A critical buffer overflow vulnerability, designated as CVE-2026-0300, has been discovered in the User-ID Authentication Portal of Palo Alto Networks' PAN-OS, affecting PA-Series and VM-Series firewall appliances. This vulnerability, which carries a CVSSv4 score of 9.3, allows for unauthenticated exploitation and has been confirmed by the vendor to be exploited in the wild1. The affected component, also known as Captive Portal, is a non-default feature used for user authentication. Prisma Access, Cloud NGFW, and Panorama appliances are not impacted by this vulnerability. The high severity of this vulnerability necessitates immediate attention, particularly given its active exploitation. So what matters to practitioners is that they must promptly assess their systems and apply the necessary patches to prevent potential breaches, given the vulnerability's confirmed exploitation status.
Critical Buffer Overflow in Palo Alto Networks PAN-OS User-ID Authentication Portal (CVE-2026-0300)
⚠️ Critical Alert
Why This Matters
CVE-2026-0300 is in active discussion involving Palo Alto — exploitation status determines whether this is patch-now or monitor.
References
- Rapid7. (2026, May 6). Critical Buffer Overflow in Palo Alto Networks PAN-OS User-ID Authentication Portal (CVE-2026-0300). Rapid7 Blog. https://www.rapid7.com/blog/post/etr-critical-buffer-overflow-in-palo-alto-networks-pan-os-user-id-authentication-portal-cve-2026-0300
Original Source
Rapid7 Blog
Read original →