CVE-2026-0300

N/ACISA KEV

Descricao

A buffer overflow vulnerability in the User-ID™ Authentication Portal (aka Captive Portal) service of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets. The risk of this issue is greatly reduced if you secure access to the User-ID™ Authentication Portal per the best practice guidelines https://knowledgebase.paloaltonetworks.com/KCSArticleDetail by restricting access to only trusted internal IP addresses. Prisma Access, Cloud NGFW and Panorama appliances are not impacted by this vulnerability.

Detalhes CVE

Pontuacao CVSS v3.1N/A

Publicado5/6/2026

Ultima modificacao5/7/2026

Fontenvd

Avistamentos honeypot0

CISA KEV

FornecedorPalo Alto Networks

ProdutoPAN-OS

Nome da vulnerabilidadePalo Alto Networks PAN-OS Out-of-bounds Write Vulnerability

Data inclusao KEV2026-05-06

Prazo de remediacao2026-05-09

Uso em ransomwareUnknown

Fraquezas (CWE)

CWE-787

Referencias

https://security.paloaltonetworks.com/CVE-2026-0300(psirt@paloaltonetworks.com)

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-0300(134c704f-9b21-4f2e-91b3-4a467353bcc0)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.