CRITICALZero Day
Global

Threat Brief: Exploitation of PAN-OS Captive Portal Zero-Day for Unauthenticated Remote Code Execution

·Source: Unit 42 (Palo Alto)

Updated:

Executive Summary

Unit 42 details CVE-2026-0300, a buffer overflow vulnerability in the PAN-OS User-ID Authentication Portal. Read now for details. The post Threat Brief: Exploitation of PAN-OS Captive Portal Zero-Day for Unauthenticated Remote Code Execution appeared first on Unit 42 .

Analysis

Unit 42 details CVE-2026-0300, a buffer overflow vulnerability in the PAN-OS User-ID Authentication Portal. Read now for details. The post Threat Brief: Exploitation of PAN-OS Captive Portal Zero-Day for Unauthenticated Remote Code Execution appeared first on Unit 42 .

Indicators of Compromise (1)

CVE (1)
CVE-2026-0300
NVDMITRE CVE
Source Attribution

Originally published by Unit 42 (Palo Alto) on May 7, 2026.

Related Threats

CRITICALZero Day

Palo Alto Networks firewall flaw has been exploited for several weeks

Palo Alto Networks warns that a critical zero-day vulnerability has been discovered in the PAN-OS firewall system. The vulnerability has already been exploited by suspected state-sponsored hackers for nearly a month, reports Bleeping Computer . The vulnerability, CVE-2026-0300, is located in the User-ID Authentication Portal (also known as the Captive Portal) and allows attackers to execute code w

CVE-2026-0300
CSO Online
CRITICALZero Day

Breach Roundup: Microsoft Edge Turns Passwords Into Targets

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/breach-roundup-microsoft-edge-turns-passwords-into-targets-image_small-5-a-31629.jpg" align=right hspace=4><b>Also, Taiwan Rail Hack, Massive DDoS Attack and Karakurt Jail Sentence</b><br>This week, Microsoft Edge exposed passwords, Taiwan police make arrests in high-speed rail hack and a 2.45 billion-request DDoS attack. A Karaku

Bank Info Security
CRITICALZero Day

Ivanti customers confront yet another actively exploited zero-day

Attackers are hitting a frequent target in the network edge space, intruding victim networks through a defect in a widely used mobile endpoint security product. The post Ivanti customers confront yet another actively exploited zero-day appeared first on CyberScoop .

CyberScoop