CVE-2026-0300
Analyzed Analyzed - Analysis Complete
Buffer Overflow in Palo Alto PAN-OS User-ID Authentication Portal

Publication date: 2026-05-06

Last updated on: 2026-05-07

Assigner: Palo Alto Networks, Inc.

Description
A buffer overflow vulnerability in the User-IDβ„’ Authentication Portal (aka Captive Portal) service of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets. The risk of this issue is greatly reduced if you secure access to the User-IDβ„’ Authentication Portal per the best practice guidelines https://knowledgebase.paloaltonetworks.com/KCSArticleDetail by restricting access to only trusted internal IP addresses. Prisma Access, Cloud NGFW and Panorama appliances are not impacted by this vulnerability.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-06
Last Modified
2026-05-07
Generated
2026-06-16
AI Q&A
2026-05-07
EPSS Evaluated
2026-06-14
NVD
CVE-2026-0300
EUVD
EUVD-2026-27879
Affected Vendors & Products
Showing 162 associated CPEs
Vendor Product Version / Range
paloaltonetworks pan-os 10.2.0
paloaltonetworks pan-os 11.1.0
paloaltonetworks pan-os 10.2.7
paloaltonetworks pan-os 10.2.7
paloaltonetworks pan-os 10.2.7
paloaltonetworks pan-os 10.2.7
paloaltonetworks pan-os 10.2.7
paloaltonetworks pan-os 11.2.2
paloaltonetworks pan-os 11.2.4
paloaltonetworks pan-os 10.2.10
paloaltonetworks pan-os 10.2.10
paloaltonetworks pan-os 10.2.10
paloaltonetworks pan-os 10.2.10
paloaltonetworks pan-os 10.2.10
paloaltonetworks pan-os 10.2.10
paloaltonetworks pan-os 10.2.10
paloaltonetworks pan-os 10.2.10
paloaltonetworks pan-os 10.2.13
paloaltonetworks pan-os 10.2.13
paloaltonetworks pan-os 11.1.4
paloaltonetworks pan-os 11.1.4
paloaltonetworks pan-os 11.1.4
paloaltonetworks pan-os 10.2.7
paloaltonetworks pan-os 10.2.7
paloaltonetworks pan-os 10.2.7
paloaltonetworks pan-os 11.1.4
paloaltonetworks pan-os 10.2.7
paloaltonetworks pan-os 10.2.13
paloaltonetworks pan-os 11.1.6
paloaltonetworks pan-os 11.2.4
paloaltonetworks pan-os 11.2.4
paloaltonetworks pan-os 11.1.4
paloaltonetworks pan-os 10.2.8
paloaltonetworks pan-os 10.2.10
paloaltonetworks pan-os 10.2.10
paloaltonetworks pan-os 11.1.5
paloaltonetworks pan-os 11.1.3
paloaltonetworks pan-os 11.1.1
paloaltonetworks pan-os 11.1.7
paloaltonetworks pan-os 11.1.7
paloaltonetworks pan-os 10.2.10
paloaltonetworks pan-os 10.2.10
paloaltonetworks pan-os 10.2.10
paloaltonetworks pan-os 10.2.10
paloaltonetworks pan-os 10.2.13
paloaltonetworks pan-os 10.2.13
paloaltonetworks pan-os 10.2.13
paloaltonetworks pan-os 10.2.13
paloaltonetworks pan-os 10.2.13
paloaltonetworks pan-os 10.2.13
paloaltonetworks pan-os 10.2.16
paloaltonetworks pan-os 10.2.16
paloaltonetworks pan-os 10.2.16
paloaltonetworks pan-os 10.2.18
paloaltonetworks pan-os 10.2.7
paloaltonetworks pan-os 11.1.10
paloaltonetworks pan-os 11.1.10
paloaltonetworks pan-os 11.1.10
paloaltonetworks pan-os 11.1.10
paloaltonetworks pan-os 11.1.10
paloaltonetworks pan-os 11.1.4
paloaltonetworks pan-os 11.1.4
paloaltonetworks pan-os 11.1.4
paloaltonetworks pan-os 11.1.4
paloaltonetworks pan-os 11.1.4
paloaltonetworks pan-os 11.1.6
paloaltonetworks pan-os 11.1.6
paloaltonetworks pan-os 11.1.6
paloaltonetworks pan-os 11.1.6
paloaltonetworks pan-os 11.1.6
paloaltonetworks pan-os 11.1.6
paloaltonetworks pan-os 11.1.6
paloaltonetworks pan-os 11.1.6
paloaltonetworks pan-os 11.1.6
paloaltonetworks pan-os 11.1.6
paloaltonetworks pan-os 11.1.6
paloaltonetworks pan-os 11.1.6
paloaltonetworks pan-os 11.1.6
paloaltonetworks pan-os 11.2.10
paloaltonetworks pan-os 11.2.10
paloaltonetworks pan-os 11.2.4
paloaltonetworks pan-os 11.2.4
paloaltonetworks pan-os 11.2.4
paloaltonetworks pan-os 11.2.4
paloaltonetworks pan-os 11.2.4
paloaltonetworks pan-os 11.2.4
paloaltonetworks pan-os 11.2.4
paloaltonetworks pan-os 11.2.4
paloaltonetworks pan-os 11.2.4
paloaltonetworks pan-os 11.2.7
paloaltonetworks pan-os 11.2.7
paloaltonetworks pan-os 11.2.7
paloaltonetworks pan-os 11.2.7
paloaltonetworks pan-os 11.2.7
paloaltonetworks pan-os 11.2.7
paloaltonetworks pan-os 12.1.2
paloaltonetworks pan-os 11.1.6
paloaltonetworks pan-os 11.1.4
paloaltonetworks pan-os 11.2.4
paloaltonetworks pan-os 10.2.17
paloaltonetworks pan-os 10.2.1
paloaltonetworks pan-os 10.2.10
paloaltonetworks pan-os 10.2.10
paloaltonetworks pan-os 10.2.11
paloaltonetworks pan-os 10.2.12
paloaltonetworks pan-os 10.2.13
paloaltonetworks pan-os 10.2.14
paloaltonetworks pan-os 10.2.15
paloaltonetworks pan-os 10.2.16
paloaltonetworks pan-os 10.2.18
paloaltonetworks pan-os 10.2.18
paloaltonetworks pan-os 10.2.2
paloaltonetworks pan-os 10.2.3
paloaltonetworks pan-os 10.2.4
paloaltonetworks pan-os 10.2.5
paloaltonetworks pan-os 10.2.6
paloaltonetworks pan-os 10.2.7
paloaltonetworks pan-os 10.2.9
paloaltonetworks pan-os 11.1.2
paloaltonetworks pan-os 11.1.4
paloaltonetworks pan-os 11.1.4
paloaltonetworks pan-os 11.1.6
paloaltonetworks pan-os 11.1.6
paloaltonetworks pan-os 11.1.6
paloaltonetworks pan-os 11.1.10
paloaltonetworks pan-os 11.1.10
paloaltonetworks pan-os 11.1.10
paloaltonetworks pan-os 11.1.10
paloaltonetworks pan-os 11.1.11
paloaltonetworks pan-os 11.1.12
paloaltonetworks pan-os 11.1.13
paloaltonetworks pan-os 11.1.13
paloaltonetworks pan-os 11.1.13
paloaltonetworks pan-os 11.1.13
paloaltonetworks pan-os 11.1.14
paloaltonetworks pan-os 11.1.7
paloaltonetworks pan-os 11.1.7
paloaltonetworks pan-os 11.1.8
paloaltonetworks pan-os 11.1.9
paloaltonetworks pan-os 11.2.0
paloaltonetworks pan-os 11.2.1
paloaltonetworks pan-os 11.2.3
paloaltonetworks pan-os 11.2.10
paloaltonetworks pan-os 11.2.10
paloaltonetworks pan-os 11.2.10
paloaltonetworks pan-os 11.2.10
paloaltonetworks pan-os 11.2.11
paloaltonetworks pan-os 11.2.4
paloaltonetworks pan-os 11.2.5
paloaltonetworks pan-os 11.2.6
paloaltonetworks pan-os 11.2.7
paloaltonetworks pan-os 11.2.7
paloaltonetworks pan-os 11.2.7
paloaltonetworks pan-os 11.2.7
paloaltonetworks pan-os 11.2.8
paloaltonetworks pan-os 11.2.9
paloaltonetworks pan-os 12.1.3
paloaltonetworks pan-os 12.1.4
paloaltonetworks pan-os 12.1.4
paloaltonetworks pan-os 12.1.4
paloaltonetworks pan-os 12.1.5
paloaltonetworks pan-os 12.1.6
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The provided information does not specify how this vulnerability directly affects compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

This vulnerability is a buffer overflow in the User-IDβ„’ Authentication Portal (also known as Captive Portal) service of Palo Alto Networks PAN-OS software. It allows an unauthenticated attacker to send specially crafted packets to the affected firewalls, which can lead to the execution of arbitrary code with root privileges.

The affected devices are PA-Series and VM-Series firewalls. The vulnerability does not impact Prisma Access, Cloud NGFW, or Panorama appliances.

The risk can be greatly reduced by securing access to the User-IDβ„’ Authentication Portal according to best practice guidelines, such as restricting access to trusted internal IP addresses.

Impact Analysis

An attacker exploiting this vulnerability can execute arbitrary code with root privileges on the affected firewall devices. This means the attacker could potentially take full control of the firewall, bypass security controls, disrupt network traffic, or use the firewall as a foothold to attack other parts of the network.

Because the attacker does not need to be authenticated, the attack can be launched remotely by sending specially crafted packets.

Mitigation Strategies

To mitigate this vulnerability, it is recommended to secure access to the User-IDβ„’ Authentication Portal by restricting access to only trusted internal IP addresses as per best practice guidelines.

This reduces the risk of exploitation by limiting exposure of the vulnerable service.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-0300. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart