TROYANOSYVIRUS
Retour aux CVEs

CVE-2026-0300

CRITICALCISA KEV
9.8

Description

A buffer overflow vulnerability in the User-ID™ Authentication Portal (aka Captive Portal) service of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets. The risk of this issue is greatly reduced if you secure access to the User-ID™ Authentication Portal per the best practice guidelines https://knowledgebase.paloaltonetworks.com/KCSArticleDetail by restricting access to only trusted internal IP addresses. Prisma Access, Cloud NGFW and Panorama appliances are not impacted by this vulnerability.

Details CVE

Score CVSS v3.19.8
SeveriteCRITICAL
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurNONE
Publie5/6/2026
Derniere modification5/7/2026
Sourcenvd
Observations honeypot0

CISA KEV

FournisseurPalo Alto Networks
ProduitPAN-OS
Nom vulnerabilitePalo Alto Networks PAN-OS Out-of-bounds Write Vulnerability
Date ajout KEV2026-05-06
Date limite remediation2026-05-09
Utilise dans ransomwareUnknown

Produits affectes

paloaltonetworks:pa-1410paloaltonetworks:pa-1420paloaltonetworks:pa-3410paloaltonetworks:pa-3420paloaltonetworks:pa-3430paloaltonetworks:pa-3440paloaltonetworks:pa-410paloaltonetworks:pa-410rpaloaltonetworks:pa-410r-5gpaloaltonetworks:pa-415paloaltonetworks:pa-415-5gpaloaltonetworks:pa-440paloaltonetworks:pa-445paloaltonetworks:pa-450paloaltonetworks:pa-450rpaloaltonetworks:pa-450r-5gpaloaltonetworks:pa-455paloaltonetworks:pa-455-5gpaloaltonetworks:pa-455r-5gpaloaltonetworks:pa-460paloaltonetworks:pa-501paloaltonetworks:pa-505paloaltonetworks:pa-510paloaltonetworks:pa-520paloaltonetworks:pa-540paloaltonetworks:pa-5410paloaltonetworks:pa-5420paloaltonetworks:pa-5430paloaltonetworks:pa-5440paloaltonetworks:pa-5445paloaltonetworks:pa-545-poepaloaltonetworks:pa-5450paloaltonetworks:pa-550paloaltonetworks:pa-5540paloaltonetworks:pa-555-poepaloaltonetworks:pa-5550paloaltonetworks:pa-5560paloaltonetworks:pa-5570paloaltonetworks:pa-5580paloaltonetworks:pa-560paloaltonetworks:pa-7500paloaltonetworks:pa-7500-dpc-apaloaltonetworks:pan-ospaloaltonetworks:vm-100paloaltonetworks:vm-300paloaltonetworks:vm-50paloaltonetworks:vm-500paloaltonetworks:vm-700

Faiblesses (CWE)

CWE-787

References

https://security.paloaltonetworks.com/CVE-2026-0300(psirt@paloaltonetworks.com)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-0300(134c704f-9b21-4f2e-91b3-4a467353bcc0)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.