A critical zero-day vulnerability, designated as CVE-2026-0300, has been discovered in the PAN-OS User-ID Authentication Portal, allowing for unauthenticated remote code execution. This buffer overflow vulnerability can be exploited to gain control of affected systems, posing a significant threat to network security. The vulnerability is particularly concerning as it can be exploited without the need for authentication, making it a high-priority issue for organizations to address. As a result, the active attack surface has expanded, and organizations should prioritize mitigation based on their exposure and evidence of exploitation1. The disclosure of CVE-2026-0300 highlights the importance of timely patching and vulnerability management to prevent potential attacks. This vulnerability matters to practitioners as it underscores the need for proactive security measures to protect against zero-day exploits, particularly in systems with exposed PAN-OS Captive Portal components.
Threat Brief: Exploitation of PAN-OS Captive Portal Zero-Day for Unauthenticated Remote Code Execution
⚠️ Critical Alert
Why This Matters
CVE-2026-0300 disclosure expands the active attack surface — prioritize based on your exposure and exploitation evidence.
References
- Palo Alto Unit42. (2026, May 7). Threat Brief: Exploitation of PAN-OS Captive Portal Zero-Day for Unauthenticated Remote Code Execution. *Unit 42*. https://unit42.paloaltonetworks.com/captive-portal-zero-day/
Original Source
Palo Alto Unit42
Read original →