Description

A buffer overflow vulnerability in the User-ID™ Authentication Portal (aka Captive Portal) service of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets. The risk of this issue is greatly reduced if you secure access to the User-ID™ Authentication Portal per the best practice guidelines https://knowledgebase.paloaltonetworks.com/KCSArticleDetail by restricting access to only trusted internal IP addresses. Prisma Access, Cloud NGFW and Panorama appliances are not impacted by this vulnerability.

INFO

Published Date :

2026-05-06T18:57:39.876Z

Last Modified :

2026-05-07T03:55:34.043Z

Source :

palo_alto
AFFECTED PRODUCTS

The following products are affected by CVE-2026-0300 vulnerability.

Vendors Products
Palo Alto Networks
  • Cloud Ngfw
  • Pan-os
  • Prisma Access
Paloaltonetworks
  • Pa-1410
  • Pa-1420
  • Pa-3410
  • Pa-3420
  • Pa-3430
  • Pa-3440
  • Pa-410
  • Pa-410r
  • Pa-410r-5g
  • Pa-415
  • Pa-415-5g
  • Pa-440
  • Pa-445
  • Pa-450
  • Pa-450r
  • Pa-450r-5g
  • Pa-455
  • Pa-455-5g
  • Pa-455r-5g
  • Pa-460
  • Pa-501
  • Pa-505
  • Pa-510
  • Pa-520
  • Pa-540
  • Pa-5410
  • Pa-5420
  • Pa-5430
  • Pa-5440
  • Pa-5445
  • Pa-545-poe
  • Pa-5450
  • Pa-550
  • Pa-5540
  • Pa-555-poe
  • Pa-5550
  • Pa-5560
  • Pa-5570
  • Pa-5580
  • Pa-560
  • Pa-7500
  • Pa-7500-dpc-a
  • Pan-os
  • Vm-100
  • Vm-300
  • Vm-50
  • Vm-500
  • Vm-700
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-0300.

URL Resource
https://security.paloaltonetworks.com/CVE-2026-0300 cve-icon cve-icon
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-0300 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact