1. Home
  2. Vulnerabilities
  3. CVE-2026-0300
Known Exploited Vulnerability
9.8
CRITICAL CVSS 3.1
CVE-2026-0300
Palo Alto Networks PAN-OS Out-of-bounds Write Vulnerability - [Actively Exploited]
Overview
Description

A buffer overflow vulnerability in the User-ID™ Authentication Portal (aka Captive Portal) service of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets. The risk of this issue is greatly reduced if you secure access to the User-ID™ Authentication Portal per the best practice guidelines https://knowledgebase.paloaltonetworks.com/KCSArticleDetail by restricting access to only trusted internal IP addresses. Prisma Access, Cloud NGFW and Panorama appliances are not impacted by this vulnerability.

Details
INFO

Published Date :

May 6, 2026, 7:16 p.m.

Last Modified :

May 12, 2026, 6:47 p.m.

Remotely Exploit :

Yes !

Source :

[email protected]
CISA Notification
CISA KEV (Known Exploited Vulnerabilities)

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild.

Description :

Palo Alto Networks PAN-OS contains an out-of-bounds write vulnerability in the User-ID Authentication Portal (aka Captive Portal) service that can allow an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets.

Required Action :

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Until the vendor releases an official fix, the following workaround should be implemented: - Restrict User-ID Authentication Portal access to only trusted zones. - Disable User-ID Authentication Portal if not required. 5/13/2026: Palo Alto has released a variety of patches. If these are relevant to your environment, please apply the designated patch.

Known Ransomware Campaign Use:

Unknown

Notes :

https://security.paloaltonetworks.com/CVE-2026-0300 ; https://nvd.nist.gov/vuln/detail/CVE-2026-0300

Impact
Affected Products

The following products are affected by CVE-2026-0300 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Paloaltonetworks pan-os
2 Paloaltonetworks pa-5410
3 Paloaltonetworks pa-5420
4 Paloaltonetworks pa-5430
5 Paloaltonetworks pa-5440
6 Paloaltonetworks pa-5445
7 Paloaltonetworks pa-1410
8 Paloaltonetworks pa-1420
9 Paloaltonetworks pa-3410
10 Paloaltonetworks pa-3420
11 Paloaltonetworks pa-3430
12 Paloaltonetworks pa-3440
13 Paloaltonetworks pa-410
14 Paloaltonetworks pa-410r
15 Paloaltonetworks pa-410r-5g
16 Paloaltonetworks pa-415
17 Paloaltonetworks pa-415-5g
18 Paloaltonetworks pa-440
19 Paloaltonetworks pa-445
20 Paloaltonetworks pa-450
21 Paloaltonetworks pa-450r
22 Paloaltonetworks pa-450r-5g
23 Paloaltonetworks pa-455
24 Paloaltonetworks pa-455-5g
25 Paloaltonetworks pa-455r-5g
26 Paloaltonetworks pa-460
27 Paloaltonetworks pa-501
28 Paloaltonetworks pa-505
29 Paloaltonetworks pa-510
30 Paloaltonetworks pa-520
31 Paloaltonetworks pa-540
32 Paloaltonetworks pa-545-poe
33 Paloaltonetworks pa-5450
34 Paloaltonetworks pa-550
35 Paloaltonetworks pa-5540
36 Paloaltonetworks pa-555-poe
37 Paloaltonetworks pa-5550
38 Paloaltonetworks pa-5560
39 Paloaltonetworks pa-5570
40 Paloaltonetworks pa-5580
41 Paloaltonetworks pa-560
42 Paloaltonetworks pa-7500
43 Paloaltonetworks pa-7500-dpc-a
44 Paloaltonetworks vm-100
45 Paloaltonetworks vm-300
46 Paloaltonetworks vm-50
47 Paloaltonetworks vm-500
48 Paloaltonetworks vm-700
1 Siemens ruggedcom_ape1808_firmware
2 Siemens ruggedcom_ape1808
1 Palo_alto_networks pan-os
: Total Affected Vendor : 3 | Products : 51
Scoring
CVSS Scores
The Common Vulnerability Scoring System is a standardized framework for assessing the severity of vulnerabilities in software and systems. We collect and displays CVSS scores from various sources for each CVE.
Score Version Severity Vector Exploitability Score Impact Score Source
CVSS 3.1 CRITICAL [email protected]
CVSS 4.0 CRITICAL d6c1279f-00f6-4ef7-9217-f89ffe703ec0
CVSS 4.0 HIGH d6c1279f-00f6-4ef7-9217-f89ffe703ec0
CVSS 4.0 CRITICAL [email protected]
Solution
Patch Palo Alto Networks PAN-OS to fix arbitrary code execution.
  • Update PAN-OS software to the latest version.
  • Secure User-ID portal access per guidelines.
  • Restrict access to trusted internal IP addresses only.
Public PoC/Exploit Available at Github

CVE-2026-0300 has a 20 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

References
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2026-0300.

URL Resource
https://security.paloaltonetworks.com/CVE-2026-0300 Mitigation Vendor Advisory
https://cert-portal.siemens.com/productcert/html/ssa-967325.html Third Party Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-0300 US Government Resource
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2026-0300 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2026-0300 weaknesses.

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Profile Photo
ridhinva/CVE-2026-0300-PANOS-RCE

PAN-OS User-ID Captive Portal Buffer Overflow RCE Scanner & Checker

Python

Updated: 4 days, 12 hours ago
0 stars 0 fork 0 watcher
Born at : May 22, 2026, 8:44 p.m. This repo has been linked 1 different CVEs too.
Profile Photo
ridhinva/Trending-Exploits-May-2026

Actively exploited CVE scanners from CISA KEV + Twitter trends - Drupal SQLi, PAN-OS RCE, Android ADBD, GHE RCE, BeyondTrust, Defender, and more

Python

Updated: 4 days, 12 hours ago
0 stars 0 fork 0 watcher
Born at : May 22, 2026, 8:42 p.m. This repo has been linked 11 different CVEs too.
Profile Photo
ridhinva/hermes-vuln-tools

May 2026 trending CVE scanners - PAN-OS, WordPress, BeyondTrust, GHE, ingress-nginx

Python

Updated: 4 days, 14 hours ago
0 stars 0 fork 0 watcher
Born at : May 22, 2026, 7:34 p.m. This repo has been linked 20 different CVEs too.
Profile Photo
lu4m575/CVE-2026-0300

CVE-2026-0300 PAN-OS 12.1, 11.2, 11.1, 10.2

Python

Updated: 5 days, 12 hours ago
0 stars 0 fork 0 watcher
Born at : May 21, 2026, 8:39 p.m. This repo has been linked 1 different CVEs too.
Profile Photo
bob-reis/claude-pentest-skills

Coleção de skills de segurança ofensiva para Claude Code metodologia PTES completa com AWS/IAM (WorstAssume), pfSense (27+ CVEs), Active Directory, Web Attacks, Palo Alto PAN-OS, AI Agent Audit e LLM Security Testing. Integra AIRecon, Watchtower e hexstrike-local MCP

Python

Updated: 6 days, 7 hours ago
2 stars 1 fork 1 watcher
Born at : May 18, 2026, 7:21 p.m. This repo has been linked 9 different CVEs too.
Profile Photo
gcve-eu/gcve-eu-ai-extension

Auto expand CVE and GCVE records with AI assisted interfaces

ai-assisted cve gcve vulnerabilities vulnerability

Python

Updated: 1 week, 1 day ago
1 stars 0 fork 0 watcher
Born at : May 17, 2026, 1:07 p.m. This repo has been linked 1 different CVEs too.
Profile Photo
mistertha/security-news-vercel

Static Docsify cybersecurity news digest deployed on Vercel

HTML Python

Updated: 1 week, 1 day ago
0 stars 0 fork 0 watcher
Born at : May 14, 2026, 1:53 p.m. This repo has been linked 3 different CVEs too.
Profile Photo
ByteWraith1/CVE-2026-0300

None

Updated: 2 weeks, 1 day ago
0 stars 0 fork 0 watcher
Born at : May 11, 2026, 10:12 a.m. This repo has been linked 1 different CVEs too.
Profile Photo
pierre1500/claude-tech-watch

Elite Engineering Intelligence Brief — a 24-hour strategic analysis of emerging signals across AI Engineering, DevSecOps, Cybersecurity, Distributed Systems, Cloud Infrastructure, Data Engineering, Realtime Architectures, and Autonomous AI Agents.

Updated: 2 weeks, 3 days ago
0 stars 0 fork 0 watcher
Born at : May 8, 2026, 12:42 p.m. This repo has been linked 4 different CVEs too.
Profile Photo
forkaizen2023-sys/Vulnerabilidades-Cr-ticas-Mayo-2026

Guía de Remediación Urgente

Updated: 2 weeks, 5 days ago
0 stars 0 fork 0 watcher
Born at : May 7, 2026, 2:13 p.m. This repo has been linked 2 different CVEs too.
Profile Photo
p3Nt3st3r-sTAr/CVE-2026-0300-POC

None

Python

Updated: 2 weeks, 5 days ago
3 stars 3 fork 3 watcher
Born at : May 6, 2026, 11:56 p.m. This repo has been linked 1 different CVEs too.
Profile Photo
shizuku198411/CVE-2026-0300

PAN-OS CVE-2026-0300 Non-Destructive Exposure Survey Tool

cve cve-2026-0300 paloalto paloaltonetworks pan-os

Python

Updated: 2 weeks, 6 days ago
0 stars 0 fork 0 watcher
Born at : May 6, 2026, 9:47 p.m. This repo has been linked 1 different CVEs too.
Profile Photo
bannned-bit/CVE-2026-0300-PANOS

Security Research and Proof-of-Concept (PoC) for CVE-2026-0300 : Unauthenticated Remote Code Execution (RCE) in Palo Alto Networks PAN-OS User-ID Portal.

cve-2026-0300 exploit palo-alto pan-os rce

Python

Updated: 2 weeks, 6 days ago
0 stars 0 fork 0 watcher
Born at : May 6, 2026, 2:14 p.m. This repo has been linked 1 different CVEs too.
Profile Photo
TailwindRG/cve-2026-0300-audit

Read-only audit tooling for CVE-2026-0300 (PAN-OS User-ID Authentication Portal exposure)

Python

Updated: 2 weeks, 6 days ago
0 stars 0 fork 0 watcher
Born at : May 6, 2026, 10:57 a.m. This repo has been linked 1 different CVEs too.
Profile Photo
0xBlackash/CVE-2026-0300

CVE-2026-0300

Python

Updated: 2 weeks, 6 days ago
0 stars 0 fork 0 watcher
Born at : May 6, 2026, 9:57 a.m. This repo has been linked 1 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2026-0300 vulnerability anywhere in the article.

  • The Cyber Express
CERT-In Urges Firms to Patch Critical Vulnerabilities Within 12 Hours Amid AI Threat Surge

India’s Computer Emergency Response Team, Indian Computer Emergency Response Team, has introduced a new cybersecurity framework urging organizations to patch critical security vulnerabilities in inter ... Read more

Published Date: May 27, 2026 (45 minutes ago)
  • The Cyber Express
Critical ChromaDB Flaw Exposes AI Vector Databases to Remote Code Execution

The security issue tracked as CVE-2026-45829, often referred to in analysis as ChromaToast Served Pre-Auth, affects the open-source vector database ChromaDB. ChromaDB is widely used for semantic searc ... Read more

Published Date: May 20, 2026 (1 week ago)
  • The Hacker News
ThreatsDay Bulletin: PAN-OS RCE, Mythos cURL Bug, AI Tokenizer Attacks, and 10+ Stories

Everything is still on fire. This week feels dumb in the worst way — bad links, weak checks, fake help desks, shady forum posts, and people turning supply chain attacks into some cursed little game fo ... Read more

Published Date: May 14, 2026 (1 week, 5 days ago)
  • CybersecurityNews
Palo Alto PAN-OS 0-Day Exploited to Execute Arbitrary Code With Root Privileges on Firewalls

A critical vulnerability in Palo Alto Networks PAN-OS is putting enterprise firewalls at risk, allowing unauthenticated attackers to execute arbitrary code with root privileges. Tracked as CVE-2026-03 ... Read more

Published Date: May 14, 2026 (1 week, 5 days ago)
  • Daily CyberSecurity
Nginx Releases Critical Update: Six Vulnerabilities Patched in New Stable Version

The web infrastructure world received a major wake-up call today as nginx-1.30.1 was released to address a suite of six security vulnerabilities. These flaws range from high-severity arbitrary code ex ... Read more

Published Date: May 14, 2026 (1 week, 5 days ago)
  • Daily CyberSecurity
Critical IKEv2 Buffer Overflow and CAS Bypass Hit Palo Alto PAN-OS

Palo Alto Networks has released a series of important security updates addressing multiple vulnerabilities across its PAN-OS software. The most alarming of these is a buffer overflow in IKEv2 processi ... Read more

Published Date: May 14, 2026 (1 week, 6 days ago)
  • The Cyber Express
Exim BDAT Vulnerability Exposes Email Servers to Remote Attacks

A newly revealed Exim BDAT vulnerability is affecting some email server setups that use Exim as their Mail Transfer Agent (MTA), prompting security attention due to its severity. Tracked as CVE-2026-4 ... Read more

Published Date: May 14, 2026 (1 week, 6 days ago)
  • The Cyber Express
Microsoft May 2026 Patch Tuesday Fixes 120 Vulnerabilities, No Zero-Day Exploits Reported

Microsoft has rolled out its May 2026 Patch Tuesday security updates, delivering fixes for approximately 120 vulnerabilities across Windows, Microsoft Office, networking services, and enterprise platf ... Read more

Published Date: May 13, 2026 (2 weeks ago)
  • TheCyberThrone
CISA adds CVE-2026-6973 | Ivanti EPMM Authenticated RCE to KEV Catalog

May 10, 2026OverviewCISA has added CVE-2026-6973 to the Known Exploited Vulnerabilities catalog, giving federal civilian agencies until May 10, 2026 to remediate the flaw. The vulnerability is an impr ... Read more

Published Date: May 10, 2026 (2 weeks, 2 days ago)
  • SentinelOne
The Good, the Bad and the Ugly in Cybersecurity – Week 19

The Good | Courts Sentence Karakurt Ransomware Negotiator & Two DPRK IT Worker Scheme Facilitators Federal authorities have successfully secured a nearly nine-year prison sentence for Deniss Zolotarjo ... Read more

Published Date: May 08, 2026 (2 weeks, 4 days ago)
  • SentinelOne
The Good, the Bad and the Ugly in Cybersecurity – Week 19

The Good | Courts Sentence Karakurt Ransomware Negotiator & Two DPRK IT Worker Scheme Facilitators Federal authorities have successfully secured a nearly nine-year prison sentence for Deniss Zolotarjo ... Read more

Published Date: May 08, 2026 (2 weeks, 4 days ago)
  • The Cyber Express
The Cyber Express Weekly Roundup: EU AI Act Updates, Malware Expansion, Critical Vulnerabilities, and Rising Cybercrime Trends

In this weekly roundup from The Cyber Express, the global cybersecurity landscape continues to show rapid and uneven change, shaped by both regulatory shifts and escalating cyber threats. Governments ... Read more

Published Date: May 08, 2026 (2 weeks, 4 days ago)
  • The Cyber Express
Dirty Frag Linux Vulnerability Exposes Major Distributions to Root Access Attacks

A newly disclosed local privilege escalation (LPE) vulnerability known as Dirty Frag is raising serious concerns across the Linux ecosystem after researchers revealed that the flaw can grant root acce ... Read more

Published Date: May 08, 2026 (2 weeks, 5 days ago)
  • CybersecurityNews
CISA Warns of Palo Alto PAN-OS Vulnerability Exploited to Gain Root Access

CISA has issued an urgent warning regarding a critical vulnerability in Palo Alto Networks PAN-OS. Tracked as CVE-2026-0300, this severe security flaw was recently added to CISA’s Known Exploited Vuln ... Read more

Published Date: May 07, 2026 (2 weeks, 5 days ago)
  • TheCyberThrone
Google 148 Stable Channel Released with 127 Bug fixes

OverviewGoogle has released Chrome 148 to the stable channel, delivering one of the largest security update batches in the browser’s history — patching 127 vulnerabilities across Windows, macOS, and L ... Read more

Published Date: May 07, 2026 (2 weeks, 5 days ago)
  • The Hacker News
PAN-OS RCE Exploit Under Active Use Enabling Root Access and Espionage

Palo Alto Networks has disclosed that threat actors may have attempted to unsuccessfully exploit a recently disclosed critical security flaw as early as April 9, 2026. The vulnerability in question is ... Read more

Published Date: May 07, 2026 (2 weeks, 5 days ago)
  • security.nl
Lek in firewalls Palo Alto Networks sinds begin april misbruikt bij aanvallen

Een kritieke kwetsbaarheid in firewalls van Palo Alto Networks is sinds begin april misbruikt bij aanvallen, zo heeft het securitybedrijf zelf bekendgemaakt. Updates voor het beveiligingslek zijn nog ... Read more

Published Date: May 07, 2026 (2 weeks, 5 days ago)
  • CybersecurityNews
Palo Alto Networks Firewall Zero-Day RCE Vulnerability Exploited in the Wild Since April

A critical zero-day vulnerability in Palo Alto Networks PAN-OS software has been actively exploited by a likely state-sponsored threat actor since at least April 2026, the company revealed in a securi ... Read more

Published Date: May 07, 2026 (2 weeks, 5 days ago)
  • The Cyber Express
CISA Launches CI Fortify to Defend Critical Infrastructure From Nation-State Cyber Threats

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has launched a new initiative called “CI Fortify” aimed at helping critical infrastructure operators prepare for disruptive cyberattack ... Read more

Published Date: May 07, 2026 (2 weeks, 6 days ago)

Results are limited to the first 20 news articles due to potential performance issues.

The following table lists the changes that have been made to the CVE-2026-0300 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE CISA KEV Update by 9119a7d8-5eab-497f-8521-727c672e3725

    May. 13, 2026

    Action Type Old Value New Value
    Changed Required Action 2026-05-06 2026-05-06
  • Modified Analysis by [email protected]

    May. 12, 2026

    Action Type Old Value New Value
    Added CPE Configuration AND OR *cpe:2.3:o:siemens:ruggedcom_ape1808_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:siemens:ruggedcom_ape1808:-:*:*:*:*:*:*:*
    Added Reference Type siemens-SADP: https://cert-portal.siemens.com/productcert/html/ssa-967325.html Types: Third Party Advisory
  • CVE Modified by 0b142b55-0307-4c5a-b3c9-f314f3fb7c5e

    May. 12, 2026

    Action Type Old Value New Value
    Added Reference https://cert-portal.siemens.com/productcert/html/ssa-967325.html
  • Initial Analysis by [email protected]

    May. 07, 2026

    Action Type Old Value New Value
    Added CVSS V3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    Added CPE Configuration AND OR *cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:*:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:*:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h6:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h3:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h1:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:-:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h8:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.2.2:*:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:-:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:-:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h2:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h3:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h4:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h5:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h7:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h9:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h10:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:-:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h1:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:-:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h1:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h4:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h12:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h16:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h19:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h7:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h21:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h2:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:-:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h1:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h2:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h9:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:*:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h12:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h14:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.5:*:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:*:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.1:*:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.7:-:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.7:h1:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h17:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h18:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h21:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h27:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h10:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h16:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h3:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h4:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h5:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h7:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:10.2.16:-:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:10.2.16:h1:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:10.2.16:h4:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:10.2.18:-:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h24:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:-:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:h1:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:h4:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:h5:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:h7:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h13:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h15:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h17:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h18:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h25:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h1:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h10:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h14:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h17:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h19:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h2:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h20:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h21:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h22:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h3:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h4:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h6:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h7:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.2.10:-:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.2.10:h1:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h10:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h11:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h12:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h4:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h5:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h6:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h7:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h8:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h9:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:-:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h1:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h2:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h3:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h4:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h7:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:12.1.2:*:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h5:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h16:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h14:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:10.2.17:-:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:*:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h30:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h31:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:*:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:*:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h18:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:10.2.14:*:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:10.2.15:*:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:10.2.16:h6:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:10.2.18:h1:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:10.2.18:h5:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:*:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:*:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:*:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:*:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:*:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h32:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:*:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:*:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h27:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h32:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h23:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h25:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h29:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:h10:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:h12:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:h21:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:h9:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.11:*:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.12:*:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.13:-:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.13:h1:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.13:h2:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.13:h3:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.14:-:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.7:h2:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.7:h4:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.8:*:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.1.9:*:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.2.0:*:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.2.1:*:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.2.3:*:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.2.10:h2:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.2.10:h3:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.2.10:h4:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.2.10:h5:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.2.11:-:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h15:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.2.5:*:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.2.6:*:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h10:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h11:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h12:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h8:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.2.8:*:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:11.2.9:*:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:12.1.3:*:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:12.1.4:-:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:12.1.4:h2:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:12.1.4:h3:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:12.1.5:-:*:*:*:*:*:* *cpe:2.3:o:paloaltonetworks:pan-os:12.1.6:-:*:*:*:*:*:* OR cpe:2.3:h:paloaltonetworks:pa-5445:-:*:*:*:*:*:*:* cpe:2.3:h:paloaltonetworks:pa-5440:-:*:*:*:*:*:*:* cpe:2.3:h:paloaltonetworks:pa-5430:-:*:*:*:*:*:*:* cpe:2.3:h:paloaltonetworks:pa-5420:-:*:*:*:*:*:*:* cpe:2.3:h:paloaltonetworks:pa-5410:-:*:*:*:*:*:*:* cpe:2.3:h:paloaltonetworks:pa-1410:-:*:*:*:*:*:*:* cpe:2.3:h:paloaltonetworks:pa-1420:-:*:*:*:*:*:*:* cpe:2.3:h:paloaltonetworks:pa-410:-:*:*:*:*:*:*:* cpe:2.3:h:paloaltonetworks:pa-410r:-:*:*:*:*:*:*:* cpe:2.3:h:paloaltonetworks:pa-410r-5g:-:*:*:*:*:*:*:* cpe:2.3:h:paloaltonetworks:pa-415:-:*:*:*:*:*:*:* cpe:2.3:h:paloaltonetworks:pa-415-5g:-:*:*:*:*:*:*:* cpe:2.3:h:paloaltonetworks:pa-440:-:*:*:*:*:*:*:* cpe:2.3:h:paloaltonetworks:pa-445:-:*:*:*:*:*:*:* cpe:2.3:h:paloaltonetworks:pa-450:-:*:*:*:*:*:*:* cpe:2.3:h:paloaltonetworks:pa-450r:-:*:*:*:*:*:*:* cpe:2.3:h:paloaltonetworks:pa-450r-5g:-:*:*:*:*:*:*:* cpe:2.3:h:paloaltonetworks:pa-455:-:*:*:*:*:*:*:* cpe:2.3:h:paloaltonetworks:pa-455-5g:-:*:*:*:*:*:*:* cpe:2.3:h:paloaltonetworks:pa-455r-5g:-:*:*:*:*:*:*:* cpe:2.3:h:paloaltonetworks:pa-460:-:*:*:*:*:*:*:* cpe:2.3:h:paloaltonetworks:pa-501:-:*:*:*:*:*:*:* cpe:2.3:h:paloaltonetworks:pa-505:-:*:*:*:*:*:*:* cpe:2.3:h:paloaltonetworks:pa-510:-:*:*:*:*:*:*:* cpe:2.3:h:paloaltonetworks:pa-520:-:*:*:*:*:*:*:* cpe:2.3:h:paloaltonetworks:pa-540:-:*:*:*:*:*:*:* cpe:2.3:h:paloaltonetworks:pa-545-poe:-:*:*:*:*:*:*:* cpe:2.3:h:paloaltonetworks:pa-5450:-:*:*:*:*:*:*:* cpe:2.3:h:paloaltonetworks:pa-550:-:*:*:*:*:*:*:* cpe:2.3:h:paloaltonetworks:pa-5540:-:*:*:*:*:*:*:* cpe:2.3:h:paloaltonetworks:pa-555-poe:-:*:*:*:*:*:*:* cpe:2.3:h:paloaltonetworks:pa-5550:-:*:*:*:*:*:*:* cpe:2.3:h:paloaltonetworks:pa-5560:-:*:*:*:*:*:*:* cpe:2.3:h:paloaltonetworks:pa-5570:-:*:*:*:*:*:*:* cpe:2.3:h:paloaltonetworks:pa-5580:-:*:*:*:*:*:*:* cpe:2.3:h:paloaltonetworks:pa-560:-:*:*:*:*:*:*:* cpe:2.3:h:paloaltonetworks:pa-7500:-:*:*:*:*:*:*:* cpe:2.3:h:paloaltonetworks:pa-7500-dpc-a:-:*:*:*:*:*:*:* cpe:2.3:h:paloaltonetworks:pa-3410:-:*:*:*:*:*:*:* cpe:2.3:h:paloaltonetworks:pa-3420:-:*:*:*:*:*:*:* cpe:2.3:h:paloaltonetworks:pa-3430:-:*:*:*:*:*:*:* cpe:2.3:h:paloaltonetworks:pa-3440:-:*:*:*:*:*:*:* cpe:2.3:h:paloaltonetworks:vm-100:-:*:*:*:*:*:*:* cpe:2.3:h:paloaltonetworks:vm-300:-:*:*:*:*:*:*:* cpe:2.3:h:paloaltonetworks:vm-50:-:*:*:*:*:*:*:* cpe:2.3:h:paloaltonetworks:vm-500:-:*:*:*:*:*:*:* cpe:2.3:h:paloaltonetworks:vm-700:-:*:*:*:*:*:*:*
    Added Reference Type Palo Alto Networks, Inc.: https://security.paloaltonetworks.com/CVE-2026-0300 Types: Mitigation, Vendor Advisory
    Added Reference Type CISA-ADP: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-0300 Types: US Government Resource
  • CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

    May. 06, 2026

    Action Type Old Value New Value
    Added Reference https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-0300
  • New CVE Received by [email protected]

    May. 06, 2026

    Action Type Old Value New Value
    Added Description A buffer overflow vulnerability in the User-ID™ Authentication Portal (aka Captive Portal) service of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets. The risk of this issue is greatly reduced if you secure access to the User-ID™ Authentication Portal per the best practice guidelines https://knowledgebase.paloaltonetworks.com/KCSArticleDetail by restricting access to only trusted internal IP addresses. Prisma Access, Cloud NGFW and Panorama appliances are not impacted by this vulnerability.
    Added CVSS V4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N/E:A/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:C/RE:M/U:Red
    Added CWE CWE-787
    Added Reference https://security.paloaltonetworks.com/CVE-2026-0300
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CVSS
Vulnerability Scoring Details
Base CVSS Score: 9.3
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Base CVSS Score: 9.8
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact