CRITICALVulnerability
Verified
Global

NVD CRITICAL: CVE-2026-0300 — A buffer overflow vulnerability in the User-ID™ Authentication Portal (aka Capti...

·Source: NIST NVD

Updated:

Executive Summary

A buffer overflow vulnerability in the User-ID™ Authentication Portal (aka Captive Portal) service of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets. The risk of this issue is greatly reduced if you secure access to the User-ID™ Authentication Portal

Analysis

A buffer overflow vulnerability in the User-ID™ Authentication Portal (aka Captive Portal) service of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets. The risk of this issue is greatly reduced if you secure access to the User-ID™ Authentication Portal per the best practice guidelines https://knowledgebase.paloaltonetworks.com/KCSArticleDetail by restricting access to only trusted internal IP addresses. Prisma Access, Cloud NGFW and Panorama appliances are not impacted by this vulnerability. CVSS Score: 9.8. Published: 2026-05-06T19:16:35.730.

Indicators of Compromise (1)

CVE (1)
CVE-2026-0300
NVDMITRE CVE
Source Attribution

Originally published by NIST NVD on May 6, 2026. Verified by: NIST.

Related Threats

LOWVulnerability

Dirty Frag: Using the Page Caches as an Attack Surface

Dirty Frag is a Linux local privilege escalation (LPE) chain published on May 7, 2026. It combines two previously unknown kernel vulnerabilities can allow an unprivileged local user to escalate to root on many major Linux distributions. As of May 8, 2026, CVE-2026-43284 had been patched in mainline Linux, while public reporting indicated that CVE-2026-43500 […]

CVE-2026-43284CVE-2026-43500
Qualys Blog
LOWVulnerability

cPanel, WHM Release Fixes for Three New Vulnerabilities — Patch Now

cPanel has released updates to address three vulnerabilities in cPanel and Web Host Manager (WHM) that could be exploited to achieve privilege escalation, code execution, and denial-of-service. The list of vulnerabilities is as follows - CVE-2026-29201 (CVSS score: 4.3) - An insufficient input validation of the feature file name in the "feature::LOADFEATUREFILE" adminbin call that could result

CVE-2026-29201
The Hacker News
MEDIUMVulnerability

ISMG Editors: The Battle Over Access to Frontier AI Models

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/ismg-editors-battle-over-access-to-frontier-ai-models-image_small-10-a-31644.jpg" align=right hspace=4><b>Also: Washington's AI Policy Divide, FDA's Push for AI-Driven Clinical Trials</b><br>In this week's panel, four ISMG editors discussed the battle over who gets to access powerful AI cybersecurity models, policy issues unfoldin

Bank Info Security