Severity: CRITICAL | Patch Immediately

CVE-2026-0300 | CVSS Score: 9.3 | Actively Exploited in the Wild

Palo Alto Networks has issued an emergency advisory confirming that CVE-2026-0300, a critical buffer overflow vulnerability in its PAN-OS operating system, is being actively exploited by threat actors right now. This is not a theoretical risk. Exploitation is confirmed in the wild.

PAN-OS powers Palo Alto's next-generation firewalls and is widely deployed across banking institutions, government ministries, telecommunications providers, and energy utilities throughout Kenya, Ethiopia, Somalia, Djibouti, Uganda, Tanzania, and Rwanda.

The Threat: What You Need to Know

The vulnerability is a buffer overflow flaw that allows an unauthenticated remote attacker to execute arbitrary code on the affected device with no credentials required. That means an attacker on the open internet can target your perimeter firewall, compromise it completely, and gain a foothold inside your network without ever needing a username or password.

With a CVSS score of 9.3 out of 10, this ranks among the most severe vulnerabilities disclosed in 2026. The fact that it is already being exploited in the wild means that working exploit code exists and is in active use by threat actors - including ransomware groups and state-sponsored APT actors known to target African government and financial networks.

Source: The Hacker News

Impact Assessment for East African Organizations

Palo Alto firewalls are a core part of enterprise network perimeters across the Horn of Africa. If your organization runs PAN-OS-based devices - including the PA-Series, VM-Series, or Prisma Access gateways - you are exposed until patched.

The specific risks by sector are significant:

  • Financial Services (Kenya, Ethiopia, Somalia): A compromised perimeter firewall gives attackers direct access to internal banking networks, core banking systems, and interbank payment rails. This puts CBK-regulated institutions at risk of both financial loss and regulatory sanction under the CBK Cybersecurity Guidelines and the Kenya Data Protection Act 2019.
  • Government Agencies: Ministries and public institutions running Palo Alto firewalls could face complete network compromise, exposing citizen data, classified communications, and critical government services. This is especially urgent for GovTech deployments in Kenya's Konza Technocity ecosystem and Ethiopia's digital government initiatives.
  • Power and Energy Utilities: Operational Technology (OT) networks protected by PAN-OS firewalls are at risk of lateral movement attacks that could reach SCADA and industrial control systems - a scenario with physical consequences for power distribution across the region.
  • Telecommunications: Telcos using PAN-OS at network boundaries risk exposure of subscriber data, interconnect systems, and internal management infrastructure.

Given the confirmed active exploitation, the window between now and a regional incident targeting East African infrastructure is very narrow.

Immediate Actions: Do These Now

  • Inventory all PAN-OS devices immediately. Identify every Palo Alto firewall, VM-Series instance, and Prisma Access gateway in your environment. Check firmware versions against the affected versions listed in Palo Alto's official advisory.
  • Apply the vendor patch without delay. Palo Alto Networks has released fixes. Patch all affected devices as a P1 priority - this should not wait for a scheduled maintenance window. Invoke emergency change management procedures.
  • If patching is not immediately possible, apply vendor mitigations. Palo Alto has published workarounds. Enable Threat Prevention signatures and restrict management interface access to trusted IP ranges only as a temporary measure.
  • Review firewall and SIEM logs for indicators of compromise (IOCs) dating back 30 days. Active exploitation means you may already be compromised. Look for anomalous outbound connections, unexpected process execution, and unauthorized configuration changes on PAN-OS devices.
  • Isolate and segment any device you cannot immediately patch. If a device cannot be patched or mitigated right now, take it offline or isolate it from critical internal segments until remediation is complete.

DRONGO Recommendation

DRONGO's SOC team is actively tracking CVE-2026-0300 and can conduct an emergency vulnerability assessment of your PAN-OS environment, review your logs for signs of prior compromise, and guide your patching process end to end. Our team operates across Kenya, Somalia, and Ethiopia and understands your regulatory obligations under local frameworks including the CBK guidelines, NITA-U requirements, and the Kenya DPA 2019.

Is your organization protected? Request a free security assessment.