CVE-2026-0300

⛔ critical

Summary

A buffer overflow vulnerability in the User-ID™ Authentication Portal (aka Captive Portal) service of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets. The risk of this issue is greatly reduced if you secure access to the User-ID™ Authentication Portal per the best practice guidelines https://knowledgebase.paloaltonetworks.com/KCSArticleDetail by r

Description

A buffer overflow vulnerability in the User-ID™ Authentication Portal (aka Captive Portal) service of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets.

The risk of this issue is greatly reduced if you secure access to the User-ID™ Authentication Portal per the best practice guidelines https://knowledgebase.paloaltonetworks.com/KCSArticleDetail by restricting access to only trusted internal IP addresses.

Prisma Access, Cloud NGFW and Panorama appliances are not impacted by this vulnerability.

CVSS Score

9.8

Critical

EPSS Score

5.3

Exploit Probability

Published Date

2026-05-06

First Seen: 2026-05-10

📊 Relative Risk Intelligence

This CVE is Very High Risk - more severe than 90.4% of all 321,136 vulnerabilities in our database.

#30,741

Top 10% most severe

Severity Percentile

🎯 CISA SSVC Assessment Updated: May 6, 2026

🔍 Exploitation Status

Active

Exploits detected in the wild

⚙️ Automatable

YES

Can be exploited automatically

💥 Technical Impact

Total

Complete system compromise possible

SSVC data provided by CISA

Last Modified 2026-05-07

Source NVD 🔗

CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS Vector 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N/E:A/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:C/RE:M/U:Red

CWE IDs (Weakness Types)

CWE-787

📦 Affected Products 51

Vendor	Product	Status	Affected Versions
paloaltonetworks	pan-os	Affected	v10.2.0
paloaltonetworks	pan-os	Affected	v10.2.1
paloaltonetworks	pan-os	Affected	v10.2.10
paloaltonetworks	pan-os	Affected	v10.2.11
paloaltonetworks	pan-os	Affected	v10.2.12
paloaltonetworks	pan-os	Affected	v10.2.13
paloaltonetworks	pan-os	Affected	v10.2.14
paloaltonetworks	pan-os	Affected	v10.2.15
paloaltonetworks	pan-os	Affected	v10.2.16
paloaltonetworks	pan-os	Affected	v10.2.17
paloaltonetworks	pan-os	Affected	v10.2.18
paloaltonetworks	pan-os	Affected	v10.2.2
paloaltonetworks	pan-os	Affected	v10.2.3
paloaltonetworks	pan-os	Affected	v10.2.4
paloaltonetworks	pan-os	Affected	v10.2.5
paloaltonetworks	pan-os	Affected	v10.2.6
paloaltonetworks	pan-os	Affected	v10.2.7
paloaltonetworks	pan-os	Affected	v10.2.8
paloaltonetworks	pan-os	Affected	v10.2.9
paloaltonetworks	pan-os	Affected	v11.1.0
paloaltonetworks	pan-os	Affected	v11.1.1
paloaltonetworks	pan-os	Affected	v11.1.10
paloaltonetworks	pan-os	Affected	v11.1.11
paloaltonetworks	pan-os	Affected	v11.1.12
paloaltonetworks	pan-os	Affected	v11.1.13
paloaltonetworks	pan-os	Affected	v11.1.14
paloaltonetworks	pan-os	Affected	v11.1.2
paloaltonetworks	pan-os	Affected	v11.1.3
paloaltonetworks	pan-os	Affected	v11.1.4
paloaltonetworks	pan-os	Affected	v11.1.5
paloaltonetworks	pan-os	Affected	v11.1.6
paloaltonetworks	pan-os	Affected	v11.1.7
paloaltonetworks	pan-os	Affected	v11.1.8
paloaltonetworks	pan-os	Affected	v11.1.9
paloaltonetworks	pan-os	Affected	v11.2.0
paloaltonetworks	pan-os	Affected	v11.2.1
paloaltonetworks	pan-os	Affected	v11.2.10
paloaltonetworks	pan-os	Affected	v11.2.11
paloaltonetworks	pan-os	Affected	v11.2.2
paloaltonetworks	pan-os	Affected	v11.2.3
paloaltonetworks	pan-os	Affected	v11.2.4
paloaltonetworks	pan-os	Affected	v11.2.5
paloaltonetworks	pan-os	Affected	v11.2.6
paloaltonetworks	pan-os	Affected	v11.2.7
paloaltonetworks	pan-os	Affected	v11.2.8
paloaltonetworks	pan-os	Affected	v11.2.9
paloaltonetworks	pan-os	Affected	v12.1.2
paloaltonetworks	pan-os	Affected	v12.1.3
paloaltonetworks	pan-os	Affected	v12.1.4
paloaltonetworks	pan-os	Affected	v12.1.5
paloaltonetworks	pan-os	Affected	v12.1.6

🔗 References 2

https://security.paloaltonetworks.com/CVE-2026-0300

Mitigation Vendor Advisory

https://www.cisa.gov/known-exploited-vulnerabilities...

US Government Resource

🔗 Related CVEs 6

CVE ID	Severity	CVSS	EPSS	Summary	Published
CVE-2026-0227	⚠️ high	7.5	0.1	A vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to cause a denial of service (...	2026-01-15
CVE-2025-4614	ℹ️ low	2.7	0.1	An information disclosure vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator t...	2025-10-09
CVE-2025-4615	⚠️ high	7.2	0.1	An improper input neutralization vulnerability in the management web interface of the Palo Alto Networks PAN-OS® softwa...	2025-10-09
CVE-2025-4231	⚠️ high	7.2	0.1	A command injection vulnerability in Palo Alto Networks PAN-OS® enables an authenticated administrative user to perform...	2025-06-13
CVE-2025-0130	⚠️ high	7.5	0.1	A missing exception check in Palo Alto Networks PAN-OS® software with the web proxy feature enabled allows an unauthent...	2025-05-14
CVE-2025-0124	ℹ️ low	3.8	0.5	An authenticated file deletion vulnerability in the Palo Alto Networks PAN-OS® software enables an authenticated attack...	2025-04-11

These CVEs affect the same products