ThreatLevelBeta
Fix Soon

CVE-2026-0300

Remote Code Execution in Palo Alto Networks PAN-OS
Loading...

Summary

PAN-OS's User-ID Authentication Portal (Captive Portal) has a buffer overflow that lets an unauthenticated remote attacker send crafted packets and run code as root on affected PA-Series and VM-Series firewalls. Palo Alto says the vulnerable path is exposed only when the portal is enabled and its response pages are tied to an external or internet-accessible interface management profile. Unit 42 reported limited in-the-wild exploitation, including shellcode injection into an nginx worker process and follow-on log cleanup.

Why Fix Soon?

5/6
No authentication required
Commonly internet-facing deployment
No user interaction needed
Not exploitable in default configuration
Active exploitation in the wild
High impact vulnerability

Exploitation Details

Type
RCE (Remote Code Execution)
Is exploitable with default configuration?
No
Is authentication needed?
No
PoC / Exploit
Yes
github.comgithub.com
Impact

Execute arbitrary code as root on the firewall.

Full System Compromise
Exploitation Requirements
  • User-ID Authentication Portal enabled
  • Response Pages enabled in the interface management profile
  • Portal attached to an external or internet-accessible interface
Exploitation Process

An attacker targets a PAN-OS firewall where the User-ID Authentication Portal is enabled and reachable through an interface management profile with response pages turned on. They send specially crafted packets to the portal service, using the exposed web-facing authentication flow on the portal ports to trigger a buffer overflow. If successful, the attacker gains root-level code execution on the firewall and can then deploy tunneling tools, enumerate the environment, and erase logs.

Detection Resources
Manual Detection
security.paloaltonetworks.com
1
Script Detection
github.comgithub.com
2
Scanner Detection
Tenable Nessus
1

Affected Software

Vendor:Palo Alto Networks
ProductAffected Versions
PAN-OS10.2.0 through 10.2.18-h5, 11.1.0 through 11.1.15, 11.2.0 through 11.2.12, 12.1.0 through 12.1.7 (with branch-specific hotfixes listed in the advisory)
Description

PAN-OS is the operating system for Palo Alto Networks PA-Series and VM-Series firewalls. It provides network security policy enforcement, user identification, threat prevention, logging, and management at the enterprise edge.

Deployment:Commonly internet-facing
|
Protocol:HTTP/HTTPS
|
Ports:6080, 6081, 6082
Affected ComponentUser-ID Authentication Portal (Captive Portal) web service and response-page handling on firewall interfaces.

User-ID Authentication Portal (Captive Portal) web service and response-page handling on firewall interfaces.

Enterprise UsageEstimated likelihood that this vendor/product is deployed in enterprise environments. AI-generated estimation based on market presence, product type and adoption signals — not exact data.
Very Low
Low
Medium
High
Very High
Vendor Size:Big
Remediation
Workaround
Restrict User-ID Authentication Portal access to trusted internal IP addresses and trusted zones, disable Response Pages on any interface that can receive untrusted traffic, or disable the User-ID Authentication Portal if it is not required.

Restrict User-ID Authentication Portal access to trusted internal IP addresses and trusted zones, disable Response Pages on any interface that can receive untrusted traffic, or disable the User-ID Authentication Portal if it is not required.

security.paloaltonetworks.com
Patch

Not available

Update
Upgrade PAN-OS to the first fixed build for your branch, as listed in the advisory: 12.1.4-h5 or 12.1.7; 11.2.4-h17, 11.2.7-h13, 11.2.10-h6, or 11.2.12; 11.1.4-h33, 11.1.6-h32, 11.1.7-h6, 11.1.10-h25, 11.1.13-h5, or 11.1.15; or 10.2.7-h34, 10.2.10-h36, 10.2.13-h21, 10.2.16-h7, or 10.2.18-h6, depending on the release train in use.

Upgrade PAN-OS to the first fixed build for your branch, as listed in the advisory: 12.1.4-h5 or 12.1.7; 11.2.4-h17, 11.2.7-h13, 11.2.10-h6, or 11.2.12; 11.1.4-h33, 11.1.6-h32, 11.1.7-h6, 11.1.10-h25, 11.1.13-h5, or 11.1.15; or 10.2.7-h34, 10.2.10-h36, 10.2.13-h21, 10.2.16-h7, or 10.2.18-h6, depending on the release train in use.

security.paloaltonetworks.com
Threat Intelligence
EPSS Score14.9%

Probability of exploitation in the next 30 days

EPSS Percentile95%

Worse than 95% of all CVEs

Last updated: Loading...
CISAKEV
CISA KEV
Listed
Loading...
Active Exploitation
Active
security.paloaltonetworks.com
Threat Actors1
CL-STA-1132

likely state-sponsored cluster targeting exposed PAN-OS firewalls

Detection Rules2
Other
Alert on PAN-OS User-ID Authentication Portal exploitation followed by nginx worker crashes, core-dump deletion, or other rapid log-cleanup behavior on the firewall.
Other
Alert on creation or execution of /var/tmp/linuxap, /var/tmp/linuxda, /var/tmp/linuxupdate, /tmp/R5, /var/R5, or /tmp/.c after suspected portal exploitation.

NVD Data

Published: Loading...Modified: Loading...

Description Summary

A buffer overflow vulnerability in the User-ID™ Authentication Portal (aka Captive Portal) service of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets. The risk of this issue is greatly reduced if you secure access to the User-ID™ Authentication Portal per the best practice guidelines https://knowledgebase.paloaltonetworks.com/KCSArticleDetail by restricting access to only trusted internal IP addresses. Prisma Access, Cloud NGFW and Panorama appliances are not impacted by this vulnerability.

CVSS Base Score

9.8
Critical

CVSS Vector (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Attack Vector (AV)
Physical
Local
Adjacent
Network
Attack Complexity (AC)
High
Low
Privileges Required (PR)
High
Low
None
User Interaction (UI)
Required
None
Scope (S)
Unchanged
Changed
Confidentiality (C)
None
Low
High
Integrity (I)
None
Low
High
Availability (A)
None
Low
High
CWE:CWE-787 Out-of-bounds Write
|
NVD:CVE-2026-0300
|
Version From:
|
Version Upto:

Affected Software (CPE) (162)

  • cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:*:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:*:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:*:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:*:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:*:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:*:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:*:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:-:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h1:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h12:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h16:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h19:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h21:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h24:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h3:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h32:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h6:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h8:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:*:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:*:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:-:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h10:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h12:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h14:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h17:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h18:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h2:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h21:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h27:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h3:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h30:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h31:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h4:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h5:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h7:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h9:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:*:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:*:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:-:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h1:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h10:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h16:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h18:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h2:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h3:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h4:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h5:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h7:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.2.14:*:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.2.15:*:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.2.16:-:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.2.16:h1:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.2.16:h4:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.2.16:h6:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.2.17:-:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.2.18:-:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.2.18:h1:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.2.18:h5:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:*:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:11.1.1:*:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:*:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:*:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:-:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h1:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h13:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h15:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h16:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h17:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h18:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h25:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h27:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h32:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h4:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h7:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h9:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:11.1.5:*:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:-:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h1:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h10:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h14:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h17:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h19:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h2:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h20:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h21:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h22:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h23:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h25:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h29:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h3:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h4:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h5:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h6:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h7:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:11.1.7:-:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:11.1.7:h1:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:11.1.7:h2:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:11.1.7:h4:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:11.1.8:*:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:11.1.9:*:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:-:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:h1:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:h10:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:h12:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:h21:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:h4:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:h5:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:h7:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:h9:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:11.1.11:*:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:11.1.12:*:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:11.1.13:-:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:11.1.13:h1:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:11.1.13:h2:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:11.1.13:h3:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:11.1.14:-:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:11.2.0:*:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:11.2.1:*:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:11.2.2:*:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:11.2.3:*:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:-:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h1:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h10:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h11:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h12:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h14:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h15:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h2:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h4:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h5:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h6:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h7:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h8:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h9:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:11.2.5:*:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:11.2.6:*:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:-:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h1:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h10:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h11:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h12:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h2:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h3:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h4:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h7:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h8:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:11.2.8:*:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:11.2.9:*:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:11.2.10:-:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:11.2.10:h1:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:11.2.10:h2:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:11.2.10:h3:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:11.2.10:h4:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:11.2.10:h5:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:11.2.11:-:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:12.1.2:*:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:12.1.3:*:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:12.1.4:-:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:12.1.4:h2:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:12.1.4:h3:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:12.1.5:-:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:12.1.6:-:*:*:*:*:*:*

Sources

9
SourceArticle
security.paloaltonetworks.comPAN-OS: Unauthenticated user initiated Buffer Overflow Vulnerability in User-ID Authentication Portal
unit42.paloaltonetworks.comThreat Brief: Exploitation of PAN-OS Captive Portal Zero-Day for Unauthenticated Remote Code Execution
nvd.nist.govCVE-2026-0300 Detail
cisa.govKnown Exploited Vulnerabilities Catalog
tenable.comCVE-2026-0300
bleepingcomputer.comPalo Alto Networks firewall zero-day exploited for nearly a month
github.comCVE-2026-0300-POC
github.comCVE-2026-0300
github.comPAN-OS-User-ID-Buffer-Overflow-PoC

Priority History

Planned FixLoading...

Initial analysis

Fix SoonLoading...

Elevated — new exploitation evidence confirmed