Detections
Analytics
CVE-2026-0300
critical
Description
A buffer overflow vulnerability in the User-ID™ Authentication Portal (aka Captive Portal) service of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets. The risk of this issue is greatly reduced if you secure access to the User-ID™ Authentication Portal per the best practice guidelines https://knowledgebase.paloaltonetworks.com/KCSArticleDetail by restricting access to only trusted internal IP addresses. Prisma Access, Cloud NGFW and Panorama appliances are not impacted by this vulnerability.
References
https://unit42.paloaltonetworks.com/captive-portal-zero-day/
https://thehackernews.com/2026/05/pan-os-rce-exploit-under-active-use.html
https://www.securityweek.com/palo-alto-networks-to-patch-zero-day-exploited-to-hack-firewalls/
https://www.databreachtoday.com/palo-alto-firewalls-being-exploited-no-patch-yet-available-a-31612
https://therecord.media/palo-alto-warns-of-critical-software-bug-firewalls
https://thehackernews.com/2026/05/palo-alto-pan-os-flaw-under-active.html
https://cyberscoop.com/palo-alto-networks-pan-os-firewall-zero-day-vulnerability-exploited/
Details
Published: 2026-05-06
Updated: 2026-05-12
Known Exploited Vulnerability (KEV)
Risk Information
CVSS v2
Base Score: 10
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
Severity: Critical
CVSS v3
Base Score: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: Critical
CVSS v4
Base Score: 9.3
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N
Severity: Critical
EPSS
EPSS: 0.0465
Vulnerability Watch
Tenable Research has classified this CVE under the following Vulnerability Watch classification, which includes active and historical (inactive) classifications. You can learn more about these classifications on our blog.
Vulnerability of Interest