Palo Alto readies firewall zero-day patch

Palo Alto Networks said it is preparing a software patch for a recently reported zero-day affecting PAN-OS, the software that runs its next-generation firewalls, and told customers to apply temporary mitigations while they wait. The company did not publicly give a full patch timetable in the vendor post referenced by researchers, but its security advisories and release-note pages show PAN-OS updates are being posted on an ongoing basis. Researchers flagged the issue on May 18, and exploit discussion spread quickly on security forums, according to the social briefing provided for this story. Palo Alto Networks’ documentation says PAN-OS is the operating system for its next-generation firewalls. ### Which product is affected here? PAN-OS is the affected software family, and Palo Alto Networks says PAN-OS runs its next-generation firewalls. That matters because the issue is tied to the management software layer customers use across physical and virtual firewall deployments, rather than to a consumer application or endpoint tool. Palo Alto Networks’ public security advisory portal lists hundreds of PAN-OS advisories and is the company’s main channel for publishing affected versions, unaffected versions and remediation status. (docs.paloaltonetworks.com) The company’s release-note update page also shows recent PAN-OS documentation changes on May 15 for versions 10.2, 11.1 and 11.2. ### What has Palo Alto Networks said customers should do right now? (docs.paloaltonetworks.com) Palo Alto Networks urged customers to apply temporary mitigations and monitor PAN-OS updates, according to the context provided for this story. The company’s advisory practice is to publish version-specific guidance through its security portal, where customers can check whether a fix is available for a given branch. The company’s advisory page currently shows some PAN-OS fixes carrying “ETA: 05/28” for certain versions on recently published entries, underscoring that customers may need to track branch-by-branch release timing rather than expect one universal update at once. (security.paloaltonetworks.com) That timetable on the advisory page relates to listed PAN-OS releases and should be checked directly against the customer’s deployed version. ### How fast did exploit information spread? Researchers flagged the flaw on May 18, and exploit details circulated on security forums soon after, according to the social briefing supplied with this assignment. The same briefing said proof-of-concept code appeared within 48 hours. Palo Alto Networks’ own recent threat reporting shows the company has been dealing with actively exploited PAN-OS flaws this month. (security.paloaltonetworks.com) Unit 42, the company’s threat-intelligence arm, published a threat brief last week on exploitation of CVE-2026-0300, a PAN-OS Captive Portal zero-day, and outside security outlets reported active attacks against firewall devices. ### Is there an official patch date yet? (security.paloaltonetworks.com) Palo Alto Networks has not publicly specified a full patch timeframe in the vendor post referenced in this story. The company’s security advisory portal, however, is already using dated release targets for some PAN-OS fixes, including May 28 ETAs on certain listed versions. The release-note updates page is the other place customers should watch. Palo Alto Networks says that page tracks recently updated release notes, and it showed PAN-OS entries updated as recently as May 15. (unit42.paloaltonetworks.com) ### Where should customers look next? Palo Alto Networks’ security advisory portal is the primary source for affected versions, mitigations and fixed releases. (security.paloaltonetworks.com) The company’s release-note pages provide the version-by-version publication trail for PAN-OS updates. May 28 is the next concrete date visible on Palo Alto Networks’ advisory site for some PAN-OS fixes, and customers should compare that guidance with their deployed 10.2, 11.1, 11.2 or 12.1 branches as new entries are posted. (docs.paloaltonetworks.com) (security.paloaltonetworks.com)