CVE-2026-0300

CriticalCISA KEVActive Exploitation

Published: 06 May 2026

Published

06 May 2026

Modified

07 May 2026

KEV Added

06 May 2026

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0465 89.4th percentile

Risk Priority 42 60% EPSS · 20% KEV · 20% CVSS

Description

A buffer overflow vulnerability in the User-ID™ Authentication Portal (aka Captive Portal) service of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted…

packets. The risk of this issue is greatly reduced if you secure access to the User-ID™ Authentication Portal per the best practice guidelines https://knowledgebase.paloaltonetworks.com/KCSArticleDetail by restricting access to only trusted internal IP addresses. Prisma Access, Cloud NGFW and Panorama appliances are not impacted by this vulnerability.

Likely Mitigating ControlsAI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

SI-16 Memory Protection

addresses: CWE-787

Out-of-bounds writes that corrupt control flow or inject shellcode are rendered non-executable by the same memory protections.

Security SummaryAI

Automated synthesis unavailable for this CVE.

Details

CWE(s): CWE-787
KEV Date Added: 06 May 2026

Affected Products

paloaltonetworks

pan-os

10.2.0, 10.2.1, 10.2.10, 10.2.11, 10.2.12

References

https://security.paloaltonetworks.com/CVE-2026-0300
Mitigation, Vendor Advisory · psirt@paloaltonetworks.com
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-0300
US Government Resource · 134c704f-9b21-4f2e-91b3-4a467353bcc0