Tag

#palo-alto

2 posts tagged #palo-alto.

Analysis · May 8, 2026 · The Commentary Desk

Three root shells in seven months. All from the same firewall.

CVE-2024-3400, CVE-2024-0012, and CVE-2024-9474 gave attackers unauthenticated root on Palo Alto firewalls twice in 2024. The pattern isn't bad luck. It's the architecture.
Analysis · May 7, 2026 · The Field Notes Desk

CISA says patch by Friday. Palo Alto's fix ships next Tuesday.

CVE-2026-0300 is an unauthenticated RCE in PAN-OS Captive Portal, exploited since April 9 by a state-aligned actor. The KEV deadline is May 9. The first patch lands May 13. Here's what to do with the four days in between.