IOC Radar
TLP:WHITE1 IOC

Active Exploitation of PAN‑OS Authentication Portal RCE

TR
Truesec
Published May 8, 2026Original Report

Diamond Model

Attack Flow3 steps · MITRE ATT&CK mapped

Initial AccessTA0001·T1190
1/3
Exploit Public-Facing Application
ActionExploit public-facing application
Exploitation of CVE-2026-0300, a buffer overflow vulnerability in the PAN-OS User-ID Authentication Portal, allows unauthenticated remote code execution.

5W+H Threat Analysis

Analysis unavailable

Indicators of Compromise

Indicators of Compromise1

TypeIndicatorConfidenceScoreFirst Seen
CVECVE-2026-0300
aptespionageexploit
High
62
Jun 2, 26

IOC Relationship Graph

IOC Relationship Graph1 total IOCs
CVE
CVE1REPORTActive Exploitation of PAN
scroll to zoom · drag to pan · click IOC to open