Palo Alto dropped four PAN-OS remote code execution advisories in a single batch — the worst of which, CVE-2026-0300, is a CVSS 9.8 unauthenticated buffer overflow in the User-ID authentication portal. No exploit has been observed in the wild yet, but an internet-facing auth page on one of the most widely deployed NGFW platforms is the kind of target that gets weaponized fast. Meanwhile, an 18-year-old heap overflow in the NGINX rewrite module surfaced at CVSS 9.2, and the G7 published the first coordinated government guidance on AI supply chain transparency.

In the News

PAN-OS User-ID Portal RCE: CVSS 9.8 Buffer Overflow, No Auth Required

Palo Alto Networks disclosed CVE-2026-0300, a critical-severity buffer overflow in the PAN-OS User-ID authentication portal. The flaw allows an unauthenticated attacker to achieve remote code execution on the firewall itself — no credentials, no prior access, no user interaction. The User-ID portal is commonly enabled on internet-facing interfaces to support captive portal authentication and user-to-IP mapping.

The same advisory batch included three additional high-severity PAN-OS flaws: CVE-2026-0264 (CVSS 8.1), a heap-based buffer overflow in the DNS proxy that enables unauthenticated RCE; CVE-2026-0263 (CVSS 8.1), an RCE in IKEv2 processing that affects site-to-site and remote access VPN configurations; and CVE-2026-0265 (CVSS 8.1), an authentication bypass when Cloud Authentication Service (CAS) is enabled on PAN-OS.

None of the four flaws have been observed under active exploitation as of this writing, but the combination of unauthenticated attack vectors and the prevalence of PAN-OS in enterprise perimeters makes rapid weaponization a reasonable assumption. Two additional lower-severity PAN-OS advisories were published in the same cycle: CVE-2026-0244 (CVSS 5.9, improper certificate validation in Prisma SD-WAN) and CVE-2026-0258 (CVSS 6.5, SSRF in IKEv2 certificate URL fetching).

What defenders should do: Patch to the fixed PAN-OS versions specified in each advisory immediately. If patching requires a maintenance window, disable the User-ID authentication portal on any internet-facing interface as a compensating control. Audit DNS proxy and IKEv2 VPN configurations — disable features that are enabled but not operationally required. Monitor Palo Alto’s advisory page for updates on exploitation status.

18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated RCE

CVE-2026-42945 is a heap buffer overflow in the NGINX rewrite module — a component used by the vast majority of NGINX deployments to handle URL rewriting, redirects, and request routing. The vulnerability has existed in the codebase for approximately 18 years and carries a CVSS score of 9.2. Exploitation enables unauthenticated remote code execution.

The blast radius here is significant. NGINX is the most widely deployed web server and reverse proxy on the internet. It sits in front of web applications, API gateways, load balancers, Kubernetes ingress controllers, and the management consoles of security products themselves. Many organizations do not maintain a comprehensive inventory of where NGINX is running — it is embedded in appliances, containers, and cloud services in ways that are not always visible to patch management tooling.

What defenders should do: Patch all NGINX instances immediately. The harder task is finding them all — conduct an asset inventory sweep for NGINX binaries, container images, and appliance firmware that bundles NGINX. Deploy web application firewall rules to detect heap spray patterns targeting the rewrite module as a compensating control for instances that cannot be patched immediately.

MuddyWater and FamousSparrow Expand Targeting Across Energy and Electronics

Two nation-state campaigns are broadening their scope into manufacturing and energy supply chains. MuddyWater (also tracked as Seedworm), attributed to Iran’s Ministry of Intelligence and Security (MOIS), targeted at least nine organizations across multiple sectors. Targets include a major South Korean electronics manufacturer — a notable geographic expansion for a group historically focused on Middle Eastern and South Asian targets.

Separately, FamousSparrow, a China-linked APT, conducted a multi-wave intrusion against an Azerbaijani oil and gas company between December 2025 and February 2026. Initial access was achieved through Microsoft Exchange exploitation — a vector FamousSparrow has used consistently since the ProxyLogon era. The three-month dwell period before detection underscores the persistent challenge of identifying hands-on-keyboard operators in environments where Exchange is internet-facing.

What defenders should do: Organizations in manufacturing and energy should treat Exchange hardening as a top priority: ensure all Exchange servers are fully patched, restrict internet-facing exposure, and deploy email security controls that detect post-authentication lateral movement. Implement network detection and response covering east-west traffic, and enforce segmentation between IT and OT network zones. MITRE ATT&CK techniques to monitor: T1190 (Exploit Public-Facing Application), T1078 (Valid Accounts), T1071 (Application Layer Protocol).

G7 Releases First Coordinated AI SBOM Guidance

The G7 published coordinated guidance on AI software bills of materials, establishing the first multi-government framework for transparency requirements in AI supply chains. The guidance targets organizations that build, procure, or deploy AI-integrated products and calls for disclosure of training data provenance, model lineage, dependency inventories, and risk assessments.

For cybersecurity, this matters because AI components are now embedded in security products at every layer — XDR correlation engines, email threat detection models, user and entity behavior analytics, and automated response playbooks. The G7 guidance signals that procurement teams will soon require the same transparency from AI model components that SBOM mandates already require from traditional software dependencies. Organizations that cannot document what is inside their AI models will face procurement friction.

What defenders should do: Start requiring AI transparency documentation from security vendors as part of RFP processes now, before formal regulatory mandates arrive. Extend existing software supply chain governance programs to cover AI model components, training data sources, and inference pipeline dependencies.

Today’s Deep Dive — Foxconn, West Pharma, and the Ransomware Supply Chain Problem

Two ransomware incidents this week illustrate the operational reality of supply chain risk in manufacturing and pharmaceuticals. Foxconn confirmed that the Nitrogen ransomware group hit its North American factory operations, with the threat actor claiming 8TB of exfiltrated data. Separately, West Pharmaceutical Services — a major manufacturer of pharmaceutical packaging and drug delivery components — confirmed that attackers exfiltrated data and encrypted systems in an attack whose specifics remain under investigation.

The pattern is consistent with the double-extortion model that has dominated ransomware operations since Maze popularized it in 2019: exfiltrate first, encrypt second, negotiate under the threat of data publication. The targeting is also consistent — manufacturing and pharmaceutical companies operate environments where downtime has immediate physical consequences (production halts, supply chain disruption, patient safety implications), which increases the pressure to pay.

From a defensive standpoint, the common thread is the convergence of IT and OT risk. Manufacturing environments running legacy systems alongside modern IT infrastructure create lateral movement pathways that threat actors exploit to move from initial access in corporate IT to operational technology networks. Segmentation between IT and OT, immutable backups that have been tested through actual restoration exercises, and endpoint detection that covers both Windows servers and Linux-based industrial controllers are the primary controls.

MITRE ATT&CK mapping: T1486 (Data Encrypted for Impact), T1567 (Exfiltration Over Web Service), T1021 (Remote Services for lateral movement), T1071 (Application Layer Protocol for C2).

Detection Spotlight

This week’s detection focuses on identifying anomalous DNS proxy activity on PAN-OS devices — relevant to CVE-2026-0264 (DNS proxy heap overflow). If your PAN-OS firewalls forward DNS logs to a SIEM, the following Splunk SPL query surfaces DNS query patterns that may indicate heap spray attempts targeting the proxy service. Look for unusually long DNS labels (>63 bytes per label is a protocol violation) or high-frequency queries from a single source to the firewall’s DNS proxy interface.

index=pan_logs sourcetype="pan:threat" OR sourcetype="pan:traffic"
(app="dns" OR dest_port=53)
| eval query_len=len(query)
| where query_len > 200
| stats count AS long_query_count dc(query) AS unique_queries BY src_ip dest_ip
| where long_query_count > 50 OR unique_queries > 500
| sort -long_query_count
| table src_ip dest_ip long_query_count unique_queries _time

This query looks for sources sending DNS queries with abnormally long query strings (>200 characters) or high cardinality query patterns to PAN-OS firewall IPs acting as DNS proxies. Legitimate DNS queries rarely exceed 100 characters in the query field. False positive rate is low in environments where DNS proxy is used for standard recursive resolution — tune the threshold down if you see noise from internal DNS forwarding chains. Pair this with a check for PAN-OS DNS proxy crash logs (device_event_class_id=system with “dns” and “crash” or “restart” in the message) to detect successful exploitation attempts.

References

Subscribe to the it-learn Brief

Get the daily cybersecurity brief in your inbox every weekday morning — news, SE angles, and detection queries.