Palo Alto dropped three high-severity advisories on Wednesday, two of which deliver remote code execution against core NGFW services — IKEv2 VPN processing and DNS proxy. The same day, researchers confirmed that FortiClient EMS, patched in April for CVE-2026-35616, is being actively exploited to turn endpoint management infrastructure into a credential-stealer delivery mechanism. Meanwhile, Microsoft documented a supply chain campaign that planted 14 typosquatted npm packages designed to steal AWS credentials and CI/CD secrets from build pipelines. The common thread: the things organizations trust most — their firewalls, their endpoint management, their package registries — are the things being weaponized.

In the News

PAN-OS IKEv2 RCE — CVE-2026-0263

Palo Alto published advisory CVE-2026-0263 for a remote code execution vulnerability in PAN-OS IKEv2 processing. The flaw affects firewalls running IKEv2 for site-to-site VPN tunnels or GlobalProtect IPsec connections — both of which place the vulnerable service directly on the internet-facing interface.

No exploitation has been observed yet, but the attack surface is inherently exposed. IKEv2 negotiation happens before any authentication context is established at the application layer, which means the parsing code runs against attacker-controlled packets from any source IP. Palo Alto rates the vulnerability high severity. Patches are available for affected PAN-OS versions as of May 28.

This is the third high-severity PAN-OS VPN flaw in the past 12 months. Organizations running PAN-OS with IKEv2 enabled should treat this as a priority patch — waiting for a monthly maintenance window is not appropriate for internet-facing RCE in VPN infrastructure. For defenders tracking VPN appliance vulnerabilities as an attack surface category, this reinforces the pattern: the perimeter device itself remains a high-value target.

What defenders should do: Patch PAN-OS immediately. If patching is delayed, disable IKEv2 and move IPsec tunnels to IKEv1 as a temporary compensating control. Audit firewall management and VPN interfaces for unnecessary internet exposure.

PAN-OS DNS Proxy RCE — CVE-2026-0264

The second PAN-OS advisory, CVE-2026-0264, is arguably more dangerous operationally. It is an unauthenticated heap overflow in the DNS proxy and DNS server features built into PAN-OS. An attacker who can send DNS queries to an affected firewall — a low bar, given that many organizations configure their NGFW as a DNS forwarder for internal clients — can achieve remote code execution without any credentials.

The unauthenticated nature of this flaw changes the threat model significantly compared to CVE-2026-0263. DNS traffic is ubiquitous, expected, and rarely inspected at the packet level for exploitation attempts against the resolver itself. Detection is difficult because legitimate DNS query volume provides natural cover for exploitation traffic.

A third PAN-OS advisory, CVE-2026-0265, addresses an authentication bypass in the Cloud Authentication Service (CAS) used for SSO to NGFW management. While the blast radius is narrower (only organizations using CAS for management plane access), it represents a direct path to firewall administrative control. All three advisories landed in the same patch cycle, which means organizations need a single coordinated change window to address all three — not three separate tickets. For context on NGFW hardening best practices, the pattern is consistent: disable features you do not use, patch the ones you do.

What defenders should do: Patch PAN-OS. Disable DNS proxy and DNS server features if they are not operationally required. If the firewall must serve DNS, restrict source IPs to internal subnets only. Audit CAS configurations for CVE-2026-0265 exposure.

FortiClient EMS Exploited to Distribute Credential Stealers

CVE-2026-35616, a vulnerability in Fortinet’s FortiClient Enterprise Management Server patched in April, is now being actively exploited in the wild. The attack is notable not for the initial access vector — which is a standard server-side vulnerability — but for what happens after compromise. Threat actors are using the EMS instance itself as a distribution point for credential-stealing malware, pushing malicious payloads to managed endpoints through the legitimate management channel.

This is management plane compromise in its purest form. The endpoint agents trust their management server by design. When that server is compromised, every managed endpoint becomes a target that will accept and execute whatever the server sends — including infostealer malware. The detection challenge is severe: the malware arrives through the same channel as legitimate configuration updates and policy pushes.

Organizations running FortiClient EMS should have patched in April. Those that did not are now facing active exploitation. The broader lesson applies to every centralized management platform: the management server is a tier-zero asset. It deserves the same patching urgency, access controls, and monitoring as a domain controller.

What defenders should do: Patch FortiClient EMS immediately. Monitor EMS servers for anomalous outbound connections and unexpected binary distribution to endpoints. Treat management infrastructure as tier-zero — isolate it, restrict administrative access, and alert on any behavioral deviation.

npm Supply Chain Attack Steals AWS and CI/CD Credentials

Microsoft’s security team documented a campaign dubbed Mini Shai-Hulud in which 14 malicious npm packages were published within a four-hour window. The packages typosquatted popular OpenSearch and ElasticSearch client libraries — close enough in name to catch a developer who types a package name from memory or accepts an autocomplete suggestion without verifying the publisher.

On install, the packages execute a postinstall script that exfiltrates environment variables containing AWS access keys, HashiCorp Vault tokens, and CI/CD pipeline secrets. The exfiltration targets are precise: these are not broad credential harvesters but packages engineered to compromise cloud infrastructure and build pipeline secrets specifically.

The four-hour publication window suggests the attacker understands npm’s abuse detection cadence and is operating within the gap between publication and takedown. For organizations that rely on npm in their build pipelines, the countermeasures are lockfile enforcement, scoped internal registries, and software composition analysis that flags newly published packages with names similar to known dependencies. Developer judgment alone is not a sufficient control against typosquatting at this speed.

What defenders should do: Audit npm dependencies for recently added packages matching OpenSearch or ElasticSearch naming patterns. Enforce lockfile integrity in CI/CD pipelines. Implement software composition analysis and consider using a private registry proxy that allowlists approved packages.

Defender Action Items

  • Patch PAN-OS for CVE-2026-0263 (IKEv2 RCE), CVE-2026-0264 (DNS proxy RCE), and CVE-2026-0265 (CAS auth bypass) — all three in one change window
  • Patch FortiClient EMS for CVE-2026-35616 if not already applied from the April advisory — this is now actively exploited
  • Audit npm dependencies for typosquatted OpenSearch/ElasticSearch packages; enforce lockfile integrity and scan for unauthorized postinstall scripts
  • Disable unnecessary DNS proxy/server features on NGFW appliances — reduce attack surface where the feature is not operationally required
  • Monitor management plane infrastructure (EMS, SCCM, Intune, Jamf) for anomalous binary distribution and unexpected outbound connections — treat these as tier-zero assets

Detection Queries

Detect unexpected DNS query volume to PAN-OS firewall interfaces that may indicate exploitation attempts against CVE-2026-0264. This Splunk SPL query identifies DNS traffic destined to firewall management or data-plane IPs where query volume exceeds normal baselines:

index=firewall sourcetype=pan:traffic dest_port=53
| where dest IN ("10.0.0.1", "10.0.0.2")
| bin _time span=5m
| stats count AS query_count BY src, dest, _time
| where query_count > 500
| sort -query_count

Adjust the dest filter to match your firewall interface IPs. A sustained spike in DNS queries from a single source to the firewall itself — rather than through the firewall to an upstream resolver — warrants immediate investigation. False positives are possible from recursive DNS clients, but the pattern of direct-to-firewall queries at high volume is anomalous in most environments.

For FortiClient EMS compromise detection, monitor for unexpected executable distribution from EMS servers:

index=endpoint sourcetype=sysmon EventCode=1
| where parent_process_name="FCTServer.exe" OR parent_process_name="FortiClientEMS.exe"
| where NOT process_name IN ("FortiClient.exe", "FortiTray.exe", "FCTUpdate.exe")
| stats count BY dest, process_name, process_hash
| sort -count

Any child process spawned by the EMS server process that is not a known FortiClient binary should be investigated immediately.

References

Subscribe to the it-learn Brief

Get the daily cybersecurity brief in your inbox every weekday morning — news, SE angles, and detection queries.