Federal agencies face a hard deadline today to mitigate CVE-2026-0300, a critical buffer overflow vulnerability in Palo Alto Networks' PAN-OS software that has been exploited in the wild for several weeks.
The vulnerability exists in the way PAN-OS handles specific types of malformed GlobalProtect authentication requests. It allows an unauthenticated, remote attacker to execute arbitrary code with root privileges on the underlying Linux kernel of the firewall. CISA has confirmed active exploitation by multiple threat actors (attributed to UNC3886) to establish persistent beachheads within government and defense-industrial base networks.
Organizations must immediately upgrade to PAN-OS versions 11.2.4-h3, 10.1.14, or higher. If patching is not immediately possible, CISA recommends disabling the GlobalProtect feature or applying a temporary packet filtering rule to drop incoming /ssl-vpn/login.php requests containing unusually large header values.