by the flaw -
PAN-OS 12.1 - < 12.1.4-h5, < 12.1.7
PAN-OS 11.2 - < 11.2.4-h17, < 11.2.7-h13, < 11.2.10-h6, < 11.2.12
PAN-OS 11.1 - < 11.1.4-h33, < 11.1.6-h32, < 11.1.7-h6, < 11.1.10-h25, < 11.1.13-h5, < 11.1.15
PAN-OS 10.2 - < 10.2.7-h34, < 10.2.10-h36, < 10.2.13-h21, < 10.2.16-h7, < 10.2.18-h6
The issue, as it stands, is unpatched, with Palo Alto Networks planning to release fixes starting May 13, 2026.
Metrics
infrastructure
12.1.7
Software Version
“The risk of this issue is greatly reduced if you secure access to the User-ID™ Authentication Portal per the
best practice guidelines
by restricting access to only trusted internal IP addresses.”
Below is the list of impacted products:
Versions
Affected
Unaffected
Cloud NGFW
None
All
PAN-OS 12.1
< 12.1.4-h5
< 12.1.7
>= 12.1.4-h5 (ETA: 05/13)
>= 12.1.7
The following versions are impacted by the flaw -
PAN-OS 12.1 - < 12.1.4-h5, < 12.1.7
PAN-OS 11.2 - < 11.2.4-h17, < 11.2.7-h13, < 11.2.10-h6, < 11.2.12
PAN-OS 11.1 - < 11.1.4-h33, < 11.1.6-h32, < 11.1.7-h6, < 11.1.10-h25, < 11.1.13-h5, < 11.1.15
PAN-OS 10.2 - < 10.2.7-h34, < 10.2.10-h36, < 10.2.13-h21, < 10.2.16-h7, < 10.2.18-h6
The issue, as it stands, is unpatched, with Palo Alto Networks planning to release fixes starting May 13, 2026.
Metrics
infrastructure
11.2
Software Version
The following versions are impacted by the flaw -
PAN-OS 12.1 - < 12.1.4-h5, < 12.1.7
PAN-OS 11.2 - < 11.2.4-h17, < 11.2.7-h13, < 11.2.10-h6, < 11.2.12
PAN-OS 11.1 - < 11.1.4-h33, < 11.1.6-h32, < 11.1.7-h6, < 11.1.10-h25, < 11.1.13-h5, < 11.1.15
PAN-OS 10.2 - < 10.2.7-h34, < 10.2.10-h36, < 10.2.13-h21, < 10.2.16-h7, < 10.2.18-h6
The issue, as it stands, is unpatched, with Palo Alto Networks planning to release fixes starting May 13, 2026.
Metrics
infrastructure
11.2.4-h17
Software Version
The following versions are impacted by the flaw -
PAN-OS 12.1 - < 12.1.4-h5, < 12.1.7
PAN-OS 11.2 - < 11.2.4-h17, < 11.2.7-h13, < 11.2.10-h6, < 11.2.12
PAN-OS 11.1 - < 11.1.4-h33, < 11.1.6-h32, < 11.1.7-h6, < 11.1.10-h25, < 11.1.13-h5, < 11.1.15
PAN-OS 10.2 - < 10.2.7-h34, < 10.2.10-h36, < 10.2.13-h21, < 10.2.16-h7, < 10.2.18-h6
The issue, as it stands, is unpatched, with Palo Alto Networks planning to release fixes starting May 13, 2026.
Metrics
infrastructure
11.2.7-h13
Software Version
The following versions are impacted by the flaw -
PAN-OS 12.1 - < 12.1.4-h5, < 12.1.7
PAN-OS 11.2 - < 11.2.4-h17, < 11.2.7-h13, < 11.2.10-h6, < 11.2.12
PAN-OS 11.1 - < 11.1.4-h33, < 11.1.6-h32, < 11.1.7-h6, < 11.1.10-h25, < 11.1.13-h5, < 11.1.15
PAN-OS 10.2 - < 10.2.7-h34, < 10.2.10-h36, < 10.2.13-h21, < 10.2.16-h7, < 10.2.18-h6
The issue, as it stands, is unpatched, with Palo Alto Networks planning to release fixes starting May 13, 2026.
Metrics
infrastructure
11.2.10-h6
Software Version
The following versions are impacted by the flaw -
PAN-OS 12.1 - < 12.1.4-h5, < 12.1.7
PAN-OS 11.2 - < 11.2.4-h17, < 11.2.7-h13, < 11.2.10-h6, < 11.2.12
PAN-OS 11.1 - < 11.1.4-h33, < 11.1.6-h32, < 11.1.7-h6, < 11.1.10-h25, < 11.1.13-h5, < 11.1.15
PAN-OS 10.2 - < 10.2.7-h34, < 10.2.10-h36, < 10.2.13-h21, < 10.2.16-h7, < 10.2.18-h6
The issue, as it stands, is unpatched, with Palo Alto Networks planning to release fixes starting May 13, 2026.
Metrics
infrastructure
11.2.12
Software Version
The following versions are impacted by the flaw -
PAN-OS 12.1 - < 12.1.4-h5, < 12.1.7
PAN-OS 11.2 - < 11.2.4-h17, < 11.2.7-h13, < 11.2.10-h6, < 11.2.12
PAN-OS 11.1 - < 11.1.4-h33, < 11.1.6-h32, < 11.1.7-h6, < 11.1.10-h25, < 11.1.13-h5, < 11.1.15
PAN-OS 10.2 - < 10.2.7-h34, < 10.2.10-h36, < 10.2.13-h21, < 10.2.16-h7, < 10.2.18-h6
The issue, as it stands, is unpatched, with Palo Alto Networks planning to release fixes starting May 13, 2026.
Metrics
infrastructure
11.1
Software Version
The following versions are impacted by the flaw -
PAN-OS 12.1 - < 12.1.4-h5, < 12.1.7
PAN-OS 11.2 - < 11.2.4-h17, < 11.2.7-h13, < 11.2.10-h6, < 11.2.12
PAN-OS 11.1 - < 11.1.4-h33, < 11.1.6-h32, < 11.1.7-h6, < 11.1.10-h25, < 11.1.13-h5, < 11.1.15
PAN-OS 10.2 - < 10.2.7-h34, < 10.2.10-h36, < 10.2.13-h21, < 10.2.16-h7, < 10.2.18-h6
The issue, as it stands, is unpatched, with Palo Alto Networks planning to release fixes starting May 13, 2026.
Metrics
infrastructure
11.1.4-h33
Software Version
The following versions are impacted by the flaw -
PAN-OS 12.1 - < 12.1.4-h5, < 12.1.7
PAN-OS 11.2 - < 11.2.4-h17, < 11.2.7-h13, < 11.2.10-h6, < 11.2.12
PAN-OS 11.1 - < 11.1.4-h33, < 11.1.6-h32, < 11.1.7-h6, < 11.1.10-h25, < 11.1.13-h5, < 11.1.15
PAN-OS 10.2 - < 10.2.7-h34, < 10.2.10-h36, < 10.2.13-h21, < 10.2.16-h7, < 10.2.18-h6
The issue, as it stands, is unpatched, with Palo Alto Networks planning to release fixes starting May 13, 2026.
Metrics
infrastructure
11.1.6-h32
Software Version
The following versions are impacted by the flaw -
PAN-OS 12.1 - < 12.1.4-h5, < 12.1.7
PAN-OS 11.2 - < 11.2.4-h17, < 11.2.7-h13, < 11.2.10-h6, < 11.2.12
PAN-OS 11.1 - < 11.1.4-h33, < 11.1.6-h32, < 11.1.7-h6, < 11.1.10-h25, < 11.1.13-h5, < 11.1.15
PAN-OS 10.2 - < 10.2.7-h34, < 10.2.10-h36, < 10.2.13-h21, < 10.2.16-h7, < 10.2.18-h6
The issue, as it stands, is unpatched, with Palo Alto Networks planning to release fixes starting May 13, 2026.
Metrics
infrastructure
11.1.7-h6
Software Version
The following versions are impacted by the flaw -
PAN-OS 12.1 - < 12.1.4-h5, < 12.1.7
PAN-OS 11.2 - < 11.2.4-h17, < 11.2.7-h13, < 11.2.10-h6, < 11.2.12
PAN-OS 11.1 - < 11.1.4-h33, < 11.1.6-h32, < 11.1.7-h6, < 11.1.10-h25, < 11.1.13-h5, < 11.1.15
PAN-OS 10.2 - < 10.2.7-h34, < 10.2.10-h36, < 10.2.13-h21, < 10.2.16-h7, < 10.2.18-h6
The issue, as it stands, is unpatched, with Palo Alto Networks planning to release fixes starting May 13, 2026.
Metrics
infrastructure
11.1.10-h25
Software Version
The following versions are impacted by the flaw -
PAN-OS 12.1 - < 12.1.4-h5, < 12.1.7
PAN-OS 11.2 - < 11.2.4-h17, < 11.2.7-h13, < 11.2.10-h6, < 11.2.12
PAN-OS 11.1 - < 11.1.4-h33, < 11.1.6-h32, < 11.1.7-h6, < 11.1.10-h25, < 11.1.13-h5, < 11.1.15
PAN-OS 10.2 - < 10.2.7-h34, < 10.2.10-h36, < 10.2.13-h21, < 10.2.16-h7, < 10.2.18-h6
The issue, as it stands, is unpatched, with Palo Alto Networks planning to release fixes starting May 13, 2026.
Metrics
infrastructure
11.1.13-h5
Software Version
The following versions are impacted by the flaw -
PAN-OS 12.1 - < 12.1.4-h5, < 12.1.7
PAN-OS 11.2 - < 11.2.4-h17, < 11.2.7-h13, < 11.2.10-h6, < 11.2.12
PAN-OS 11.1 - < 11.1.4-h33, < 11.1.6-h32, < 11.1.7-h6, < 11.1.10-h25, < 11.1.13-h5, < 11.1.15
PAN-OS 10.2 - < 10.2.7-h34, < 10.2.10-h36, < 10.2.13-h21, < 10.2.16-h7, < 10.2.18-h6
The issue, as it stands, is unpatched, with Palo Alto Networks planning to release fixes starting May 13, 2026.
Metrics
infrastructure
11.1.15
Software Version
The following versions are impacted by the flaw -
PAN-OS 12.1 - < 12.1.4-h5, < 12.1.7
PAN-OS 11.2 - < 11.2.4-h17, < 11.2.7-h13, < 11.2.10-h6, < 11.2.12
PAN-OS 11.1 - < 11.1.4-h33, < 11.1.6-h32, < 11.1.7-h6, < 11.1.10-h25, < 11.1.13-h5, < 11.1.15
PAN-OS 10.2 - < 10.2.7-h34, < 10.2.10-h36, < 10.2.13-h21, < 10.2.16-h7, < 10.2.18-h6
The issue, as it stands, is unpatched, with Palo Alto Networks planning to release fixes starting May 13, 2026.
Metrics
infrastructure
10.2
Software Version
The following versions are impacted by the flaw -
PAN-OS 12.1 - < 12.1.4-h5, < 12.1.7
PAN-OS 11.2 - < 11.2.4-h17, < 11.2.7-h13, < 11.2.10-h6, < 11.2.12
PAN-OS 11.1 - < 11.1.4-h33, < 11.1.6-h32, < 11.1.7-h6, < 11.1.10-h25, < 11.1.13-h5, < 11.1.15
PAN-OS 10.2 - < 10.2.7-h34, < 10.2.10-h36, < 10.2.13-h21, < 10.2.16-h7, < 10.2.18-h6
The issue, as it stands, is unpatched, with Palo Alto Networks planning to release fixes starting May 13, 2026.
Metrics
infrastructure
10.2.7-h34
Software Version
The following versions are impacted by the flaw -
PAN-OS 12.1 - < 12.1.4-h5, < 12.1.7
PAN-OS 11.2 - < 11.2.4-h17, < 11.2.7-h13, < 11.2.10-h6, < 11.2.12
PAN-OS 11.1 - < 11.1.4-h33, < 11.1.6-h32, < 11.1.7-h6, < 11.1.10-h25, < 11.1.13-h5, < 11.1.15
PAN-OS 10.2 - < 10.2.7-h34, < 10.2.10-h36, < 10.2.13-h21, < 10.2.16-h7, < 10.2.18-h6
The issue, as it stands, is unpatched, with Palo Alto Networks planning to release fixes starting May 13, 2026.
Metrics
infrastructure
10.2.10-h36
Software Version
The following versions are impacted by the flaw -
PAN-OS 12.1 - < 12.1.4-h5, < 12.1.7
PAN-OS 11.2 - < 11.2.4-h17, < 11.2.7-h13, < 11.2.10-h6, < 11.2.12
PAN-OS 11.1 - < 11.1.4-h33, < 11.1.6-h32, < 11.1.7-h6, < 11.1.10-h25, < 11.1.13-h5, < 11.1.15
PAN-OS 10.2 - < 10.2.7-h34, < 10.2.10-h36, < 10.2.13-h21, < 10.2.16-h7, < 10.2.18-h6
The issue, as it stands, is unpatched, with Palo Alto Networks planning to release fixes starting May 13, 2026.
Metrics
infrastructure
10.2.13-h21
Software Version
The following versions are impacted by the flaw -
PAN-OS 12.1 - < 12.1.4-h5, < 12.1.7
PAN-OS 11.2 - < 11.2.4-h17, < 11.2.7-h13, < 11.2.10-h6, < 11.2.12
PAN-OS 11.1 - < 11.1.4-h33, < 11.1.6-h32, < 11.1.7-h6, < 11.1.10-h25, < 11.1.13-h5, < 11.1.15
PAN-OS 10.2 - < 10.2.7-h34, < 10.2.10-h36, < 10.2.13-h21, < 10.2.16-h7, < 10.2.18-h6
The issue, as it stands, is unpatched, with Palo Alto Networks planning to release fixes starting May 13, 2026.
Metrics
infrastructure
10.2.16-h7
Software Version
The following versions are impacted by the flaw -
PAN-OS 12.1 - < 12.1.4-h5, < 12.1.7
PAN-OS 11.2 - < 11.2.4-h17, < 11.2.7-h13, < 11.2.10-h6, < 11.2.12
PAN-OS 11.1 - < 11.1.4-h33, < 11.1.6-h32, < 11.1.7-h6, < 11.1.10-h25, < 11.1.13-h5, < 11.1.15
PAN-OS 10.2 - < 10.2.7-h34, < 10.2.10-h36, < 10.2.13-h21, < 10.2.16-h7, < 10.2.18-h6
The issue, as it stands, is unpatched, with Palo Alto Networks planning to release fixes starting May 13, 2026.
Metrics
infrastructure
10.2.18-h6
Software Version
The following versions are impacted by the flaw -
PAN-OS 12.1 - < 12.1.4-h5, < 12.1.7
PAN-OS 11.2 - < 11.2.4-h17, < 11.2.7-h13, < 11.2.10-h6, < 11.2.12
PAN-OS 11.1 - < 11.1.4-h33, < 11.1.6-h32, < 11.1.7-h6, < 11.1.10-h25, < 11.1.13-h5, < 11.1.15
PAN-OS 10.2 - < 10.2.7-h34, < 10.2.10-h36, < 10.2.13-h21, < 10.2.16-h7, < 10.2.18-h6
The issue, as it stands, is unpatched, with Palo Alto Networks planning to release fixes starting May 13, 2026.
Intelligence Sources
The Hacker News
2026-05-06
Security Affairs
2026-05-06
Palo Alto Networks PAN-OS flaw exploited for remote code execution
Security Affairs
TheRecord
2026-05-06
Unpublish from Social Media?
Are you sure you want to delete this podcast video from all synchronized social networks (YouTube, Facebook, Threads)?
Important:
Due to Meta API restrictions, Instagram Reels cannot be deleted automatically via API by third-party apps.
View Profile to Delete Manually
View Profile to Delete Manually
Tactical Intelligence
Report Intelligence Issue
Podcast Options
Generate
Incident Version History
CURRENT VERSION
Last Updated: 2026-05-07T06:04
Comprehensive Tactical Telemetry
Highly Correlated Entities
21x
infrastructure
Software Version
12.1
version
16x
organisation
Identified Entity
Palo Alto Networks PAN-OS
entity
5x
timeline
Temporal Reference
May 13, 2026
date
3x
tactic
Cyber Operation Type
Remote Code Execution
tactic
Contextual Telemetry
Context Block
3 METRICS
vulnerability
Exploited CVE
CVE-2026-0300
cve
vulnerability
CVSS Score
9
score
general metric
Fortune
500
fortune
Click on any entity below to view its context in the main text!
Selective Unpublish
Selecciona las redes de las que quieres eliminar esta publicación. El sistema intentará borrar el post real de la API y limpiará la base de datos para que puedas volver a lanzarlo.
By navigating this website, you accept the use of strictly necessary technical cookies for session security and basic platform functionality. We do not use tracking or advertising cookies.
Read our Privacy Policy.