CVE-2026-0300

UNKNOWN 0.0

⚠️ CISA KEV

PAN-OS: Unauthenticated user initiated Buffer Overflow Vulnerability in User-ID™ Authentication Portal

CVSS Score

0.0

EPSS Score

4.9%

EPSS Percentile

90th

A buffer overflow vulnerability in the User-ID™ Authentication Portal (aka Captive Portal) service of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets. The risk of this issue is greatly reduced if you secure access to the User-ID™ Authentication Portal per the best practice guidelines https://knowledgebase.paloaltonetworks.com/KCSArticleDetail by restricting access to only trusted internal IP addresses. Prisma Access, Cloud NGFW and Panorama appliances are not impacted by this vulnerability.

CWE	CWE-787
Vendor	palo alto networks
Product	cloud ngfw
Published	May 6, 2026
Last Updated	Jun 9, 2026

⚠️ Actively Exploited — Act Now

Get instant alerts for palo alto networks cloud ngfw

This vulnerability is actively exploited in the wild. Set up free real-time alerts so you're first to know about threats like CVE-2026-0300.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Palo Alto Networks / Cloud NGFW

All versions affected

Palo Alto Networks / PAN-OS

12.1.0 < 12.1.7 11.2.0 < 11.2.12 11.1.0 < 11.1.15 10.2.0 < 10.2.18-h6

Palo Alto Networks / Prisma Access

All versions affected

References

NVD ↗ CVE.org ↗ EPSS Data ↗

security.paloaltonetworks.com: https://security.paloaltonetworks.com/CVE-2026-0300 cisa.gov: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-0300 cert-portal.siemens.com: https://cert-portal.siemens.com/productcert/html/ssa-967325.html