thehackernews.com 5/6/2026, 7:46:19 AM · via preferred

Critical PANOS flaw lets hackers run code via exposed portal

Developing story vulnerability 12 articles tracked
Palo Alto PAN-OS Captive Portal zero‑day (CVE-2026-0300) exploited in the wild
CyberSIXT Evidence Panel
CISA KEV Not in KEV
Patch Patch Status Unknown

PALO Alto Networks has warned of a critical buffer overflow in PAN-OS’s User-ID Authentication Portal (captured as CVE-2026-0300) that enables unauthenticated remote code execution on PA-Series and VM-Series firewalls. The vulnerability carries a CVSS score of 9.3 when the portal is exposed to the internet or an untrusted network, and 8.7 if access is limited to trusted internal IPs.

According to Palo Alto Networks, the flaw is already under limited exploitation, targeting instances where the User-ID Authentication Portal is publicly accessible, with PAN-OS versions affected including 12.1, 11.2, 11.1 and 10.2 families listed in the advisory. The issue is unpatched at present, with fixes slated to begin rolling out from 13 May 2026. In the meantime, customers are advised to restrict access to the User-ID Authentication Portal to trusted zones or disable the portal if not required.

View Primary Source Via thehackernews.com

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline