Buffer Overflow Vulnerability in Palo Alto Networks User-ID™ Authentication Portal
CVE-2026-0300

8.7HIGH

Key Information:

Vendor

Palo Alto Networks
Status
Cloud Ngfw
Pan-os
Prisma Access
Vendor
CVE Published:
6 May 2026

Badges

🔥 Trending now📈 Trended📈 Score: 9,670👾 Exploit Exists📰 News Worthy

What is CVE-2026-0300?

CVE-2026-0300 is a critical buffer overflow vulnerability affecting the User-ID™ Authentication Portal, also known as the Captive Portal, within Palo Alto Networks' PAN-OS software. This portal provides authentication services that allow users to gain access to network resources. The vulnerability allows unauthenticated attackers to send specially crafted packets to the service, resulting in the execution of arbitrary code with root privileges on PA-Series and VM-Series firewalls. If exploited, this could lead to complete control over affected firewall devices, directly compromising the security management of an organization's network infrastructure. Organizations relying on these firewalls for secure operations face heightened risks if the vulnerability is not adequately mitigated.

Potential Impact of CVE-2026-0300

  1. Unauthorized Access and Control: Attackers could gain root-level access to firewall devices, allowing them to manipulate firewall rules, access sensitive data, and potentially pivot to other parts of the organization’s network.

  2. Increased Risk of Data Breach: With the capacity for executing arbitrary code, there is a significant risk that attackers could exploit the vulnerability to extract sensitive information, leading to potential data breaches that could impact compliance with regulations and damage organizational reputation.

  3. Network Disruption and Service Outages: The exploitation of this vulnerability could lead to disruptions in network services provided by the firewalls. This could result in downtime and affect the availability of critical applications and services, leading to operational and financial losses for the organization.

Affected Version(s)

PAN-OS 12.1.0 < 12.1.7, 12.1.4-h5

PAN-OS 11.2.0 < 11.2.12, 11.2.10-h6, 11.2.7-h13, 11.2.4-h17

PAN-OS 11.1.0 < 11.1.15, 11.1.13-h5, 11.1.10-h25, 11.1.7-h6, 11.1.6-h32, 11.1.4-h33

News Articles

favicon imageThe Hacker News

Palo Alto PAN-OS Flaw Under Active Exploitation Enables Remote Code Execution

CVE-2026-0300 exploited via public PAN-OS portal before May 13, 2026 patch, enabling root RCE on firewalls.

15 hours ago

favicon imageCybersecuritynews

Critical Palo Alto Firewalls Vulnerability Exploited in the Wild to Gain Root Access

Palo Alto Networks has disclosed a critical buffer overflow vulnerability in PAN-OS software, tracked as CVE-2026-0300, that is already being actively exploited in the wild.

19 hours ago

References

https://security.paloaltonetworks.com/CVE-2026-0300
vendor-advisory

CVSS V4

Score:
8.7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 📈

    Vulnerability started trending

  • 👾

    Exploit known to exist

  • 📰

    First article discovered by Cybersecuritynews

  • Vulnerability published

  • Vulnerability Reserved

.