Vulnerability Details CVE-2026-0300
A buffer overflow vulnerability in the User-ID™ Authentication Portal (aka Captive Portal) service of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets.
The risk of this issue is greatly reduced if you secure access to the User-ID™ Authentication Portal per the best practice guidelines https://knowledgebase.paloaltonetworks.com/KCSArticleDetail by restricting access to only trusted internal IP addresses.
Prisma Access, Cloud NGFW and Panorama appliances are not impacted by this vulnerability.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.045
EPSS Ranking 89.4%
CVSS Severity
CVSS v3 Score 9.8
Proposed Action
Palo Alto Networks PAN-OS contains an out-of-bounds write vulnerability in the User-ID Authentication Portal (aka Captive Portal) service that can allow an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets.
Ransomware Campaign
Unknown
References
Products affected by CVE-2026-0300
-
cpe:2.3:h:paloaltonetworks:pa-1410:-
-
cpe:2.3:h:paloaltonetworks:pa-1420:-
-
cpe:2.3:h:paloaltonetworks:pa-3410:-
-
cpe:2.3:h:paloaltonetworks:pa-3420:-
-
cpe:2.3:h:paloaltonetworks:pa-3430:-
-
cpe:2.3:h:paloaltonetworks:pa-3440:-
-
cpe:2.3:h:paloaltonetworks:pa-410:-
-
cpe:2.3:h:paloaltonetworks:pa-410r-5g:-
-
cpe:2.3:h:paloaltonetworks:pa-410r:-
-
cpe:2.3:h:paloaltonetworks:pa-415-5g:-
-
cpe:2.3:h:paloaltonetworks:pa-415:-
-
cpe:2.3:h:paloaltonetworks:pa-440:-
-
cpe:2.3:h:paloaltonetworks:pa-445:-
-
cpe:2.3:h:paloaltonetworks:pa-450:-
-
cpe:2.3:h:paloaltonetworks:pa-450r-5g:-
-
cpe:2.3:h:paloaltonetworks:pa-450r:-
-
cpe:2.3:h:paloaltonetworks:pa-455-5g:-
-
cpe:2.3:h:paloaltonetworks:pa-455:-
-
cpe:2.3:h:paloaltonetworks:pa-455r-5g:-
-
cpe:2.3:h:paloaltonetworks:pa-460:-
-
cpe:2.3:h:paloaltonetworks:pa-501:-
-
cpe:2.3:h:paloaltonetworks:pa-505:-
-
cpe:2.3:h:paloaltonetworks:pa-510:-
-
cpe:2.3:h:paloaltonetworks:pa-520:-
-
cpe:2.3:h:paloaltonetworks:pa-540:-
-
cpe:2.3:h:paloaltonetworks:pa-5410:-
-
cpe:2.3:h:paloaltonetworks:pa-5420:-
-
cpe:2.3:h:paloaltonetworks:pa-5430:-
-
cpe:2.3:h:paloaltonetworks:pa-5440:-
-
cpe:2.3:h:paloaltonetworks:pa-5445:-
-
cpe:2.3:h:paloaltonetworks:pa-545-poe:-
-
cpe:2.3:h:paloaltonetworks:pa-5450:-
-
cpe:2.3:h:paloaltonetworks:pa-550:-
-
cpe:2.3:h:paloaltonetworks:pa-5540:-
-
cpe:2.3:h:paloaltonetworks:pa-555-poe:-
-
cpe:2.3:h:paloaltonetworks:pa-5550:-
-
cpe:2.3:h:paloaltonetworks:pa-5560:-
-
cpe:2.3:h:paloaltonetworks:pa-5570:-
-
cpe:2.3:h:paloaltonetworks:pa-5580:-
-
cpe:2.3:h:paloaltonetworks:pa-560:-
-
cpe:2.3:h:paloaltonetworks:pa-7500-dpc-a:-
-
cpe:2.3:h:paloaltonetworks:pa-7500:-
-
cpe:2.3:h:paloaltonetworks:vm-100:-
-
cpe:2.3:h:paloaltonetworks:vm-300:-
-
cpe:2.3:h:paloaltonetworks:vm-500:-
-
cpe:2.3:h:paloaltonetworks:vm-50:-
-
cpe:2.3:h:paloaltonetworks:vm-700:-
-
cpe:2.3:h:siemens:ruggedcom_ape1808:-
-
cpe:2.3:o:paloaltonetworks:pan-os:10.2.0
-
cpe:2.3:o:paloaltonetworks:pan-os:10.2.1
-
cpe:2.3:o:paloaltonetworks:pan-os:10.2.10
-
cpe:2.3:o:paloaltonetworks:pan-os:10.2.11
-
cpe:2.3:o:paloaltonetworks:pan-os:10.2.12
-
cpe:2.3:o:paloaltonetworks:pan-os:10.2.13
-
cpe:2.3:o:paloaltonetworks:pan-os:10.2.14
-
cpe:2.3:o:paloaltonetworks:pan-os:10.2.15
-
cpe:2.3:o:paloaltonetworks:pan-os:10.2.16
-
cpe:2.3:o:paloaltonetworks:pan-os:10.2.17
-
cpe:2.3:o:paloaltonetworks:pan-os:10.2.18
-
cpe:2.3:o:paloaltonetworks:pan-os:10.2.2
-
cpe:2.3:o:paloaltonetworks:pan-os:10.2.3
-
cpe:2.3:o:paloaltonetworks:pan-os:10.2.4
-
cpe:2.3:o:paloaltonetworks:pan-os:10.2.5
-
cpe:2.3:o:paloaltonetworks:pan-os:10.2.6
-
cpe:2.3:o:paloaltonetworks:pan-os:10.2.7
-
cpe:2.3:o:paloaltonetworks:pan-os:10.2.8
-
cpe:2.3:o:paloaltonetworks:pan-os:10.2.9
-
cpe:2.3:o:paloaltonetworks:pan-os:11.1.0
-
cpe:2.3:o:paloaltonetworks:pan-os:11.1.1
-
cpe:2.3:o:paloaltonetworks:pan-os:11.1.10
-
cpe:2.3:o:paloaltonetworks:pan-os:11.1.11
-
cpe:2.3:o:paloaltonetworks:pan-os:11.1.12
-
cpe:2.3:o:paloaltonetworks:pan-os:11.1.13
-
cpe:2.3:o:paloaltonetworks:pan-os:11.1.14
-
cpe:2.3:o:paloaltonetworks:pan-os:11.1.2
-
cpe:2.3:o:paloaltonetworks:pan-os:11.1.3
-
cpe:2.3:o:paloaltonetworks:pan-os:11.1.4
-
cpe:2.3:o:paloaltonetworks:pan-os:11.1.5
-
cpe:2.3:o:paloaltonetworks:pan-os:11.1.6
-
cpe:2.3:o:paloaltonetworks:pan-os:11.1.7
-
cpe:2.3:o:paloaltonetworks:pan-os:11.1.8
-
cpe:2.3:o:paloaltonetworks:pan-os:11.1.9
-
cpe:2.3:o:paloaltonetworks:pan-os:11.2.0
-
cpe:2.3:o:paloaltonetworks:pan-os:11.2.1
-
cpe:2.3:o:paloaltonetworks:pan-os:11.2.10
-
cpe:2.3:o:paloaltonetworks:pan-os:11.2.11
-
cpe:2.3:o:paloaltonetworks:pan-os:11.2.2
-
cpe:2.3:o:paloaltonetworks:pan-os:11.2.3
-
cpe:2.3:o:paloaltonetworks:pan-os:11.2.4
-
cpe:2.3:o:paloaltonetworks:pan-os:11.2.5
-
cpe:2.3:o:paloaltonetworks:pan-os:11.2.6
-
cpe:2.3:o:paloaltonetworks:pan-os:11.2.7
-
cpe:2.3:o:paloaltonetworks:pan-os:11.2.8
-
cpe:2.3:o:paloaltonetworks:pan-os:11.2.9
-
cpe:2.3:o:paloaltonetworks:pan-os:12.1.2
-
cpe:2.3:o:paloaltonetworks:pan-os:12.1.3
-
cpe:2.3:o:paloaltonetworks:pan-os:12.1.4
-
cpe:2.3:o:paloaltonetworks:pan-os:12.1.5
-
cpe:2.3:o:paloaltonetworks:pan-os:12.1.6
-
cpe:2.3:o:siemens:ruggedcom_ape1808_firmware:-