TROYANOSYVIRUS
Volver a CVEs

CVE-2026-0300

N/ACISA KEV

Descripcion

A buffer overflow vulnerability in the User-ID™ Authentication Portal (aka Captive Portal) service of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets. The risk of this issue is greatly reduced if you secure access to the User-ID™ Authentication Portal per the best practice guidelines https://knowledgebase.paloaltonetworks.com/KCSArticleDetail by restricting access to only trusted internal IP addresses. Prisma Access, Cloud NGFW and Panorama appliances are not impacted by this vulnerability.

Detalles CVE

Puntuacion CVSS v3.1N/A
Publicado5/6/2026
Ultima modificacion5/7/2026
Fuentenvd
Avistamientos honeypot0

CISA KEV

VendedorPalo Alto Networks
ProductoPAN-OS
Nombre vulnerabilidadPalo Alto Networks PAN-OS Out-of-bounds Write Vulnerability
Fecha inclusion KEV2026-05-06
Fecha limite remediacion2026-05-09
Uso en ransomwareUnknown

Debilidades (CWE)

CWE-787

Referencias

https://security.paloaltonetworks.com/CVE-2026-0300(psirt@paloaltonetworks.com)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-0300(134c704f-9b21-4f2e-91b3-4a467353bcc0)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.