CVE-2026-0300: Palo Alto Networks PAN-OS

What is CVE-2026-0300?

Palo Alto Networks PAN-OS contains an out-of-bounds write vulnerability in the User-ID Authentication Portal (aka Captive Portal) service that can allow an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets.

CVSS9.8 NVD 3.1

SeverityCRITICAL

Exploitation In the wild In CISA KEV

Triage statusActive Exploit

ActionPatch immediately

CVSS vectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA Known Exploited Vulnerability

Palo Alto Networks PAN-OS Out-of-bounds Write Vulnerability

Added to KEV2026-05-06

Federal patch deadline2026-05-09

Known ransomware useUnknown

Affected product

Palo Alto Networks PAN-OS

Remediation Steps

Obtain and review security advisory from vendor or CISA
Prioritize patching based on exposed asset inventory and business criticality
Verify all systems are updated and validated
Monitor for related indicators of compromise
Document patching timeline and completion status

References

Coverage on defend.network

Vulnerability Priority Report – Week 2 of May 2026 (May 11 – 17)
Palo Alto & Ivanti EPMM RCE exploited; PCPJack worm hits cloud (2026-05-08)
vm2, Palo Alto, DAEMON Tools exploited; Iran APT false-flag operations (2026-05-07)

🤖 This CVE page is generated by defend.network from NVD, CISA KEV, EPSS, and our verified daily briefings. Severity and exploitation data come from official sources; always verify remediation steps against the official vendor advisory before acting in production.