ACCORDING to Siemens ProductCERT, a buffer overflow vulnerability in the User-ID Authentication Portal (Captive Portal) service of Palo Alto Networks PAN-OS software could allow an unauthenticated attacker to execute arbitrary code with root privileges on PA-Series and VM-Series firewalls by sending specially crafted packets. The following versions of Siemens RUGGEDCOM APE1808 Devices are affected: vers:all/* (CVE-2026-0300), with CVSS v3.1 base score 10 and base severity CRITICAL.
Siemens is preparing fix versions and recommends countermeasures; customers should consult and implement the workarounds in Palo Alto Networks’ upstream security notifications. The advisory notes worldwide deployment of the Siemens RUGGEDCOM APE1808 Devices and identifies the vulnerability as a known-affected product.
Recommended mitigations include disabling Response Pages in the Interface Management Profile on every L3 interface in zones where untrusted traffic can ingress, disabling the User-ID Authentication Portal if not required, and restricting access to the portal to trusted internal IP addresses only. The release date is listed as 19 May 2026.