CISA KEV listing and FCEB firewall directive for CVE-2026-0300
Public Sector Action
Summary
Hide ▲
Show ▼
CISA added CVE-2026-0300 to the KEV Catalog and ordered FCEB agencies to secure vulnerable firewalls by May 9, 2026. The federal directive makes the exploited PAN-OS flaw an immediate remediation priority. It matters because the bug enables unauthenticated remote code execution on internet-exposed firewalls that protect sensitive networks.
Related Happenings
CISA adds CVE-2026-20262 to KEV and orders federal fixes
Public Sector Action
H score32
First: 16.06.2026 09:05
Last: 16.06.2026 09:05
Sources 1
About this happening:
**CISA** added **CVE-2026-20262** to its **Known Exploited Vulnerabilities (KEV) catalog** and required **Federal Civilian Executive Branch (FCEB)** agencies to apply Cisco's fixe...
CISA adds CVE-2026-20262 to KEV and orders federal fixes
Public Sector ActionAbout this happening: **CISA** added **CVE-2026-20262** to its **Known Exploited Vulnerabilities (KEV) catalog** and required **Federal Civilian Executive Branch (FCEB)** agencies to apply Cisco's fixe...
CISA KEV update and FCEB remediation deadline
Public Sector Action
H score33
First: 10.06.2026 17:44
Last: 10.06.2026 17:44
Sources 1
About this happening:
**CISA** added **three actively exploited vulnerabilities** to the **KEV catalog** and ordered **Federal Civilian Executive Branch agencies** to remediate by **June 23, 2026**. Th...
CISA KEV update and FCEB remediation deadline
Public Sector ActionAbout this happening: **CISA** added **three actively exploited vulnerabilities** to the **KEV catalog** and ordered **Federal Civilian Executive Branch agencies** to remediate by **June 23, 2026**. Th...
CISA KEV remediation order for Cisco Catalyst SD-WAN Controller CVE-2026-20182
Public Sector Action
H score59
First: 15.05.2026 08:28
Last: 15.05.2026 08:28
Sources 1
About this happening:
**CISA** added **CVE-2026-20182** to the **KEV catalog** and ordered **Federal Civilian Executive Branch agencies** to remediate **Cisco Catalyst SD-WAN Controller** by **May 17,...
CISA KEV remediation order for Cisco Catalyst SD-WAN Controller CVE-2026-20182
Public Sector ActionAbout this happening: **CISA** added **CVE-2026-20182** to the **KEV catalog** and ordered **Federal Civilian Executive Branch agencies** to remediate **Cisco Catalyst SD-WAN Controller** by **May 17,...
CISA KEV order for Copy Fail on federal Linux devices
Public Sector Action
H score33
First: 08.05.2026 10:45
Last: 08.05.2026 10:45
Sources 1
About this happening:
**CISA** added **Copy Fail** to the **Known Exploited Vulnerabilities (KEV) Catalog**, making the Linux flaw a federal remediation priority. The agency ordered **federal agencies*...
CISA KEV order for Copy Fail on federal Linux devices
Public Sector ActionAbout this happening: **CISA** added **Copy Fail** to the **Known Exploited Vulnerabilities (KEV) Catalog**, making the Linux flaw a federal remediation priority. The agency ordered **federal agencies*...
PAN-OS User-ID Authentication Portal mitigation guidance (CVE-2026-0300)
Advisory/Mitigation
H score77
First: 06.05.2026 09:14
Last: 06.05.2026 09:14
Sources 1
How related:
Until security updates are available, the company "strongly" advised customers to secure access to the PAN-OS User-ID Authentication Portal by restricting access to trusted zones only, or by disabling the portal if that's not possible, which mitigates the risk of this issue.
About this happening:
Palo Alto Networks issued **mitigation guidance** for **CVE-2026-0300** after the **PAN-OS User-ID Authentication Portal** flaw was reported **exploited in the wild**, leaving pub...
PAN-OS User-ID Authentication Portal mitigation guidance (CVE-2026-0300)
Advisory/MitigationHow related: Until security updates are available, the company "strongly" advised customers to secure access to the PAN-OS User-ID Authentication Portal by restricting access to trusted zones only, or by disabling the portal if that's not possible, which mitigates the risk of this issue.
About this happening: Palo Alto Networks issued **mitigation guidance** for **CVE-2026-0300** after the **PAN-OS User-ID Authentication Portal** flaw was reported **exploited in the wild**, leaving pub...
Timeline
-
07.05.2026 13:57 1 articles · 2mo ago
April 9, 2026 failed PAN-OS exploitation attempts
Exploitation ObservedFailed exploitation attempts against an Internet-exposed PAN-OS device began on April 9, 2026, marking the start of probing against CVE-2026-0300 before any confirmed compromise.
Show sources
- Palo Alto Networks firewall zero-day exploited for nearly a month — www.bleepingcomputer.com — 07.05.2026 13:57
-
07.05.2026 13:57 1 articles · 2mo ago
Attackers achieve RCE and clean up evidence
Exploitation ObservedA week after the initial failures, the attackers achieved unauthenticated remote code execution against the PAN-OS device, injected shellcode, cleared crash kernel messages and nginx crash records, removed crash core dump files, and deployed Earthworm and ReverseSocks5 tunneling tools to sustain access.
Show sources
- Palo Alto Networks firewall zero-day exploited for nearly a month — www.bleepingcomputer.com — 07.05.2026 13:57
-
07.05.2026 13:57 2 articles · 2mo ago
CISA adds CVE-2026-0300 to KEV and orders federal remediation
Legal Policy Action UpdateCISA added CVE-2026-0300 to the Known Exploited Vulnerabilities (KEV) Catalog and ordered Federal Civilian Executive Branch agencies to secure vulnerable firewalls by Saturday midnight, May 9, 2026.
Show sources
- Palo Alto Networks firewall zero-day exploited for nearly a month — www.bleepingcomputer.com — 07.05.2026 13:57
- Palo Alto Networks firewall zero-day exploited for nearly a month — www.bleepingcomputer.com — 07.05.2026 13:57
-
07.05.2026 13:57 1 articles · 2mo ago
Palo Alto Networks warns of CVE-2026-0300 exploitation
Initial DisclosurePalo Alto Networks warned customers that suspected state-sponsored hackers had been exploiting CVE-2026-0300 in PAN-OS for nearly a month, said exploitation was limited, noted that Cloud NGFW and Panorama were not affected, and advised restricting the PAN-OS User-ID Authentication Portal to trusted zones or disabling it until patches expected on May 13 became available. Shadowserver also tracked more than 5,400 exposed PAN-OS VM-series firewalls, most of them in Asia and North America.
Show sources
- Palo Alto Networks firewall zero-day exploited for nearly a month — www.bleepingcomputer.com — 07.05.2026 13:57