CVE-2026-0300

Published: May 6, 2026

Modified: May 12, 2026

PUBLISHED

Description

A buffer overflow vulnerability in the User-ID™ Authentication Portal (aka Captive Portal) service of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets. The risk of this issue is greatly reduced if you secure access to the User-ID™ Authentication Portal per the best practice guidelines https://knowledgebase.paloaltonetworks.com/KCSArticleDetail by restricting access to only trusted internal IP addresses. Prisma Access, Cloud NGFW and Panorama appliances are not impacted by this vulnerability.

Vendor	Product	Versions
Palo Alto Networks	Cloud NGFW	unaffected `All`
Palo Alto Networks	PAN-OS	affected `12.1.0 - < 12.1.7` affected `11.2.0 - < 11.2.12` affected `11.1.0 - < 11.1.15` affected `10.2.0 - < 10.2.18-h6`
Palo Alto Networks	Prisma Access	unaffected `All`

Weaknesses (CWE)

CWE-787

References

https://security.paloaltonetworks.com/CVE-2026-0300

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2026-0300

Description

Affected Products

Weaknesses (CWE)

References