CVE-2026-0300
PAN-OS: Unauthenticated user initiated Buffer Overflow Vulnerability in User-ID™ Authentication Portal
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- November 03, 2025
- Published Date
- May 06, 2026
- Last Updated
- May 12, 2026
- Vendor
- Palo Alto Networks
- Product
- Cloud NGFW, PAN-OS, Prisma Access
- Description
- A buffer overflow vulnerability in the User-ID™ Authentication Portal (aka Captive Portal) service of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets. The risk of this issue is greatly reduced if you secure access to the User-ID™ Authentication Portal per the best practice guidelines https://knowledgebase.paloaltonetworks.com/KCSArticleDetail by restricting access to only trusted internal IP addresses. Prisma Access, Cloud NGFW and Panorama appliances are not impacted by this vulnerability.
- Tags
- Exploitation
- active
- Automatable
- Yes
- Technical Impact
- total
- Exploited in the Wild
- Yes (2026-06-01 13:26:25 UTC) Source
cisa
CVSS Scores
CVSS v4.0
9.3 - CRITICAL
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N/E:A/AU:Y/R:U/V:C/RE:M/U:Red
SSVC Information
Exploit Status
Known Exploited Vulnerability Information
| Source | Added Date |
|---|---|
| CVE | 2026-06-01 13:26:25 UTC |
Recent Mentions
CVE-2026-0300 PAN-OS: Unauthenticated user initiated Buffer Overflow Vulnerability in User-ID™ Authentication Portal (Severity: CRITICAL)
Source: Palo Alto Networks Security Advisories • Published: 2026-05-28 00:00:00 UTC
Timeline
-
CVE ID Reserved
-
CVE Published to Public
-
Added to KEVIntel