TROYANOSYVIRUS
Zuruck zu CVEs

CVE-2026-0300

N/ACISA KEV

Beschreibung

A buffer overflow vulnerability in the User-ID™ Authentication Portal (aka Captive Portal) service of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets. The risk of this issue is greatly reduced if you secure access to the User-ID™ Authentication Portal per the best practice guidelines https://knowledgebase.paloaltonetworks.com/KCSArticleDetail by restricting access to only trusted internal IP addresses. Prisma Access, Cloud NGFW and Panorama appliances are not impacted by this vulnerability.

CVE Details

CVSS v3.1 BewertungN/A
Veroffentlicht5/6/2026
Zuletzt geandert5/7/2026
Quellenvd
Honeypot-Sichtungen0

CISA KEV

HerstellerPalo Alto Networks
ProduktPAN-OS
SchwachstellennamePalo Alto Networks PAN-OS Out-of-bounds Write Vulnerability
KEV Aufnahmedatum2026-05-06
Behebungsfrist2026-05-09
Ransomware-NutzungUnknown

Schwachen (CWE)

CWE-787

Referenzen

https://security.paloaltonetworks.com/CVE-2026-0300(psirt@paloaltonetworks.com)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-0300(134c704f-9b21-4f2e-91b3-4a467353bcc0)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.