CVE Catalog

CVE-2026-0300

Critical
Published: Translated: NVD NIST

Summary

CVE-2026-0300 describes a buffer overflow vulnerability in the User-ID™ Authentication Portal service of Palo Alto Networks PAN-OS software, allowing an unauthenticated attacker to execute arbitrary code with root privileges on PA-Series and VM-Series firewalls by sending specially crafted packets.

Risk Assessment

The risk of this issue is greatly reduced if access to the User-ID™ Authentication Portal is secured according to best practice guidelines, restricting access to only trusted internal IP addresses.

Recommendation

It is recommended to secure access to the User-ID™ Authentication Portal by restricting it to trusted internal IP addresses in accordance with best practice guidelines.

Original NVD description (English source)

A buffer overflow vulnerability in the User-ID™ Authentication Portal (aka Captive Portal) service of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets. The risk of this issue is greatly reduced if you secure access to the User-ID™ Authentication Portal per the best practice guidelines https://knowledgebase.paloaltonetworks.com/KCSArticleDetail by restricting access to only trusted internal IP addresses. Prisma Access, Cloud NGFW and Panorama appliances are not impacted by this vulnerability.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS