CVE-2026-0300

UNKNOWN 0.0

⚠️ CISA KEV

PAN-OS: Unauthenticated user initiated Buffer Overflow Vulnerability in User-ID™ Authentication Portal

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

A buffer overflow vulnerability in the User-ID™ Authentication Portal (aka Captive Portal) service of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets. The risk of this issue is greatly reduced if you secure access to the User-ID™ Authentication Portal per the best practice guidelines https://knowledgebase.paloaltonetworks.com/KCSArticleDetail by restricting access to only trusted internal IP addresses. Prisma Access, Cloud NGFW and Panorama appliances are not impacted by this vulnerability.

CWE	CWE-787
Vendor	palo alto networks
Product	cloud ngfw
Published	May 6, 2026
Last Updated	May 6, 2026

⚠️ Actively Exploited — Act Now

Get instant alerts for palo alto networks cloud ngfw

This vulnerability is actively exploited in the wild. Set up free real-time alerts so you're first to know about threats like CVE-2026-0300.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Palo Alto Networks / Cloud NGFW

All versions affected

Palo Alto Networks / PAN-OS

12.1.0 < 12.1.7, 12.1.4-h5 11.2.0 < 11.2.12, 11.2.10-h6, 11.2.7-h13, 11.2.4-h17 11.1.0 < 11.1.15, 11.1.13-h5, 11.1.10-h25, 11.1.7-h6, 11.1.6-h32, 11.1.4-h33 10.2.0 < 10.2.18-h6, 10.2.16-h7, 10.2.13-h21, 10.2.10-h36, 10.2.7-h34

Palo Alto Networks / Prisma Access

All versions affected

References

NVD ↗ CVE.org ↗ EPSS Data ↗

security.paloaltonetworks.com: https://security.paloaltonetworks.com/CVE-2026-0300 cisa.gov: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-0300