THE Known Exploited Vulnerabilities (KEV) Catalog lists CVE-2026-0300 as a Palo Alto Networks PAN-OS vulnerability described as an out-of-bounds write that can allow an unauthenticated attacker to execute arbitrary code with root privileges on PA-Series and VM-Series firewalls by sending specially crafted packets. According to the entry, it is Unknown whether this vulnerability has been used in ransomware campaigns.
Action recommendations include applying vendor mitigations, following applicable guidance for cloud services, or discontinuing use of the product if mitigations are unavailable; a workaround is to restrict access to the User-ID Authentication Portal to trusted zones or to disable the portal if not required. The KEV catalog entry notes the date added as 6 May 2026 and the due date as 9 May 2026. Additional references are provided to Palo Alto Networks and NIST's NVD pages for CVE-2026-0300.